Cybersecurity Essentials in a Remote Work Environment

According to the Deepwatch 2023 Annual Threat Intelligence (ATI) Report, some of the most common forms of cyberattacks include: 

  • Malware (Information Stealing and Container File Types) 

  • Source Code Repository Breaches

  • Vulnerability Exploitations 

  • Public Login Portal Hacks 

Furthermore, the report suggests that cybercriminals stay updated on relevant public intelligence and analysis reports. Doing so helps them understand how security researchers identify them.

Moreover, knowing the current state of information security can help hackers learn what decoys to avoid. 

It is intimidating to think hackers use analysis and intelligence to become more sophisticated. However, there are many confidential information security resources to help you stay one step ahead.

This article will help you understand how common attacks work then share some tips on ways to work around them. 

Information Stealing Malware

Information stealing malware (cybersecurity),Cybersecurity

Malicious software (malware) is a virus that steals your personal information.

This spyware can infect your system when you download applications from the internet instead of using the Apple or Google Play Store and clicking on eye-catching images. At the same time, browsing websites can also lead to a device breach. 

According to the Deepwatch ATI 2023 Annual Report, the increasing amount of intellectual and personal data stored online gives hackers a greater incentive to steal your information as they can sell it, hold it for ransom, or commit fraud. 

 

How to Reduce the Risk of Information Stealing Malware  

Security breach indicators include employees being unable to access their devices. In the case of ransomware, hackers ask executives to contact them through an anonymous email address or follow instructions to make a payment using an unknown site. 

The National Cybersecurity Center suggests using a defense-in-depth strategy to stop hackers. This can reduce the likelihood of paying a ransom without guaranteeing you’ll regain your proprietary and intellectual property.

The key actions to take are: 

  1. Regularly Backup Your Devices and Programs

Back up your most important files, then regularly test that your systems are working as expected.

Our Lead Pen Test Professional course can show you how to ensure data systems are impenetrable. 

The National Cybersecurity Center reports cases where hackers have destroyed copied files or disrupted recovery processes before an attack.

To decrease the likelihood of this happening, protect your reinforcements by siloing sensitive tasks to a dedicated device (privileged access workstation). Another option is only giving trusted individuals access to your business network through IP allow listing.

Moreover, ensure multi-factor authentication (MFA) isn’t installed on your backup device. Finally, Use privileged access management tools to automate the monitoring, detection, and removal process of unauthorized access to your sensitive data. 

2. Use Network Services to Stop the Spread of Malware 

Use mail and spam filtering services to block malicious emails and remove infected attachments. You can also install ad-blockers to prevent accidentally opening a malicious website. 

3. Install Device Specific Security Features to Prevent Malware from Running

This step is organization-specific. You’ll need to consider what anti-virus and anti-malware products work best for the type of devices you use. Furthermore, your information security team should centrally manage computers to streamline the permitting process for trusted applications. 

Our PECB Certified Lead Cloud Security Manager course can help you understand different cloud security risks while outlining how to adopt a cloud security program based on current industry standards. 

4. Practice Your Incident Management Plan

Knowing what steps to take should a security breach happen, can decrease your recovery period. You should clarify what your staff or third parties should do if their devices get hacked. Also, host workshops that familiarize people with common security breach tactics. 

Source Code Repositories 

Source code repositories house an organization’s sensitive private data. This could be secret information a business uses to stay competitive. Legally protected confidential material includes trademarks, copyrights, and patents.

Many companies also use the platforms on their source code repositories to collaborate on projects and share code. 

One example is GitHub, which is Okta’s repository. In 2022, Okta announced hackers accessed its business-facing security solution Workforce Identity Cloud’s source code after breaching GitHub.

  Cybersecurity

  ©Kroll

 

How to Secure Your Source Code Repository 

Deepwatch ATI’s 2023 Annual Report suggests that cybercriminals will likely continue to target source code repositories on GitHub and other DevOps platforms. This is because such software has a few access protections once they are in.

Technology marketing company TechTarget outlines four steps to secure your source code repository. 

  1. Ensure Your External Source Codes are Secure 

If you use a third party’s source code, ensure it’s downloaded from an authoritative website. Furthermore, check the integrity of this code by verifying cryptographic hashes. Doing so can guarantee that the algorithm works for your application and isn’t infected. TechTarget suggests using automation services to avoid mistakes like mistyping a URL or forgetting to compare cryptographic hash values. 

 

2.  Employ Source Code Access and Storage Rules

Part of storing source code in well-secured repositories includes managing who has access to it and to what extent. Only relevant people, applications, and services should have access to your source code. Moreover, make sure you are especially careful about who can modify your source code. Track all the changes made and ask developers to store third-party source code in the code repositories. 

