Cyber Security

Introduction

malware installs in the background, targeting clipboard data and browser information, with persistence tactics. Offered on forums for rent, this iteration aims at macOS users in work settings, underscoring the ongoing threat of XLoader. Vigilance and strong cybersecurity measures remain crucial for macOS protection.

In August 2022, the website of the Finnish parliament encountered a significant cyber incident in the form of a Distributed Denial-of-Service (DDoS) attack, coinciding with an ongoing parliamentary session.

In July 2022, the Belgian government disclosed that it had been subjected to targeted cyber intrusions. Specifically, three distinct Chinese hacker groups, affiliated with established Chinese Advanced Persistent Threat actors, launched sophisticated attacks against Belgian public services and military defense entities. These state-sponsored Chinese threat actors engaged in the illicit acquisition of trade secrets and sensitive intelligence information. Notably, the Soft Cell Chinese group, operating within this context, introduced a novel remote access trojan (RAT) malware variant in June 2022.

PREVENTION OF CYBER ATTACKS

Basic precautions can be taken to prevent cyber-attacks- namely, shrinking data transfers, downloading sensibly, monitoring data leaks, updating device software on time, developing a breach response plan and improving password security.

Fig.2 illustrates some ways of mitigating cyber-attacks.

Fig.4

Artificial Intelligence & Deep Learning

Artificial Intelligence (AI) is being considered as the primary solution provider to address cybersecurity issues. AI technologies deeply analyze systems and keep a real-time check on everything that we perform. It analyzes every small action and this helps to protect systems from threats. AI technologies such as machine learning (ML) and natural language processing (NLP) enable analysts to respond to threats with greater confidence and speed.AI is trained by consuming billions of data sets from both structured and unstructured sources such as blogs and news stories. Through machine learning and deep learning techniques, AI is trained to understand cybersecurity threats and cyber risk.

AI collects information and uses reasoning to identify the relationships between threats, such as malicious files, suspicious IP addresses or insiders. This analysis takes very less time, say just a few seconds or minutes, allowing security personnel to respond to threats immediately.AI eliminates time-consuming research tasks and provides accurate risk analysis. It reduces the amount of time that the security personnel take to make the critical decisions and launch an organized response to remediate the threat. Many big companies have developed their own AI technology to operate their system without any unauthorized interruptions.

Vulnerability Management

The AI-based systems which are highly proactive in detecting the vulnerabilities can analyze patterns and discover loose ends that can be potentially vulnerable. By recognizing the attackers’ pattern, infiltrating methods can be identified, and so it becomes easy to anticipate when and how any vulnerability would make its way to the network or system.

 Improving the Authentication

Modern biometric authentication methods such as face recognition, iris recognition, and login authentication have made systems highly secure. The use of AI in biometrics has made it difficult for cybercriminals to hack systems.

Behavioral Analytics or UEBA (User and entity behavior analytics)

Behavior analytics in cybersecurity involve use of software tools to detect patterns of data transmissions in a network that are not normal. The anomaly would be detected by the analytics tool and alert IT managers, who would quickly stop the cyberattack. This is the programming system that analyzes or keeps a watch on the actions that we perform on a specific platform. Facebook, Instagram, and other social media platforms use this program. Such behavioral analytics are used by enterprises to detect intrusions that elude preventive technologies such as firewalls, intrusion-prevention systems, and antivirus software. While conventional tools match fingerprints or signatures identified in previous attacks, behavioral analytics tools study and report anomalies that are compared to a baseline of normal behavior.

