Safeguard your business against cyber attacks caused by human error

October is Cybersecurity Awareness Month, a dedicated month for the public and private sectors to work together to raise awareness about the importance of cybersecurity. This year’s theme is how to keep yourself cyber safe.

As the world becomes more reliant on digital technology, businesses, both large and small, face a growing risk of cyber attacks. A frequent weak point that attackers target is mistakes made by employees. This blog will outline effective strategies to keep your business safe.

Human error is an ever-present risk in cybersecurity. Whether it’s clicking on a suspicious link, falling victim to a phishing scam, or inadvertently sharing sensitive information, employees can unintentionally open the door to cyber threats.

IBM Security X-Force Threat Intelligence Index 2023 revealed that attempts to hijack threads in emails doubled in 2022 from the 2021 data, which highlights that cybercriminals are exploiting the human error factor within a system. The research also showed that ransomware was the most common attack, accounting for 17% of all incidents. Phishing emerged as the preferred choice for cybercriminals, with over 40% of all attacks employing this deceptive tactic.

Cyber attack cases due to human error

Victims felt the pressure in 27% of cyber attacks. This is why cybercriminals often focus on their extortion efforts. One notable example of such extortion tactics was demonstrated by the digital extortion gang Lapsus$ in early 2022. This group, which had surfaced in December, launched an extensive hacking spree, targeting high-profile and sensitive companies like Nvidia, Samsung, and Ubisoft.

They stole valuable source code and data and leaked it as part of their apparent extortion schemes. Their spree peaked in March when Lapsus$ announced its successful breaches of Microsoft Bing and Cortana source code. The group also compromised a contractor who had access to the widely used authentication service Okta. These attackers, suspected to be based in the United Kingdom and South America, primarily relied on phishing attacks to gain entry into their targets’ systems.

In February 2021, one of Silicon Valley’s oldest and renowned venture capital firms, Sequoia Capital, was hacked. This occurred due to human error. The hackers were able to access the company’s investors’ financial and personal information. The attack succeeded after one of the company’s employees was victim to a phishing email.

In August 2019, Toyota Boshoku Corporation, a subsidiary of Toyota Group in Europe, suffered a massive attack that cost the company almost $40 million. The attackers used a fraudulent fund transfer to steal from the company. They were able to use the funds after posing as a business partner. The hackers then sent phishing emails to the finance and accounting departments of the company.

Effective strategies to combat cyber attacks and human error

Cyber attacks are becoming more sophisticated. As IBM’s report showed, human error remains a significant vulnerability. To safeguard your company’s sensitive data and maintain your reputation, it’s imperative to implement robust cybersecurity measures such as:

1. Comprehensive employee training

The first line of defense against cyber threats is a well-informed workforce. Provide your employees with thorough training on cybersecurity best practices. This should encompass recognizing phishing attempts, understanding password hygiene, and staying updated on the latest threats. Regular workshops and seminars can go a long way in keeping your staff vigilant.

2. Strong password policies

Weak or easily guessable passwords are an open invitation to cybercriminals. Encourage the use of complex passwords with a combination of letters, numbers, and special characters. Implement multi-factor authentication (MFA) wherever possible to add an extra layer of security.

3. Regular software updates

Neglecting software updates can leave your organization vulnerable to cyber threats. Outdated software often contains known vulnerabilities that cybercriminals can exploit. To mitigate this risk, make it a standard practice to ensure that all your applications and systems have the latest security patches. Whenever possible, automate this process to reduce the chance of human error or oversight. By staying up-to-date, you not only enhance security but also benefit from improved software performance and functionality.

4. Robust Firewall and EDR/MDR

A reputable firewall paired with an EDR (Endpoint Detection and Response) or MDR (Managed Detection and Response) solution can help strengthen your prevention and response posture . These tools provide continuous monitoring of network traffic, detecting, and promptly addressing malicious activities. Utilize behavioral anomaly detection to identify unusual user behaviors, which can indicate compromised accounts. It’s crucial to maintain and regularly update these security solutions to adapt to your organization’s evolving needs and the ever-changing threat landscape.