3. Frequently Scan Your Source Code 

TechTarget suggests using static analysis tools to scan for vulnerabilities and malicious code. In addition to having programs constantly checking for hackers, schedule regular reviewing sessions with your team. Discuss any findings during frequent incident planning and response sessions to ensure you are ready to handle any discovery of malicious code.  

4. Stay Informed on Source Code Components

Ensure you know any new vulnerabilities in your code’s functions, descriptions, definitions, calls, methods, and other operational statements. Doing so will help you quickly adapt to new threats or avoid possible risks.  

 

Malware Container File Types  

Container files are ISO, zip, or VHD files many organizations use to download and distribute large documents.

According to the Deepwatch ATI 2023 Annual Report, Cybercriminals use container files to hide malware or malicious links because users frequently open them, assuming they are safe. 

The report suggests that hackers perform social engineering attacks with malware container file types. This means they manipulate users by impersonating a colleague or manager. They may ask you to quickly open and download a file to deal with an “urgent matter.” 

 

How to Spot and Stop Malware Container File Types 

The best way to reduce the risk of a system breach from malware container file types is to know how to identify them. Of course, things like MAF and making sure your software and devices stay updated is essential.

Furthermore, your centralized security team should employ spam blockers to prevent harmful malware. However, regular security awareness training can help your organization understand the dangers of different types of malware so they are more cautious before clicking attachments or downloading a link. 

Make sure employees can easily direct suspicious activity to your security team.    

 

Vulnerability Exploitations

Cybersecurity

Outdated applications or unpatched software are some of the system vulnerabilities hackers look to exploit.

The Deepwatch ATI 2023 Annual Report suggests that many companies lack sound vulnerability management programs that can automatically identify and fix system security weaknesses. This makes it easier for hackers to find and leverage ransomware. 

 

How to Decrease the Risk of Vulnerable Exploitation 

Stay updated on the Cybersecurity Infrastructure and Security Agency’s (CISA) Known Exploited Vulnerability (KEV) catalog. The organization is a US information security operator. However, many of the threats it monitors investigates, and mediates are challenges the global community faces. 

Familiarizing yourself with CISA’s catalog can help strategize your internal vulnerability management program. This continuous, proactive, and automated process keeps your computer systems, networks, and business applications safe from security breaches. 

The Deepwatch ATI 2023 Annual Report suggests that employing vulnerability management programs reduces the likelihood of your business playing catch-up. Instead of constantly racing against cyber criminals to ensure they can’t break into your system, you have automated and dynamic processes to routinely prepare for, identify, mitigate, or effectively respond to hackers. Should an attack occur, take time to brainstorm about lessons learned, then apply this feedback to security updates. 

 

Publicly Accessible Login Portals Targeted for Initial Hacks

The popularity of remote and hybrid work means devices constantly move between office, public, and private home networks. This shifting digital dynamic presents hackers with another way of breaching data – brute force attacks. 

The Deepwatch ATI 2023 Annual Report suggests that hackers target computers using publically accessible log-on portals to guess usernames and passwords, gaining unauthorized access to the devices’ systems. This is because it’s easier for hackers to identify and access systems connected to the public internet as they all use a shared default password. 

 

How to Secure Public Access Login Portals 

Decreasing the risk of brute force attacks from computers connected to public networks involves safeguarding the device’s system passwords. Cybersecurity company

Kaspersky suggests taking the following steps. 

  1. Employ High Encryption Rates 

Your system administrators should ensure that system passwords have 256-bit encryption. After all, the more bits in the encryption scheme, the harder it is to guess a password. 

2. Salt the Hash

Password hashing changes passwords into a short, random combination of letters and numbers based on an encryption algorithm. Kaspersky suggests system administrators randomize password hashes by including an arbitrary string of letters and numbers, otherwise known as salt, to the password itself, “Store this string in a separate database and retrieve and add it to the password before it is hashed.”

This will result in users with the same password having a different hash. 

Hash algorithm (cybersecurity)

©GeeksforGeeks.org

3. Limit Login Retries

The fewer chances a hacker has to guess a password, the less likely they will carry out a successful brute-force attack.

Moreover, cybercriminals will likely move on to the next target once they are locked out of an account. Require your user to contact your IT department and verify their identity to re-open their account after multiple failed attempts at guessing a password. 

 

4. Use Captchas

This manual verification process is a great way to stop robot attacks. Whether it’s asking users to retype the text of an image, check a checkbox, or identify specific things in pictures, captchas better secure your user’s passwords.

Include them before the first login and after the following two attempts. 

 

5. Record and Block Known Attackers 

Kaspersky suggests using an IP denylist that helps to identify and block attackers.

Your information security managers should regularly update this information.  

For more information on decreasing the risk of these and other security breaches, please email us at talkagile@agileseventeen.com.