UEBA is a very important component of IT security, allowing one to detect:

• Insider threats: It is not too far-fetched to imagine that employees could go rogue, stealing data and information by using their own access. UEBA can help detect data breaches, sabotage, privilege abuse, and policy violations caused by one’s own staff.
• Compromised accounts: Sometimes, user accounts could become compromised because of the user unknowingly installing malware on their machine, or if, sometimes, a legitimate account is spoofed. UEBA can help isolate spoofed and compromised users before they can do real harm.
• Brute-force attacks: Cloud-based entities and third-party authentication systems may also be targeted by hackers. With UEBA, one can detect brute-force attempts, and help block access to these entities.
• Changes in permissions and creation of super users: Some attacks involve the use of super users. UEBA allows one to detect whenever super users are created thereby avoiding attacks by them, or if unnecessary permissions are granted to accounts.
• Breach of protected data: It is not enough to just keep the protected data secure. It is also important to know if an access is made by a user when there is no legitimate business reason to access the data.

Embedded Hardware Authentication

A PIN and password are just not enough to protect hardware anymore. More frequently, people are experiencing their accounts being operated by unknown entities. Embedded authenticators are now being used to verify a user’s identity.

Intel has demonstrated a breakthrough in this domain by introducing Sixth-generation vPro Chips, which are powerful user authentication chips that are embedded into the hardware itself. The system has multiple organized sets of authentication and levels to secure the device or software. This advanced technology has opened new doors for a secure mode. Intel Authenticate uses a combination of up to three hardened factors at the same time to verify identities: “something you know,” such as a personal identification number; “something you have,” including a mobile phone; and “something you are,” such as a fingerprint. End users can combine factors such as phone proximity, to enable Network Access to log in to domains and VPNs, and “Walk-Away Lock,” which uses presence technology to lock a system when users leave their PC unattended. IT can choose from multiple hardened factors of authentication that are based on company policies, and no longer need to rely solely on employees remembering complicated passwords.

Blockchain Cybersecurity

Blockchain cyber security is one of the latest technologies that is gaining momentum and recognition as a promising mitigation technology for cybersecurity.

Blockchain technology has been designed to be transparent. While offering data security, it is also aimed at maintaining the integrity of the transactions, not its privacy. The responsibility for verifying the authenticity of the data added lies with every member in a blockchain. Blockchains create a near-impenetrable network for hackers and are currently one’s best bet to safeguard data. Therefore, the use of blockchain with AI can establish a robust verification system to keep potential cyber threats at bay.

Securing Private Messaging: Most messaging companies are using blockchain for securing user data as it is a better option to the end-to-end encryption which is currently in use. In the recent past, numerous attacks have been witnessed against social media platforms such as X and Meta. These attacks have caused data breaches with millions of accounts being breached and user information landing in wrong hands. Blockchain technologies, if implemented properly in these messaging systems, may prevent future cyberattacks.

IoT Security: Edge devices, such as thermostats and routers, are also being used by hackers to gain access to overall systems. Taking advantage of the popularity of AI, hackers have been accessing overall systems such as home automation through edge devices like ‘smart’ switches. In most cases, many these IoT devices have sketchy security features. In such cases, blockchains can be used to secure such overall systems or devices by decentralizing their administration. The approach will enable the device to make security decisions on its own. The edge devices have become more secure by quickly detecting and acting on suspicious commands from unknown networks without depending on the central admin.

Securing DNS and DDoS: When users of a target resource, such as a network resource, server, or website, are denied access or service to the target resource, a Distributed Denial of Service (DDoS) attack occurs. These attacks harm the resource systems by shutting or slowing them down.

Comparatively, an intact Domain Name System (DNS) is much centralized, making it a perfect target for hackers who infiltrate the connection between the IP address and the name of a website making the website inaccessible, cashable, and even redirectable to other scam websites. Block chain can be used to diminish such kinds of attacks by decentralizing the DNS entries.

Decentralizing Medium Storage: While business data hacks and theft are becoming a primary cause of concern, most organizations still use the centralized form of storage medium. To access the data stored in these systems, a hacker simply exploits a single unguarded point. Such an attack leaves sensitive and confidential data, in the possession of an offender. By using block chain, sensitive data may be protected by ensuring a decentralized form of data storage. This mitigation method would make it tough for hackers to penetrate data storage systems.