5. Data encryption

Sensitive data is cybercriminals’ favorite target, and data breaches can have severe consequences. To protect your critical information, implement encryption protocols. Encryption ensures that data remains indecipherable to unauthorized individuals without the appropriate decryption keys. By applying encryption both in transit (when data is being transmitted between systems) and at rest (when data is stored), you add an extra layer of security.

6. Incident response plan

No organization is immune to security breaches, so it’s vital to prepare for the worst-case scenario. Developing a comprehensive incident response plan helps you outline the steps to take in the event of a security breach. This plan should encompass communication protocols, strategies for containing the incident, and procedures for recovering from it. Being well-prepared minimizes the impact of a breach and demonstrates your commitment to cybersecurity, instilling trust among stakeholders.

7. Regular security audits

Proactive measures are essential to maintain a secure environment. Regularly conducting security audits and penetration testing helps identify vulnerabilities in your systems before cybercriminals can exploit them. Stay ahead of potential threats by identifying weaknesses and addressing them promptly. This proactive approach enhances your overall security posture. This also makes it more difficult for attackers to find and exploit vulnerabilities.

8. Employee accountability

Employees play a crucial role in your organization’s cybersecurity efforts. Hold them accountable for their actions within the digital landscape. Implement user activity monitoring and enforce strict access controls to prevent unauthorized data access. By doing so, you not only reduce the risk of insider threats but also foster a culture of responsibility and security awareness among your workforce. Employees who understand their role in protecting digital assets become valuable allies in the ongoing battle against cyber threats.

9. Vendor security assessment

If your business relies on third-party vendors or cloud services, like Continent 8, assess their security measures rigorously. Ensure they adhere to high cybersecurity standards to prevent potential vulnerabilities throughout your supply chain.

10. Cybersecurity culture

Building a cybersecurity-conscious culture is essential in safeguarding your organization’s digital assets. It involves instilling a sense of vigilance and responsibility in every employee. Encourage all team members to proactively identify and report any suspicious activities they encounter. Recognize and reward those who diligently follow security protocols, as this reinforces the importance of cybersecurity throughout the organization.

11. Continuous education

Cyber threats evolve rapidly, so it’s crucial to stay informed. Encourage your IT team to prioritize continuous education. This means keeping up-to-date with emerging threats and staying informed about the latest cybersecurity technologies. Investing in ongoing training and professional development empowers your IT professionals to effectively combat new and sophisticated cyberattacks. Knowledge is a powerful defense, and a well-informed team can proactively adapt and strengthen your organization’s security measures.

12. Incident documentation and analysis

When a security incident occurs, responding swiftly and methodically is important. After a security incident, document the event and conduct a thorough analysis. This analysis is a valuable learning tool, enabling your organization to make informed decisions about strengthening its security posture. Implement necessary measures to prevent similar incidents in the future, turning each security breach into an opportunity for growth and improved resilience.

RECENT POSTS

ChattyGoblin: A new threat to iGaming and how C8 Secure can help

19 Jul, 2023

The iGaming industry is under a new threat. A malicious campaign, dubbed “ChattyGoblin,” has been targeting Southeast Asian gambling operations since October 2021.

READ MORE

Let’s Get Started

ChattyGoblin: A new threat to iGaming and how C8 Secure, can help

Craig Lusher, Senior Product Specialist – Secure, Continent 8 Technologies

The iGaming industry is under a new threat. A malicious campaign, dubbed “ChattyGoblin,” has been targeting Southeast Asian gambling operations since October 2021. The threat actors, backed by China, have been using chatbots to target customer support agents of these companies. This article will discuss the ChattyGoblin threat in detail and highlight how Continent 8 and C8 Secure’s products and services can help protect our customers in the iGaming industry.

The ChattyGoblin campaign was first identified by researchers at ESET. The threat actors primarily rely on Comm100 (first identified by CrowdStrike) and LiveHelp apps to carry out their attacks. In one particular attack in March 2023, a chatbot was used to target a gambling company in the Philippines. The initial dropper deployed by the attackers was written in C#, named agentupdate_plugins.exe, and was downloaded by the LiveHelp100 chat application. The dropper deploys a second executable based on the SharpUnhooker tool, which then downloads the ChattyGoblin attack’s second stage, stored in a password-protected ZIP archive. The final payload is a Cobalt Strike beacon using duckducklive[.]top as its C&C server.

