December 2022 - vTECH io

Cybercriminals are strategic and always looking for new ways to attack your business. Companies are facing more threats as the internet becomes increasingly accessible. As more businesses move to remote models and increase their device usage, entire networks are left vulnerable.

At vTECH io, we have found that 41% of cyber attacks happen to businesses through vulnerabilities in internet-facing devices. This makes it number one on our list of the most common cyber attacks businesses face.

Internet-facing devices are devices that have open access to the wide internet. It acts as a host for entry into a network. These Internet-facing devices can include, “any system that is globally accessible over the public internet (i.e., has a publicly routed internet protocol (IP) address or a hostname that resolves publicly in DNS to such an address) and encompass those systems directly managed by an organization, as well as those operated by a third-party on an organization’s behalf.” Internet-facing applications also create vulnerable entryways for hackers.

It is crucial to become aware of the issues facing your internet-facing devices and patch up those vulnerabilities to secure your infrastructure against potential cyberattacks.

Why do internet-facing devices leave businesses vulnerable?

Internet-facing devices may include hardware and software that leave open doors to cyber actors. Cybercriminals can use internet-scanning public services to find web-based human-machine interfaces (HMI) exposed to the internet. If they are password protected, they will push their way through, but many times these devices are left without a password. This leaves HMIs even more vulnerable to infiltration and attack.

Another big vulnerability for businesses is the increased number of remote workers. Workers are using more internet-facing devices, systems, and applications to access their work from home. While some applications may be accessed internally, many businesses operate using a large number of external applications and systems. These internet-facing systems are essential for communicating with customers and for employees to access their work remotely.

Examples of internet-facing applications include remotely accessible services, cloud applications, internet-facing firewalls, SSH gateways, VPN gateways, web and mobile applications, and web servers.

Cybercriminals know that businesses don’t keep up with all of their internet-facing devices. They make easy targets because they are not protected or monitored as closely. Cyber actors can get in and wreak havoc on your network. Thankfully, there are several ways you can protect your business from an attack.

How to Prevent an Attack

The biggest way to prevent someone from attacking your internet-facing devices is to be proactive. Following protocols to successfully protect your vulnerable devices can save your business a large amount of time and money.

It is important that your organization has a detailed understanding of the internet-facing devices used throughout. Without this, it is much harder to asses risk, find vulnerabilities, and set up proper protection. Once internet-facing devices are accounted for and managed, the next step would be to implement patch and configuration management policies.

Recommendations from Microsoft

Microsoft released suggested actions to take to protect your business’s internet-facing devices.

These suggestions include:

Apply patches, change default passwords, and default SSH ports on all devices.
Eliminate unnecessary internet connections and open ports.
Restrict remote access by blocking ports, denying remote access, and using VPN services.
Use an IoT/OT-aware network detection and response (NDR) solution, and a security information and event management (SIEM)/security orchestration and response (SOAR) solution to monitor devices for unauthorized behaviors.
Segment networks limit an attacker’s ability to move laterally and compromise assets after the initial intrusion.
IoT devices and OT networks should be isolated from corporate IT networks through firewalls.
Make sure ICS protocols are not exposed directly to the internet.

Although this list of suggestions is robust, the work up front may protect your entire network from a major breach.

Recommendations from CISA

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released an article on remediating vulnerabilities for internet-accessible systems.

In this article, they list these four actions to take to remediate vulnerabilities.

Ensure Your Vulnerability Scanning Service is Scanning All Internet-Accessible IP Addresses
Notify the Scanning Service of Any Modifications to Your Organization’s Internet-Accessible IPs.
Ensure the Scanning Service Provides At Least Weekly Scanning Results
Coordinate with System Owners to Remediate Vulnerabilities

These different suggestions for safeguarding your internet-facing devices can help you create a more secure infrastructure for your business.

How to Further Protect your Business

Hackers are strategic and looking for the biggest “bang for their buck.” Meaning they are looking for the easiest target that will get them the biggest return. As our businesses change and advance, these cyber actors advance with them. That’s why your network’s safety is one of our biggest priorities. We value your safety and the safety of everything you’ve worked so hard for.

vTECH io is here to partner with you to protect your infrastructure and secure your networks. We offer vCyberguard, our enterprise security solution. We will help you find vulnerabilities in your internal and external networks and create a customizable solution to fit your network’s needs. You can download the vCyberguard brochure here.

To start protecting your businesses against cyberattacks today, click here, fill out the form, and we will do the rest.

Most people take off during the holidays while cybercriminals get to work. Unfortunately, cyber actors ramp up their schemes during the holidays when most people have their guard down. A report by Darktrace in 2021 stated that ransomware attacks increase by 30% during the holidays compared to the rest of the year.

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI released a reminder to stay vigilant during the holiday season as cybercriminals make plans to disrupt the networks and systems of businesses and organizations.

Unfortunately, the holidays leave networks vulnerable as people take time off from work, increase their online shopping, and get distracted. Holiday scams and ransomware are some of the most prevalent incidents that take place. These attacks can be expensive and damaging to companies of any size. It is important now more than ever to be proactive when it comes to cybersecurity for the enterprise.

Why do the holidays leave us vulnerable?

The most wonderful time of the year can be quickly turned sour by a cyberattack. The holidays leave companies vulnerable for many different reasons. Cybercriminals attack during the holidays due to the lack of vigilance people have during this time. Many employees become distracted by parties and rushed deadlines. They are rushing to get work done, forfeiting proper cybersecurity hygiene. Attackers know this and use it to their advantage.

Many company networks have increased traffic during the holidays. Cybercriminals take advantage of this and find it easier to launch an attack unnoticed. Additionally, enterprises may receive more customer information during the holidays, increasing the value of the attack. Not to mention, IT professionals are burnt out trying to maintain security and will be less likely to check alerts on their much-needed time off.

The FIFA World Cup

The FIFA World Cup brings huge cybersecurity risks. In 2022, the FIFA World Cup will take place during the holiday season because the host country of Qatar is too hot to hold the game in the summer. Since soccer is the most popular sport across the globe, the World Cup is one of the most watched games. In fact, in 2018, 3.572 billion people tuned in to watch the World Cup. With so many people streaming the game online, it is a perfect time for cyber actors to ramp up their schemes.

The increase in cybersecurity attacks during the holidays plus the FIFA World Cup means companies need to be vigilant and prepared for what may come.

Types of Attacks

The FIFA World Cup receives a lot of attention from cyber actors looking to exploit distracted fans. Many incidents occur through fictitious streaming services tricking virtual users into creating fake accounts.

Holiday scams are a major threat this year because of how easily users can fall for them. Shopping cams can happen when people purchase gifts online and those gifts never arrive. Other holiday scams include auction fraud where a product is made to look legitimate but is not what the buyer thinks they are getting. Gift card fraud can happen when a seller is asking you to purchase a pre-paid card.

There are also phishing schemes where people may be deceived by emails that look trustworthy from charitable organizations. Cybercriminals use these schemes to download malware. Unfortunately, 75% of cybercrimes happen through email.

As online shopping increases, it is easy for consumers to input their credit card information quickly and without thinking. This is why it is important to be aware of where you are inputting your credit card information. Using unencrypted financial transactions can lead to credit card fraud.

If an employee falls for any of these schemes, it can leave the entire enterprise at risk. If malware is executed, it can spread through the company’s systems. This can damage the systems and give unauthorized access to the actor, resulting in a ransomware attack.

How to Stay Safe

CISA and the FBI have released several ways you can safeguard your enterprise against an incident this holiday season. They released an article stating some best practices for staying vigilant during the holidays. The article is titled Reminder for Critical Infrastructure to Stay Vigilant Against Threats During the Holidays and Weekend.

They list these exact steps to implement before the holidays:

Examine your current cybersecurity posture and use best practices and mitigations to manage risk.

Identify IT security employees for weekends and holidays who would be available to surge during these times in the event of an incident or ransomware attack.
Implement multi-factor authentication for remote access and administrative accounts.
Mandate strong passwords and ensure they are not reused across multiple accounts.
If you use remote desktop protocol (RDP) or any other potentially risky service, ensure it is secure and monitored.
Remind employees not to click on suspicious links, and conduct exercises to raise awareness.

Be Proactive

This 2022 holiday season is a perfect storm. Between Thanksgiving, Christmas, and the FIFA World Cup, the risk of a cybersecurity incident occurring is high. Extra precautions need to be taken to protect the enterprise against threats. No one wants to come back to work only to be confronted with an incident. v-TECH io wants to help you stay safe this holiday season.

At v-TECH io, we sell blocks of CISO hours which we can use to review best practices for cybersecurity. We can also make sure your network is secured even when your staff goes home. Our experienced IT professionals are here to give you the support and peace of mind you need to enjoy the holidays.

Being proactive by partnering with v-TECH io is an easy way to safeguard the enterprise. To connect with one of our experts, simply click here, fill out the form, and we will get to work.