The Provenance of Computer Software: Block chain can be used to ensure the integrity of software downloads to prevent foreign intrusion. Just as the MD5 hashes are utilized, block chain can be applied to verify activities, such as firmware updates, installers, and patches, to prevent the entry of malicious software in computers.

However, in the case of block chain technology, the hashes are permanently recorded in the block chain. The information recorded in the technology is not mutable or changeable; hence block chain may be more efficient in verifying the integrity of software by comparing it to the hashes against the ones on the block chain. Verification of Cyber-Physical Infrastructures: Data tampering, systems misconfiguration along with component failure have harmed the integrity of information generated from cyber-physical systems. However, the capabilities of block chain technology in information integrity and verification may be utilized to authenticate the status of any cyber-physical infrastructures. Information generated on the infrastructure’s components through block chain can be more assuring to the complete chain of custody.

Protecting Data Transmission: In future, block chain technology can prevent unauthorized access to data while in transit. Through complete encryption, data transmission can be secured thereby preventing individuals or organizations from accessing the data.

Diminish Human Safety Adversity caused by Cyber-attacks: Innovative technological advancements have recently seen the roll-out of unmanned military equipment and public transportation. This has been made possible by the Internet that facilitates transfer of data from sensors to remote databases. However, hackers can break in and gain access to networks, such as Car Area Network (CAN). When accessed, the hackers can gain complete control of vital automotive functions. Such incidents may compromise the safety of humans. But through data verification conducted on block chain for any data that goes in and through such systems, many adversities could be prevented.

Internet of Things (IoT)

Increasingly more objects and systems in our lives are becoming embedded with network connectivity and computing power in order to facilitate communication with similarly connected devices or machines. Expanding networking capabilities to all corners of our lives can make us more efficient, help save time and money, and put our digital lives at our fingertips whenever we need it.

Business and government sectors too have also joined the IoT bandwagon. Healthcare has seen huge benefits from patient wearables that monitor vitals and feed valuable information to the healthcare professionals. Manufacturing and industrial sectors have also seen wide adoption of IoT in Industrial Control Systems (ICS) such as SCADA Systems.

The more devices we connect in our lives, the more entry points we make available to threats. When a fridge becomes internet-enabled it can be hacked by cyber criminals, same as a phone or laptop. As the expansion of the IoT market continues, so will the number of potential risks that threaten the performance and safety of devices and the integrity of IoT data.

Internet of Threats

Companies across industries are deploying IoT solutions for improved efficiencies and to garner higher level of visibility. Hackers constantly devise new ways to compromise systems and gain access to data, resulting in navigation systems on connected vehicles or smart medical devices, or any IoT system to become compromised due to hacking.

Securing the IoT Ecosystem

Securing IoT devices is a big challenge. While manufacturers and innovators roll out new products, in the race to reach the market first, security is compromised. Many businesses may not be aware of the vulnerabilities that IoT presents, and this could cause problems.

Be it national power generation and distribution infrastructures or global manufacturing operations, connected IoT sensors and devices can significantly increase operational risks. Besides securing individual IoT devices, organizations also need to ensure that their IoT networks are secure. Thus, it is important to enable only authorized users to gain access to the IoT framework and access control mechanisms, which can be achieved with the help of strong user authentication.

Big Data

The age of big data and cyber security provide both challenges and opportunities for businesses. While big data has opened new possibilities in terms of analytics and security solutions to protect data and prevent cyber-attacks, it has also given cyber criminals the opportunity to access huge amount of sensitive and personal information.

Three main challenges to businesses poised by big data:

• Protecting sensitive and personal information
• Data rights and ownership
• Not having the talent (i.e., data scientists) to analyze the data

While addressing the main challenge of safeguarding information may sound simple, the scale of data that needs to be processed and analyzed in order to prevent cyber-attacks, makes it daunting. According to Computer World, a medium–size network with 20,000 devices (laptops, smartphones, and servers) will transmit more than 50 TB of data during a 24–hour period. This translates to over 5 GBits that needs to be analyzed every second to detect cyber-attacks, potential threats, and malware.