The ChattyGoblin campaign is a clear example of the evolving threat landscape in the Asian iGaming industry. As the industry changes and evolves in the region, so do the motives and techniques of threat actors. This is where our products and services come into play.

We offer a range of cybersecurity solutions that can help protect our customers from threats like ChattyGoblin. Our Security Operations Center (SOC) and Security Information and Event Management (SIEM) services provide round-the-clock monitoring and threat detection. By continuously monitoring network traffic and analysing event data, our SOC/SIEM services can identify suspicious activities and respond to threats in real-time, thereby preventing or minimising damage.

In addition to our SOC/SIEM services, our Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR) services provide comprehensive protection for endpoints. These services can detect and respond to threats on endpoints, such as workstations and servers, where the ChattyGoblin attack initiates. By monitoring endpoints and responding to threats quickly, we can prevent the initial dropper from deploying and stop the attack in its track and before it moves laterally.

Furthermore, our Web Application and API Protection (WAAP) service can protect web applications and APIs, which are often targeted in attacks like ChattyGoblin. By protecting these critical assets, we can prevent threat actors from exploiting vulnerabilities and gaining access to our customers’ systems.

The ChattyGoblin campaign and other similar Artificial Intelligence (AI) based attacks represent a significant threat to the iGaming industry. However, with the right security measures in place, this threat can be effectively managed. At Continent 8, we are committed to providing our customers with the highest level of protection. Our SOC/SIEM, EDR/MDR, and WAAP services are designed to detect and respond to threats quickly and effectively, ensuring our customers can operate safely and securely.

As we continue to navigate the evolving threat landscape, it is essential to stay ahead of the curve. This requires not only robust security measures but also a commitment to continuous learning and adaptation.

At Continent 8 and through C8 Secure we are dedicated to staying at the forefront of cybersecurity trends and threats, ensuring we can provide customers in the iGaming industry with the most effective and up-to-date protection. As part of this commitment, we will continue to monitor and analyse threats like ChattyGoblin, adapting our services as necessary to provide the best possible protection for our customers.

RECENT POSTS

Securing a decentralized future: The importance of cybersecurity in Web3

7 Jun, 2023

The dawn of the decentralized web is upon us, and the rise of Web3 technology is a testament to this fact. Web3 is an alternative to today’s highly censored internet and is becoming increasingly popular, which calls for urgent measures to ensure that the foundation of this revolution remains secure and trustworthy.

READ MORE

Let’s Get Started

Securing a decentralized future: The importance of cybersecurity in Web3

Patrick Gardner, Managing Partner at C8 Secure, a Continent 8 company

The dawn of the decentralized web is upon us, and the rise of Web3 technology is a testament to this fact. Web3 is an alternative to today’s highly censored internet and is becoming increasingly popular, which calls for urgent measures to ensure that the foundation of this revolution remains secure and trustworthy.

The emergence of Web3 technology has created an opportunity for financial technology (Fintech) companies to innovate and provide new services like decentralized finance (DeFi) networks, decentralized social trading systems, asset tokenization, cross-border payment solutions and smart contracts.

It is expected that the Web3 market will reach a cumulative valuation of $81.5 billion by 2030, growing at a compound annual growth rate of 43.7%. However, since Fintech has started to catch up with the growing popularity of Web3 technology, cybersecurity, especially, has become a significant concern.

Propelled by blockchain technology and decentralized networks, Web3 envisions a world where users have full control over their data, decentralization fosters inclusivity, and intermediaries no longer dictate terms of use. However, despite the robust security measures associated with these technologies, numerous nefarious third-party entities have infiltrated blockchain systems. In 2021 alone, $2 billion was lost due to various blockchain protocols being hacked. Additionally, over the first three-quarters of 2022, bad actors were able to gross more than $3 billion as part of 125+ compromises.

These numbers are concerning as they suggest that despite the belief that cryptocurrency blockchain systems possess top defenses, they are not immune to attacks. Hackers can continue to use various attack vectors, such as smart contract exploits, phishing, and rug pulls, to inflict significant financial damage to crypto users globally.

As the Web3 market continues to grow, there is a need for a more collaborative approach to cybersecurity for Fintechs. With C8 Secure, developers can delegate security concerns when building Web3 applications so they can focus on other aspects like tokenomics and regulatory complexities.

How Web3 impacts cybersecurity

As the Fintech industry increasingly adopts Web3 technologies, it can realize significant cybersecurity benefits if implemented correctly. These benefits have the potential to fundamentally change the way we approach security and privacy in the digital realm. A few key advantages Web3 offers are decentralization of data across multiple nodes in a blockchain, data immutability, transparency and traceability, self-sovereign identities, privacy preserving technologies and trustless environments.

At the same time, Web3 also poses new challenges for cybersecurity. For instance, smart contracts on a blockchain can have security vulnerabilities that hackers can exploit including re-entrancy attacks, integer overflow, and underflow, among others. Once deployed on the blockchain, these contracts are immutable, meaning errors cannot be easily fixed, making rigorous testing and auditing crucial.

In addition, cybercriminals can exploit smart contracts through social engineering attacks, such as phishing, that trick users into giving their private keys or other credentials. Because of its popularity, cryptocurrency phishing has become a separate category of cybercrime with a 40% YoY increase.

In late December, it was reported that a record-breaking $3.7 billion was stolen in digital-asset-related attacks. Hackers stole $3.4 million worth of GMX tokens from a DeFi user in early January.

These security risks require Web3 Fintech companies to ensure their smart contract solutions are thoroughly tested and audited by trusted cybersecurity providers, like C8 Secure. Emphasizing secure coding practices, comprehensive auditing, continuous monitoring and layered threat prevention controls are vital to mitigating these risks

Another attack type that can harm blockchain networks is the distributed denial-of-service (DDoS) attack. Blockchain DDoS attack happens when the attacker overwhelms the network with excessive traffic, eventually blocking legitimate transactions.

If a crypto exchange is under a DDoS attack, it will see a decreased trading volume. An exchange could lose $21,000 per hour when an attack stops all trading activity. A significant volume of DDoS traffic originates from SSDP amplification and application layer attacks.

Continent 8 Technologies has been protecting its customers from DDoS attacks for almost two decades. In fact, in December 2022 it observed one of the longest sustained attacks that the internet has ever seen. It lasted for an incredible nine days against 145 different customers.

C8 Secure offers various measures to prevent DDoS attacks, including upstream filtering on a large scale, network edge filtering, and volumetric DDoS scrubbing based on thresholds and ratios. With these combined solutions, C8 Secure can effectively mitigate large-scale attacks and provide top-notch protection.

Deterring Web3 cyber attacks

Although blockchain networks have distributed protection, they are not entirely resistant to cyber threats. Most often than not, especially against DDoS, their robustness depends on the number of nodes, diversity, and hash rate in the network. Implementing measures like regular audits, vulnerability scans, and application testing – services that companies such as C8 Secure offer – can help uncover potential exposure points and reinforce network security.

While it’s true that a decentralized network is more resistant to integrity attacks, the associated applications with more traditional cybersecurity weaknesses are not. Vulnerabilities can reside in several areas: attackers can exploit weaknesses in code, discover software vulnerabilities in web applications and APIs, take advantage of flaws in the container or cloud workload configurations, and even deploy bots to launch credential stuffing and DDoS attacks.

For many Fintechs, the expansion of Web3 raises security concerns, despite the technology’s immutable and transparent ledger and complex consensus protocols. To reduce these risks and operate safely in Web3 while complying with various regulations, Fintech can turn to cybersecurity companies.

For example, cybersecurity companies can offer solutions that analyze large amounts of on- and off-chain crypto data to detect fraudulent behavior and flag suspicious wallets. Such companies can also develop secure and robust code that automates financial processes in Web3 and the broader financial sphere.

That’s why partnering up with an established cybersecurity solutions provider, like C8 Secure, who alongside Continent 8 Technologies has over 25 years of experience protecting many of the most targeted sectors, will take your security posture to another level.

Learn more about C8 Secure’s solutions, here.

RECENT POSTS

5 Steps to Reduce Your Risk of a Ransomware Attack

23 Feb, 2023

Listening to the news, you would be correct in being concerned about the extreme levels of ransomware attacks across the world. And, more importantly, whether your company is prepared to weather such an attack.

READ MORE

Let’s Get Started