In the past two years, attackers have managed to penetrate the systems of 78 percent of German companies. This is shown by the “Data Risk Management” study by Veritas Technologies. What's particularly concerning is that AI tools like WormGPT make it easier for attackers to refine their social engineering attacks through AI-generated phishing emails.
But that's not all: AI-controlled, autonomous ransomware attacks will continue to occur more frequently in 2024. Below, Veritas explains the effective methods and proven tips for defending against cyberattacks, especially with regard to ransomware.
Password hacking
Cybercriminals exploit security gaps and get hold of other people’s passwords. Brute force attacks, password lists from the dark web and common passwords such as “Password123” enable quick access to secured systems. To guess passwords based on personal information from social media, many hackers use social engineering methods. After a successful login, they bypass security controls and carry out lateral attacks to access critical data.
Therefore, passwords must be updated regularly, be at least twelve to 14 characters long and contain a combination of upper and lower case letters, numbers and symbols.
Phishing attacks
Cybercriminals often trick distracted employees into clicking malicious links. These links are used specifically to distribute malware, sabotage systems, or steal intellectual property. Various communication channels such as emails, text messages, social media and telephone calls are used for this purpose. A commonly used method is spear phishing. The attackers use information about a company or an employee to pose as a trustworthy source.
Actively training and encouraging employees to proactively adopt safety practices is critical. One focus is on training to recognize phishing methods and social engineering tactics.
Stolen passwords
User data, especially passwords, are often offered on the DarkWeb. The sale is lucrative. In order to get sensitive information, cybercriminals like to use the tactic of “shoulder surfing”. They observe how their victim enters usernames and passwords. After successfully penetrating systems, cybercriminals actively move between different environments to locate business-critical data, confidential information and backup systems. Implementing a company-wide zero trust approach offers companies a high level of protection and minimizes the attack surface.
Best practices include strong identity and access management (IAM) with multi-factor authentication (MFA). It is important to use Role Based Access Control (RBAC), integrate biometrics for improved identification, and leverage hardware security keys. Access to data should only be permitted to authorized users. To increase security, a clear policy to change user and application passwords on a regular basis should be implemented. Integration with privileged access management, such as CyberArk, plays a crucial role here. During data protection operations, critical systems should only actively retrieve passwords. An integration with an identity provider whose solution is based on SAML 2.0 opens up additional authentication options.
Man-in-the-middle attack
Sensitive data can also be stolen through a man-in-the-middle (MitM) attack. Usernames and passwords are intercepted in transit over the network connection. To prevent this type of attack, it is important that data is encrypted both in transit and at rest. Additional strategies include using a key management service with a tamper-resistant hardware security module (HSM) and adhering to cryptographic standards such as FIPS 140. Bring Your Own Encryption Key (BYOK) models make it easier to control and manage encryption keys.
Malicious insider
Insider threats can come from current or former employees. This doesn't always have to be malicious, but can also happen due to negligence - a security vulnerability that is increasingly causing disruptions. Effective countermeasures include access controls and the implementation of minimal rights allocation. Accordingly, employees should only have the access rights that they need for their respective tasks. If an employment relationship is terminated, access rights must be changed.
Companies should also use systems to monitor network activity, file access and other relevant events. Regular audits can be used to identify suspicious activity. “Through comprehensive security solutions, companies not only support their IT professionals, but also strengthen the cyber resilience of their company. A multi-tiered approach with proven practices such as MFA, role-based access controls, data encryption and AI-driven security features is essential,” explains Ralf Baumann, Country Manager at Veritas Technologies. “To minimize downtime in the event of disruptions, recovery environments should be optimized. Therefore, it is critical to use devices that have additional layers of security, including immutable storage and built-in container isolation.”
More at Veritas.com
About Veritas
Veritas Technologies is a leading provider of secure multi-cloud data management. More than 80.000 customers – including 91 percent of Fortune 100 companies – rely on Veritas to protect, restore and ensure compliance with their data.
Matching articles on the topic