Arctic (Were)Wolf warns: Beware of cyber monsters at Halloween
- Written by Mark Thomas, Director, Security Services – ANZ, Arctic Wolf
Every October, all sorts of spooky ghosts and monsters come out to scare their neighbourhoods on Halloween. But while trick-or treating is just harmless fun one night a year, cybercriminals who are up to their mischief 365 days a year can provide a real fright for businesses. And because October is not only Halloween month, but also Cyber Security Awareness Month, here’s an overview of the top cybersecurity monsters.
Shapeshifters: identity thieves with a thousand faces
Werewolf or vampire - what's so threatening about these creatures is that they can disguise their true identities and thus go about their business unnoticed. Masters of metamorphosis also exist in cyberspace: hackers have perfected identity theft. Through phishing and social engineering, they obtain access data with which they pretend to be someone else in order to fraudulently gain access to other people's networks, siphon off data or initiate transfers to their own accounts. In line with the Zero Trust principle, the motto here is: trust no one, check everything. Identity and access management solutions enable comprehensive controls and protection of access.
Data suckers: from inside criminals to ransomware
This species is not only active at night and in the moonlight but is on the hunt for valuable data at any time, either to sell it on the dark web or to blackmail companies with it. Ransomware has been a popular attack strategy for several years now. The data suckers gain access to networks and company systems through social engineering and clever manipulation of employees or by exploiting vulnerabilities in order to then extract data and information. But beware: perpetrators who are after data treasures can also lurk within the company. Role-based access controls can help.
Ghost(ing): when security alarms are ignored
The term ghosting is familiar mainly from interpersonal relationships: For example, when a friend simply stops checking in or doesn't respond to messages. A similar phenomenon can also be observed in IT, when teams no longer respond to alerts from their security solutions. The reason here, however, is not a lack of interest or personal "disgruntlement," but overload in the face of the gigantic flood of unqualified alerts. The teams lack the personnel and technical capacities to follow up on all security alerts. Instead, they switch to a "ghosting" mode and ignore the alerts; important security notices remain unprocessed. This is also referred to as "alert fatigue. "This is dangerous and makes it easier for attackers to play their criminal game. External security partners for security monitoring and threat detection and response, such as Arctic Wolf, can pre-qualify alerts and ensure that the affected teams only receive relevant warnings.
The undead live longer: "sleeper" malware
This approach is particularly insidious: hackers are increasingly using so-called "sleeper" software to hide malicious code in systems, networks or mobile devices. This "sleeper" malware is patient and only waits for the right moment to strike with full force. This can happen after a defined period of time or after specified actions, such as launching a certain program. Because the harmful potential of these "timing bombs" only unfolds after a longer incubation period, it is difficult to identify them.
Zombie apocalypse: IT experts at the edge of their endurance
When systems send several hundred alerts in a day alone, the IT team is understaffed, and IT generalists instead of experts are responsible for IT security, overwork and burnout are a real risk - not to mention the cyber risk that arises when relevant security alerts are not followed up and the strategy is not continuously adapted to current cyber developments. To avoid turning employees into "zombies" and compromising IT security, companies can position themselves for the long term by outsourcing their IT security or 24/7 monitoring to external SOC-as-a-Service partners who bring not only the necessary technology but also human support in the form of a concierge security team.
Brute force: brute force attacks
There are many different types of hackers and cybercriminals. While some black hats specifically target large and particularly lucrative companies, less experienced and technically savvy perpetrators attempt broad-based attacks, e. g., using ransomware-as-a-service models available on the dark web or in the form of so-called "brute force attacks," in which they use automated software to decrypt passwords, personal identification numbers (PINs) and other login data through trial and error. It's not elegant, but it still often leads to success. And these examples also show that no company is safe from these attack tactics, because this is where sales are made through mass. However, with targeted awareness training and password hygiene guidelines, companies can significantly reduce the risk of falling victim to such an attack.
The common logic to keep oneself safe against spooky monsters is that one should carry garlic against vampires, protective gear against zombies, and leverage Arctic Wolf against hackers: With a security partner, companies of all sizes can build reliable cyber protection, with SOC-as-a-Service, 24/7 security monitoring, managed detection and response, and a concierge security team that works with the IT team to continuously monitor and adapt cyber protection according to the latest developments in the threat landscape.
In this way, even small and medium-sized enterprises can stand up to the shadowy creatures from the dark web and the bogeymen of the cybercrime scene.
There’s plenty of reasons to be scared of the dark, but this spooky season, let Arctic Wolf light the way.