Cyber ​​Security: “Everything…

For businesses in particular, cybersecurity is key. The same rules practically apply to individuals, but if there is an intrusion into the company, the result of the attack is, to a greater or lesser extent, the loss of business.

“If we look at the most recent case of an attack on Pop TV, it’s clear that in the event of an infection, the thing will stop working,” explains Tony Gershin, director of the Center for Cyber ​​Security at Anni doo. So he is an excellent interviewer who never runs out of words and examples from practice. “Sometimes we can only talk about traditional viruses when the computer stops working. That’s when we configured it, “broken” it and the thing worked. All this was turned upside down with blackmail viruses when the main target of the attack became money.”

So what is the situation compared to ten years ago?

In the past, the focus of attackers on profits was not clear, as it was difficult to hide the revenue. An attacker or hacker cannot send you a transaction account that transfers money to, as this can be tracked. The expansion of cryptocurrencies has made it easier for attackers to gain access to funds or hide income.

So if we look at the traceability of cryptocurrencies, the situation here is completely different. The hackers tell you which wallet address you have to transfer certain funds to, you get the Transaction ID you send to them, they follow it, and when they receive the transferred money, they transfer it to another 20 wallets in an instant. Nobody can handle this and analyze it.

We monitor some wallets to see how many transactions are made through them. The recorder is from 2017. It was a wallet that we knew about because we made multiple payments on it. It generated $210 million worth of bitcoin at the time. On the one hand, we can really deal with hackers in my home garage, but when you see that someone in your wallet has a lot of transactions and such sums, I can’t believe this is the work of a garage hacker.

The attacks are usually a lock on critical infrastructure, and the attackers want some ransom. What is a ban?

For a company, the best prevention is definitely employee training and advanced backups. Not a copy in the sense of the data server itself, which we have stored somewhere, but advanced backups. In one of the major infections in recent years, it turns out that all backups are encrypted, no matter where the companies have them. These attacks have become very complex. When infection occurs, it does not appear immediately. Hackers wait after intrusion and look around the internal information environment to see how it works. If they encrypt a single computer, they don’t do much, the attackers intend to access and encrypt the data server, shared folders, or “backups”.

If you take a look at the last three or four examples, it was all about encrypting the backup modules. The only solution was to pay. We were unable to recover the data.

Practically, is this usually resolved by payment?

Since we started dealing with this, more than 300 cases have been reported so far. How much have we paid on behalf of clients? At 100 we stopped counting. It is also interesting to note that so far in only two cases we have not received the data again. Here, too, the reasons were known. The most interesting case is when the company was encrypted twice, but they did not know it. I have to knock on the door, but the fact that they will no longer contact us after payment has not occurred to us yet.

So even hackers are monitoring their reputation?

We need to put ourselves in their shoes. If we collect the information that the data will not be returned after payment, we or our customers will also stop the payment. Tell each customer that they must take the risk of not recovering the data. We use various tools to communicate with attackers. If possible, we send them some encrypted test files to send back to us and see if that’s what we really want. Then we negotiate more.

Is employee ignorance often the reason for the attackers’ success? What does working from home bring?

In most cases, lack of employee knowledge is a major factor. We divide it into two parts. The first is user ignorance, and the second is the IT environment. We can take care of security in an IT environment to a certain level. In the past, we installed antivirus software on peripheral devices and thus we solved most of the risks. Unfortunately, antivirus software has not completely succeeded in recent years. So companies started opting to just upgrade endpoint protection. In the meantime, they forgot about other critical points – here they are targeting the next generation of fire barriers. Some have taken care of that as well and shut down all entry points to the internal IT environment, which two years ago was turned on its head with work from home and a large number of mobile users. These paths had to be opened, and when we start to open it up we have to provide an appropriate level of security. Working from home has greatly increased the risk.

The truth is that we can invest a million euros in the security of the IT environment, but if we do not educate the users, we will not do anything.

What about phishing attacks?

Phishing is still a lot and of course it’s getting more and more complex, some of the emails we get are really authentic.

The attack vector in recent years at the level of phishing is increasing. Phishing is the number one type of intrusion in an IT environment. why? The translations are great. These are targeted attacks, the attackers buy the right range and take care of everything. Because of all this, the messages we receive via email are very difficult to detect as fake. Therefore, great emphasis in the company should be placed on protecting the post office itself, which some forget. However, intrusions are also increasing sharply with respect to older applications, which are now very subjective.

Are companies aware of all the risks?

Often, company managers do not realize where all the risks threaten, this is a fact. I only say this from our practice when we have been actively involved in security checks and phishing. The purpose of the security analyzes themselves is to assess the situation and suggest what the company should do, where critical weaknesses are located. You wouldn’t believe the number of cases where the company doesn’t do anything despite knowing about the weaknesses. Even worse, infection occurs, they push, we send it back, we tell them the vulnerabilities they need to fix, and in half a year they call us for the same problem. They don’t take any action at all. Amazing.

How does a hacker decide how much to pay to unlock data?

We need to know that if someone gets into the company system, they know practically everything, including how much the company can pay. In our country, the minimum required amount was $200, and the last amount was $10,000, of course equivalent to a certain cryptocurrency. If they know how to get into the system, they will also be able to go online and find publicly available information about the organization or company. There is no need to detect hot water here.

What can we expect in the future.

It is hard to predict what will happen next week. There will be more and more attacks. Most companies don’t really realize this. Unfortunately the best ads in this field are the injuries that happen, and the fact that the media talks about them a lot. Raising awareness is important.

Even if companies have really well stored data and can recover it after an attack, another problem appears. Hackers will eventually not be able to function the way they serve today. So the next thing is not only to encrypt the data, but also to stream it to yourself. There has been talk of data extortion abroad for many years. Right now, no one is wondering what would happen to this data if it was leaked by unprepared people and they still have it. After all, were they in your system, they could also leave the data side door open.

What do you do after the attack?

When the system rolls back and that data is unlocked, that’s not necessarily the end. Some say they should replace the disks and reinstall the entire system. This can be a huge expense. Everyone should evaluate a reasonable limit for themselves.

The problem is that decision makers cannot know everything. We, as presenters, have also had to change our thinking a few times in recent years, and we will be able to do so in the future if we want to deal with it. In any case, on the one hand, protection is important, multi-level protection, it is necessary to take care of data storage and also to increase employee awareness.

How about assessing the state of the IT environment?

We must not forget this. Cyber ​​security vouchers helped immensely here. The incentives for companies to choose to invest in security are great. Abroad, this practice has been practiced for many years: companies conduct an external security audit at least once a year.

It is also important that this is not always done by the same provider, but that they “alternate” and perform the inspections differently. Every ethical hacker has their own knowledge and procedures. There are many different techniques and procedures, everyone has their own way, so that they can discover something new.

Bitcoin Trader

Bitcoin Trader

Leave a Reply

Your email address will not be published. Required fields are marked *