Five cyber hygiene practices to protect against cybercrime and ransomware
Learn five essential cyber hygiene steps you can take to defend against ransomware and cybercrime. By putting these in place, you can stop a range of threats.
When it comes to cyberattacks, size doesn’t matter; even the biggest players are susceptible to attacks.
Officials in the United Kingdom recently arrested seven people connected to the Lapsus$ hacker coalition that had been levying attacks against NVIDIA, Samsung, Microsoft, and Okta. The attackers, all between the ages of 16 and 21, have been released but remain under investigation.
Okta was severely impacted, as hundreds of customers, totaling around 2.5% of its client base, suffered a breach. The hackers gained access to Okta’s internal network around two months before the attack was revealed. Lapsus$ posted screenshots of some of Okta’s applications and systems.
The role third parties play in cyberattacks
The breach was blamed on a subprocessor, a company named Sykes that's responsible for customer support functions. Sykes is owned by an organisation named Sitel.
Lapsus$ hackers infiltrated Sitel’s network and stayed there for five days between 16th-21st January 2022. At that point, they were identified and kicked out of the network, but not before compromising the accounts of hundreds of customers.
These hackers, though young, have extensive experience. Authorities in the UK reported that at least one of them was involved in an attack on video game producer Electronic Arts.
Another attacker, who is suspected to live in Brazil, was so skilled that researchers initially thought their attacks were being launched using automation.
What’s the best way to protect your organisation from Lapsus$ and other advanced, skilled, determined hackers?
Despite the range of cybersecurity technologies and services available today, your defence system starts with relatively simple cyber hygiene. Attackers often look for the easiest possible targets, and these are typically people, organizations, or computers that don’t have baseline protections in place.
Here are five cyber hygiene measures you can take to block attackers.
What is cyber hygiene?
Cyber hygiene refers to security practices instituted by individuals and organisations to regularly check and maintain the cyber health of users, networks, devices, and data.
The objective of a cyber hygiene program is to secure sensitive data, protect it from attacks or theft, and safeguard critical systems used in daily operational activities.
Five best practices on cyber hygiene that go a long way
Five of the most effective best practices to establish and maintain cyber hygiene include:
• Password hygiene
• Using multi-factor authentication on your devices
• Security software
• Encryption
• A firewall
Password hygiene
A strong password is one of your best defences against cyberattacks, primarily because weak passwords have often been revealed in security breaches.
Cybercriminals sell huge collections of stolen passwords that can be used by other malicious actors to launch a brute force attack, which is when a hacker tries many passwords again and again to guess the right one. If your password is weak, there’s a likely chance it’s in one of the lists that attackers use to hack accounts.
By using very difficult passwords with nonsensical phrases or combinations of letters, numbers, and characters, you greatly reduce the chances of yours showing up on a hacker’s list.
Multi-factor authentication
With multi-factor authentication, anyone trying to access your devices has to have more than one set of credentials to verify their identity.
For example, if they know your password, they may also have to answer a question or present biometric data, such as a fingerprint or facial scan. If they can’t do this, they aren’t allowed to access the device.
Multi-factor authentication makes it extremely hard for attackers to get into a device even if it’s left lying around and they have the password, but you can make this technique even more effective. One way is to periodically change your password or the fingerprint you use to access your devices.
For example, if an attacker successfully replicates your index fingerprint and tries to use it to get into your laptop but you had recently changed your access credential to your pinky fingerprint, they wouldn’t be able to get in.
Security software
Security software is effective, not just because it uses the latest technology, but also because it’s based on the most recent threat intelligence.
You can get security software that automatically updates itself with the profiles of threats that have recently been introduced to the landscape, which enables your system to spot and stop these kinds of attacks.
So let's say a hacker has been sending fraudulent emails containing a link to a fake website set up to steal users’ financial account details. Email security software that's been updated with the IP addresses the attacker uses can spot the dangerous communication and reject it.
Similarly, the content and behaviours of a wide range of attacks are fed into security software solutions, giving you access to the most recent protections. Here are some of the more popular options:
• Cortex Xpanse by Palo Alto Networks
• Cisco Umbrella
Encryption
Encryption involves taking the content of a communication and turning it into unreadable code. It is then unlocked using a digital key on the other end of the communication chain.
This is an effective way of preventing man-in-the-middle attacks, which involve a hacker intercepting data as it’s being sent from one place to another.
If the attacker gets their hands on a message sent to a coworker containing sensitive information, for example, all they would see would be a jumbled set of incomprehensible letters, numbers, and characters.
But because the system decrypts the message for the intended recipient, they can easily read what you sent.
Encryption can use hashing technology that can turn a long, complex set of data, such as a complete novel, into a relatively short combination of letters.
At the same time, it can take a single sentence consisting of, say, three words and turn it into a code of the same length. In this way, encryption makes it nearly impossible to derive the original message.
Firewall
A firewall examines data heading into and exiting your network, scanning its contents to see if it poses a threat. It works by studying the information held within data packets. This refers to the groups of data that, when combined, form a coherent message, audio file, video file, application, or set of code.
When you send a message to someone, it gets divided into these packets and they’re “packaged” with headers that dictate where they’re coming from, where they’re going, and the port or point of access they’re using to get there.
By scanning data packets, a firewall can identify potential threats. It then discards the communication before it can infect your computer or someone else’s.
Next-generation firewalls study the behavior of data packets to identify zero-day attacks, which are those that haven’t yet been discovered and logged by a threat detection system. With a firewall, you can protect your device and network, as well as your organisation's, from thousands of attack methods.
DOJ’s action against cybercrime
Fortunately, everyone has a powerful ally in the fight against cybercrime in the Department of Justice (DOJ), which has taken an aggressive stance against cybercriminals.
NetWalker ransomware
Recently the DOJ sent a strong message when it charged a NetWalker affiliate who had managed to escape with $28 million in ransomware-generated funds.
NetWalker is a form of ransomware-as-a-service (RaaS) that helps hackers attack companies, collect the money, and funnel it to criminals in their system. The DOJ's indictment of this NetWalker affiliate represents a significant victory.
A cybercrime organisation by the name of Circus Spider, which may consist of Russian attackers, originally created NetWalker, and their list of victims runs the gamut. For example, NetWalker has been used to target California University’s COVID research center, the Austrian city of Weiz, and K-Electric, the largest private power company in Pakistan.
Maksim Berezan
Another win for the DOJ is the apprehension of Maksim Berezan, a notorious hacker from Estonia, who has participated in hacking activities for years, including ransomware attacks that resulted in losses of $53 million for various entities. Berezan was extradited to the US from Latvia and ordered to repay over $36 million.
Practice cyber hygiene to stop ransomware and other cybercrimes
By using strong passwords, multi-factor authentication, security software, encryption, and a firewall, you can gain the upper hand on attackers like Lapsus$, Circus Spider, and others.
Hackers love targeting people and companies without sufficient protections in place. But by implementing cyber hygiene, you and your organization become a far more difficult target to hit.