As-A-Service Expands, Buckle Up Your Seatbelt.

Cybercrime is a thriving high reward low-risk business model, and it can be summed up easily with just-$.

In the past, there were various obstacles to overcome in order to get into the cybercriminal game. The ‘original cybercriminals’ ran a centralized operation which images (7)owned the servers and constructed malicious software (malware) from scratch.

This business model proved to be incredibly expensive to operate and exceedingly time-consuming; in order to make a substantial profit, large organizations were the only option.

However, similar to other ecosystems, the cybercriminal ecosystem continues to evolve. obrela-security-industries-8-638Today,  it is a distributed system where anyone with an agenda can simply rent, lease or purchase an ‘as a Service,’ services and ‘cash in’ on their crimes.

Some of the more of the well-known as a Service, services include:

  • Malware as a Service (MaaS)
  • Distributed Denial of Service as a Service (DDoSaaS)
  • Ransomware as a Service (RaaS)
  • Hacking as a Service (HaaS)
  • Money Laundering as a Service (MLaaS) to name a few.

The distributed system requires less effort because the criminals take advantage of the current ‘trends’ including the ‘human factor,’ where one in three individuals within an organization, regardless of training, will click on a phisher’s email and/or ‘low-hanging fruit’ otherwise known as the persons or organizations that despite all the warnings incur the risks with sub-par security, found easily by an exploit kit. Rather than deploying sophisticated and expensive Zero-Day attacks, now, any endpoint becomes a potential source of revenue.

As a Service, services is a flourishing business model run on the black markets found on the DarkNet such as the TOR network. TOR is a technological revolution in the ddasfacilitation of cybercrimes, because of the anonymity under which groups are able to operate.

Cybercriminals commit crimes directly against individuals, organizations, or governments through means such as malware attacks.

Direct methods are when resources are taken directly from the victim including

The criminals also attack in indirect manners including identity theft and fraud.

Indirect methods involves information obtained covertly from the victim which can be sold on the DarkNet including

The introduction of the cloud computing as a Service, services paradigm has brought abundant 3bjbp2xc-1323738953advantages to the information technology industry but also greater opportunities for cybercriminals.

Cybercriminals no longer need to rely on their own skills and assets to carry out exploits.

Several of these services include

  • Infrastructure as a Service (IaaS) provides the rental of servers and storage devices.
  • Software as a service (SaaS) provides the infrastructure enabling the dynamic production of applications.
  • Data as a Service(DaaS) Data is stored in the cloud and is accessible by a range of systems, and devices.
  • Platform as a Service( PaaS) allows users to develop, run and manage applications without the complexity of building and maintaining expensive infrastructure and the space required to develop and launch applications.

These cloud-based technologies afford cybercriminals with greater flexibility, greater resource management and agility in the furiously-paced technological environment allowing for even-more-dangerous and aggressive exploits.

Cybercriminals have taken full advantage of these services because they eliminate the need to maintain their own infrastructure, they can facilitate better operational security (OpSec) which adds a layer of obfuscation between the cybercriminals and the organizations hunting them while efficiently creating and distributing their malware attacks.

Another fuel for as a Service is the rise and popularity of cryptocurrencies. Cryptocurrency iscrypto-currency_market_capitalizations digital money that utilizes a decentralized, peer-to-peer (P2P) payment network thus making it harder to discover criminal activity.

The most utilized form of cryptocurrency is Bitcoin.

Bitcoin is used globally for legitimate organizations but is better know for the criminal exploits.

The topic of Bitcoin would not be complete without addressing the processes of Tumbling. Tumbling essentially adds an additional layer of anonymity to block attempts to track and uncover Bitcoin transactions. There are multiple ways to Tumble Bitcoins including

  • Multiple Wallets Cybercriminals creates a wallet via TOR and adds Bitcoins to it. Atop-crypto-currency-wallets-03 second wallet is created, again, utilizing TOR, and moves the funds into the second wallet. Last but not least, a third wallet is created, and the funds are moved again, thus confusing the trail of transactions between the three wallets making attribution almost impossible.
  • Third Party Services DarkNet organizations offer services in order to launder howitworksbitcoins which add a ‘proprietary obfuscation technology’ that breaks the link to the source of the funds and prevents any blockchain analysis tracking bitcoin transactions.

The DarkNet is an encrypted network built on top of the DarkWeb. Two typical DarkNet Deep-Web-Dark-Webtypes are P2P used for file sharing and networks such as TOR for anonymity.

Tor-EncryptionTOR which is short for ‘The Onion Router,’ provides anonymity to its users by bouncing the user’s communications around a distributed network of relays worldwide; TOR also prevents tracking of what sites are visited, prevents the sites visited, from learning the user’s physical location, and allows access to .onion sites ranging from legal to absolutely illegal. TOR can be used on Windows, Mac OS X, or Linux without any additional software.

As with all things as a Service, where there is a need, service providers seem willing to satisfy it. Moreover, as long as the return on investment (ROI) remains high, the expectation for continued investment into even more resources in order to unleash greater numbers of cybercrimes on the broadest possible range of targets will continue. Buckle up your seatbelt.  

                                                 Prevention Guidelines

  • Use strong passwords- Eight characters. Include upper and lower case letters, Numbers and Special Characters (!@#$%^&*(
    • Adding just one capital letter, and one special character changes the Brute Force processing time for an 8 character password from 2.4 days to 2.10 centuries. Think about that!passwords
  • Never write your password on a sticky for an intruder to find.
  • Group the sites you visit into categories, i.e. business, personal, sensitive, and use a password for each category.
  • Activate your Firewall- it is the first line of defense.
  • Use your Anti’s
    • Anti-Virus
    • Anti-Malware
    • Anti-Spyware
  • Secure your Mobile Devices-They are just as vulnerable as your computer.
  • Install the latest OS updates.
  • Download Applications and Attachments FROM TRUSTED SOURCES ONLY.
  • Delete all unknown e-mails.
  • Use encryption for all your sensitive data.
  • Use HTTPS for all your transactions.
  • Backup your data frequently and store it in multiple locations.

Cybersecurity is a shared responsibility. Stop. Think. Connect.

It’s A Brave New Bot-Filled World, With Great Possibilities And Even Greater Risks

‘Bots’ short for robots, are essential to the Internet ecosystem. It is estimated that more than 60 percent of botwebsite traffic is not human, but bots. Bots are essentially software programs that perform automated, repetitive, pre-defined tasks.  These tasks can include almost any interaction with software that has an Application Program Interface (API).

There are many varieties of bots. Some are just basic programs that execute physical work such as ‘Crawlers’ who run continuously in the background, primarily procuring data from other APIs or websites. Then there are specialized crawlers called ‘Spiders’ that extract URLs from documents, download the content and then pass it off to an indexing system to analyze, and construct into searchable indexes like Googlebot. Some only monitor e-commerce websites for price changes, and still, countless others, monitor for site errors, bugs, and performance issues. However this is not the end of the story, but merely just the beginning.

The evolution of bots focuses on the boundless possibilities and opportunities for both businesses and individuals. Add in Artificial Intelligence (AI), Machine Learning (ML), and Natural Language Processing (NLP) all of which enable greater accuracy in understanding both spoken and typed words are bringing never-before-imagined levels of personalization and predictive assistance to generations of mobile-intuitive consumers who are content and self-assured with messaging as a communication paradigm.

These smarter bots have a unique server-side processing component that allows seamless interaction as they are able to understand and respond to queries balanced with a live network for assistance. We interact with these bots through Mobile messaging and/or Chatbots. These natural language interfaces enable retailers, restaurants, and multitudes of other companies to communicate with customers in an innovative and compelling way from hailing a cab, ordering takeout, designing that unique pair of shoes, or paying your credit card bill.

Then there are the autonomous bots, the most rapidly accelerating bot space which includes the Internet of Things (IoT) devices encompassing the self-driving car; to  ‘Amy Ingram,’ a virtual assistant; to Amazon’s Delivery Drones. These bots will eventually require zero human intervention to their jobs.

In contrast, no conversation about bots would be complete without an overview of the Malicious bots which are capable of causing enormous damages to organizations network infrastructures, reputations, brands or their bottom lines.

As technology advances and becomes more easily accessible, bots are becoming the go-to tool of choice for cybercriminals accounting for over 80 percent of all cyberattacks. Add in human characteristics from AI, and these bots become harder to detect by the authorities. While other malicious software corrupts and damages the infrastructure of their targets, these advanced bots are also known as ‘Impersonators’ infect networks in a way that escapes the immediate notice, and the damages can quickly run into the millions.

Here’s how it works: Cybercriminals use Social Engineering techniques such as Phishing, spam, or malicious websites to entice users to download and install various forms of malware, i.e., malicious software including

Traditional-Botnet

A malicious bot, also known as a “Zombie,’ not unlike a worm, is self-propagating malicious software designed to infect a host and connect to a C&C or central command and control server(s). Bots are part of a network of infected computers, known as a ‘botnet,’ which can stretch across the globe controlled by a ‘botnet herder.’

No network is immune.

Once the botnet infiltrates, they go to work logging keystrokes, collecting passwords, amassing e-mails, gathering financial information, spreading spam, capturing and analyzing packets, hijacking servers, and launching Distributed Denial of Service (DDoS) attacks.

DDoS attacks are an ever-growing threat to businesses, growing in both scope and DDos-attack-modeoccurrence every year. Moreover, they are becoming harder to thwart because the attacks are allocated across sundry public anonymous proxies including TOR enabling the substitution of users’ IP addresses with untraceable proxies.

A discussion of impersonators would not be complete without the mention of Googlebot-again. These imposter bots gain privileged access and capture tons of sensitive, valuable online information. Additionally, they are utilized for DDoS attacks. According to the folks at Incapsula, ‘1 out of 25 bots are up to no good.’ Source: Incapsula

two-faces-of-google-dr-crawlit-mr-hack

Cybersecurity is often described as an arms race, Security professionals vs. Cybercriminals. Both sides are tirelessly working to stay ahead of each other. When one side finds a newer more resilient defense, the other side develops a shrewder more destructive offense. What was a sure thing today, is sure to be old news tomorrow. Never stop learning.

Protecting yourself and your organization requires immediate action. 

  • Never open e-mails from unknown senders.
  • Never download attachments or click on links from unknown senders.
  • Never click on pop-ups.
  • Never insert an unknown USB stick into your PC, Laptop, etc.
  • Never store sensitive or critical data only on your PC. Have at least two backups– an external hard drive and in the cloud.
  • Adjust your browsers’ security and privacy settings.
  • Use an HTTPS connection for all credit card transactions.
  • Keep your operating system and software up to date.
  • Never log in as an administrator. Rather choose a guest with limited privileges.
  • Removed outdated plugins and add-ons.
  • Disable ActiveX content in Microsoft Office applications.
  • Block TOR and I2P.
  • Disable remote desktop.
  • Use an anti-virus product.
  • Use a traffic filtering solution that can provide proactive anti-ransomware protection.
  • Block binaries running from %APPDATA% and %TEMP% paths.
  • Work with the C-Suite to enact social engineering awareness training for all employees.
  • Consider a Computer Incident Response Team (CIRT), based on the organization’s needs and available sources.
  • Have a tested business continuity plan in the event of any cyberattack.

P.S., I am not a bot annie2

Cybersecurity is a shared responsibility. Stop. Think. Connect.

Computers have and will continue to impact our lives.

pexels-photo-90807

Computers have become indispensable in our lives. Below find a compilation of the Good, the Bad, and the Absolute ugly specifics about how computers have and will continue to impact our lives.

The Good

  • TheIntel 4004 was the first 4-bit CPU microprocessor designed for a calculator. The computer has come a very long way in a short time.
  • The Apollo 11 Lunar Landing which voyaged to the moon, had less processing power than today’s smartphone.
  • The first “The Dirty Dozen” was, in fact, a group of 12 engineers who designed the IBM PC.
  • Apple, HP, and Microsoft have one very thought-provoking thing in common – they were all started in a garage.
  • Simple static electricity, so trivial that individuals just ignore it, can destroy computer circuitry.
  • It took the World Wide Web (WWW) approximately four years to reach 50 million users. In comparison, it took over 38 years for radio and 14 years for television.

 The Bad

  • The password for the computer controls of nuclear-tipped missiles of the U.S. was 00000000 for nearly two decades.
  • 70% of virus writers work under contract for organized crime syndicates.
  • Every month there are more than 5000 new computer viruses released.
  • There are 200+ BILLION email messages sent daily, 80% are spam.
  • Estimates suggest that the average employee receives approximately 21 spam messages every day and it takes nearly 16 seconds to delete them.
    • In dollars, those 16 seconds equals nearly $712 USD over the course of a year.
    • If you multiply the number of employees in your company by $712, the consequences of spam are astonishing.
      • 100 employees = $71,000
      • 10,000 employees = $7,120,000
      • 50,000 employees = $35,600,000
      • 300,000 employees = $213,600,00
      • U.S. companies who employee more than 300,000 people represents two-thirds of the U.S. GDP with $12 trillion in revenues, $840 billion in profits, $17 trillion in market value, and employ 27.9 million people worldwide.

Absolute Ugly

  • Wombat 2016 State of the Phish found that click rates vary per industry, with telecommunications and professional services clicking phishing emails more than other industries.85% of organizations suffered a phishing attack in 2015
    • Up 13% from 2014
    • 60% said the rate has increased.
  • More than 30% of malicious emails opened.
  • The PhishMe Q1 2016 malware report concludes that the #1 delivery vehicle for malware is email attachments.
  • Cloudmark reports that the average incident cost of a spear fishing attack is $1.6 million.

A few rules to follow: Always double-check the email address. Make sure you hover over hyperlinks to see the destination URL. Not sure about an email? Check with the sender. Never enable macros on any attachment.

Cybersecurity is a shared responsibility. Stop. Think. Connect.