Big data analytics provide cyber security professionals the opportunity to analyze different types of data from various sources and then respond in real time. Big data analytics enables connecting the dots between vast amount of data that is collected from the vast universe, making correlations and connections that may have otherwise been missed.

The benefits offered by big data to businesses are:

• Business intelligence through access to vast data/customer analytics which will help enhance and optimize sales and marketing strategies
• Fraud detection and a Security information and event management (SIEM)systems replacement

Enhancing Big Data Security

Targeting big data sets often has its own pay-offs for cyber criminals.  They have a lot to gain when they go for such a large data set. The companies have a lot to lose when they face a cyber-attack without proper security measures in place.

In order to increase the security around big data, businesses may consider:

• Collaborating with other industry peers to create industry standards, and share best practices
• Attribute-based encryption to protect third-party information
• Hadoop-like secure open-source software
• Maintain and monitor audit logs across all aspects of business

Zero-Trust Model

The Zero Trust model assumes breach and verifies each request as though it originates from an open network instead of assuming that everything behind the corporate firewall is safe. Zero Trust banks on the policy of “never trust, always verify,” regardless of the origin of the request.

Main principles and technologies behind zero trust security

• Attackers exist both within and outside of the network, so no user or machine can be taken for granted.
• Least-privilege access – this means giving users only as much access as they need, like an army general giving soldiers information on a need-to-know basis.
• Micro segmentation, or breaking up security area into small zones to maintain separate access for separate parts of the network. For example, a network with files living in a single data center that utilizes micro segmentation may contain dozens of separate, secure zones. Without separate authorization, a person or program with access to any one of those zones will not be able to access any other zone.

Multi-factor authentication (MFA), requiring more than one piece of evidence to authenticate a user; just entering a password is not enough to gain access. A commonly seen application of MFA is the 2-factor authorization (2FA) used on popular online platforms such as Facebook and Google. With every access request fully authenticated, authorized, and encrypted before granting access, it requires users who enable 2FA for these services to not only enter a password but also enter a code sent to another device, such as a mobile phone, thus providing a two-fold evidence of who they claim to be.

CRITICAL IMPLICATIONS

Hospitals

In the year 2020 a patient died when the IT systems in a German hospital were hacked. While originally the hackers had planned to attack Heinrich Heine University, the systems of the affiliated Düsseldorf University Clinic were brought down by mistake. The attack encrypted 30 servers at the hospital, and left a ransomware note addressed to the university. With systems down, patient data inaccessible, and operations postponed, the patient had to be sent to a different hospital an additional 20 miles away, delaying potentially life-saving treatment.

Power Grid

The massive power outage in October 2020 in Mumbai, India, left railways, stock market, hospitals, and a population of 20-million in Mumbai high and dry for several hours. The US cybersecurity firm Recorded Future claimed that the China-backed Red Echo group targeted India’s power grid.

e-commerce

Hackers from China’s Guangdong and Henan provinces targeted millions of Indian online shoppers during the festive months of October and November, 2020. Chinese hackers launched ‘Spin the lucky wheel scam’ within days of Flipkart announcing the Big Billions of Days sale and later created a similar-looking fraud ‘Amazon Big Billion Day Sale.’ The hackers created fake URLs disguised as offers by Flipkart and Amazon and lured the netizens to click on them with bogus prizes. These links were disseminated through WhatsApp targeting many online shoppers in India. The information collected via these scams could be used to undertake more such cyber-attacks, especially targeted at internet users in Tier-II and Tier-III cities where awareness about such scams is low.

STARTUPS

Many startups all over the world are currently working on developing security solutions, some of which are presented below: