Cyber-Security 2018
A Year in Review

Cyber Security 2018: These Were the Most Dangerous Threats

While we were warming ourselves with mulled wine during the not-so white pre-Christmas period and joining the throngs of people hunting for the perfect Christmas gifts, two reports of spectacular Cyber-Crime drifted across the radar screens in late November/early December. They related to the announcement of a Cyber-Attack on the Marriott Hotel group and the industrious Emotet Trojan. It is pretty obvious that the run-up to the festive season would be a lucrative time for Cyber-Criminals. Let me start by pointing out briefly just how much – personally and professionally – we are at risk from Cyber-Crime.

Dark Net – The Final Frontier

It’s hard to find an accurate answer when somebody asks how big the Internet actually is – especially as it doubles in size approximately every two years. Estimates suggest that it will have reached 40 zettabytes by 2020. So this much: 40,000,000,000,000,000,000,000 bytes spread over the 1.24 billion websites that currently exist worldwide.

Reports indicate that the Dark Net is more than 1,000 times bigger than the Internet, and that around half the pages within its ethereal realm are classified illegal: Trading with drugs, weapons, people – as well as Cyber-Crime itself. Ready-made malware (Trojans, ransomware etc.) from the bargain basket. It’s hardly surprising that the cost of computer fraud in Germany is estimated to run to a high eight-digit figure. Every year.

Individuals or small businesses that believe they are simply not interesting enough to be victims are grossly negligent. This applies even more to government agencies and big corporations. At this point, I would recommend conducting a self-check at the website spycloud.com, where interested users can enter their email addresses to find out how often they have turned up on the Dark Net. It also indicates the regularity with which the matching domain appears, too. I once used the site to check a personal Hotmail account. And I was horrified to find out that the combination of my email address and one of my previous passwords had indeed cropped up on the Dark Net. It really opened my eyes and put an end to the mistaken belief that “I would be fine”. And if you get a hit on the page, then consider for a moment whether you use the password somewhere else as well. The next step is to come up with new passwords for all your accounts as quickly as possible. “123456”, “password” and “qwert” are not particularly bright ideas, by the way. The ranking of the most popular passwords still fails to betray a whole lot of ingenuity. So let your imagination run riot! Or let me ask: Do you just leave you door key dangling from the handle for everyone to see once you have locked up your home? – I didn’t think so!

Ideally, the perfect password should look like you randomly banged your head on the keyboard. But things get a little tricky when you use different passwords for your various accounts and are then expected to remember them all. Here’s a little tip: Think up a sentence that features a number, for instance: “We spent our 2-week vacation in Greece.” Then you take the first letters of each word to create your new password, so in this case: Wso2wviG. But this is just the first building block. The second one is an abbreviation for the account itself, for instance TWI for Twitter. Finally you add a special character to separate the two parts, which in our example could be something like: Wso2wviG?TWI.

Marriott – Victims of one of the World’s BBiggest Cyber-Heists

The Marriott hotel chain – which owns the Westin, Sheraton, Le Méridien and others – announced on November 30, 2018 that it had fallen prey to a large-scale Cyber-Attack, which it first noticed in September. It involved the theft of data belonging to around 500,000 guests of the subsidiary brand Starwood, including personal details, ID numbers, credit card data and more … And while the search for perpetrators is in full swing (latest development: US investigators accuse the Chinese secret services), speculation abounds on the possible and probable consequences of this attack. Stolen personal details are perfect for identity theft. Swiped email addresses that can be assigned to particular persons can be attacked using targeted phishing mails. All of us, at some stage or other, have received an email (“Please confirm your password”) alleging that there has been a security-critical incidence relating to your PayPal (or other) account. One thing’s for sure, there are enough people out there who get duped by these messages.

Investigators currently suspect that data has actually been siphoned off since 2014 and that it remained undiscovered the whole time. Apparently the attackers even managed to steal tools to access encrypted data, meaning that all the information is available in a readable form.

Besides the reputational damage, Marriott will now have to steel itself for some extremely painful sanctions. The punishments under the General Data Protection Regulation (GDPR) alone will be hefty. Let’s remember: Fines can be as much as 4% of global revenues in the past financial year. In 2017, Marriott reported figures of just under US$23 billion.

The investigations are currently focused on identifying which methods were used to mount the attack. But let’s be honest: How will it be possible to determine that, four years down the line? At some stage, somewhere, someone will have launched a quite harmless attack that remained undetected by humans and machines.

Emotet – The Invisible Enemy in the System

Experts from Trend Micro discovered the Trojan Emotet in 2014. It is still wreaking havoc in an ever-increasing number of mutations. One of its most recent victims: Fürstenfeldbruck Clinic, which suffered a complete IT outage that lasted more than a week in mid-November. Although the repercussions were fairly moderate in this case, it is still strongly reminiscent of successful ransomware attacks (encryption Trojans) that rendered the data at hospitals in Neuss and Arnsberg completely unreadable.

How does Emotet proceed? – Emotet uses a mechanism known as spear phishing, which means it attacks its victims deliberately and by name. It conceals malware in attached files or links that point to malicious websites. But Emotet does not operate in an isolated sense either, and instead downloads other kinds of malware from the Internet as well.

What makes the Trojan so perfidious is that the emails it uses to transport its malware seem to be written by persons from the potential victim’s address book. In turn, this means that not only will Emotet need to know the email addresses of friends, colleagues and business partners etc., it will also have to be aware of the relationships and the ways in which the various partners communicate. Only then will it be able to personalize the emails.

So Emotet is present in the system at a much earlier stage, remaining inactive, hidden, patiently eavesdropping on the flow of communication throughout the network (lateral data traffic). Even sandbox solutions have trouble identifying Emotet. So what can be done? Only a combination of smart security technology and increased awareness throughout the workforce can provide effective protection. Virus scanners on their own are essentially powerless, although you should on no accounts take this as encouragement to uninstall your scanning software! It’s a bit like a safety belt in a car: It cannot stop you having an accident, but not wearing one would be hugely negligent. Modern security uses behavioral pattern recognition and analysis, looks for possible vulnerabilities and anomalies in the network. But all of that can be tossed out the window as soon as an employee is gullible enough to carelessly open a file attachment. So employees need to be more attentive and exercise healthy distrust for security to work properly.

Need to Reconsider Your IT Security strategy?

Get in touch with us and discuss the topic together with our experts.

Discover our Managed Security solutions
  • Friday 18 January 2019

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment

Author

Dirk Frießnegg, Solution Advisor IT Security

Dirk Frießnegg Solution Advisor IT-Security

Endpoint security against modern threats such as Ransomware

Related Articles

Cyber-Security Bulletin September 2019
  • 17 September 2019
  • Bala Sethunathan
  • Cyber Security Updates, Managed Security
  • Security, Cyber-Security

Cyber-Security Updates – September 2019

This month’s edition informs about latest data breaches, a data-stealing Android malware, a master decryption key provided by the FBI, and cyber-threat intelligence updates such as multi-stage attack delivering backdoor to turn Elasticsearch…

Proactive Configuration Management: The Key to Good Cybersecurity
  • 11 September 2019
  • Bala Sethunathan
  • Managed Security
  • Security, Cyber-Security

Proactive Configuration Management: The Key to Good Cybersecurity

Prioritize and protect mission critical assets with the help of our security expert team to build a proper cybersecurity strategy

Three Differences Between On-Premise and Cloud Security
  • 04 September 2019
  • Bala Sethunathan
  • Managed Security
  • Cloud, Security

Three Differences Between On-Premise and Cloud Security

To enable enhanced cloud security, organizations must understand the cloud’s fundamental differences from an on-premise environment.