Whether its ransomware, credential compromise, distributed denial of service, or phishing: hacking your business has itself turned into a business. There are entire organizations dedicated to targeting networks and infrastructure. Because of the nature of the economy, there is always someone who benefits from a disruption. Government, businesses, and schools are all potential targets. No network is safe. These hackers are starting to become almost as sophisticated as the organizations they are trying to infiltrate.
When ransomware hit the scene about two years ago, it made a very interesting progression from individuals to enterprise. It started out on the dark net, targeting individuals who barely understood how malware worked. During that phase, the bad actors were able to refine their ransomware tactics. Then they began to unleash ransomware on businesses both large and small. These were more consistent targets since businesses, and their bottom lines, are more affected by service disruptions. As the tactics became more complex and technical, bad actors started selling ransomware to non-technical criminals. This ‘Ransomware-as-a-Service’ offering contributed to ransomware’s prominence today.
Credential phishing is now following a similar path as ransomware, shifting from individual to enterprise. Elliot Volkman, from PhishLabs, in his primary findings from their 2018 Phishing Trends and Intelligence report, suggests “enterprise organization are now the primary [credential theft] target over consumers.” The ill-effects of a ransomware attack can be mitigated with proper backup storage, employee education, and an incident response plan. Credential theft isn’t so easy to deal with. As we’ve covered in this space before, your employee credentials are vital for security. Identity is the key that cuts through many of the other security controls that exist in your organization. If someone can gain access to your employee’s accounts, they can access almost anything. Because of this, it won’t be long until credential theft is big business just like ransomware or Distributed Denial of Service attacks.
Forbes shared a report about one of these criminal hacking organizations, Webstressor.org. They offer customers a Distributed Denial of Service (DDoS) attack on their preferred websites. Now, this may sound like something that you would have to download on an Onion browser and go on the dark web to find. But, the Department of Defense recently took down their public site. A public site that implied strongly that their service was completely legal. Webstressor.org made claims that they were the “most reliable IP stressor / Booter” and that they’ve been “dominating server stress testing since 2015.” It was a quick run for Webstressor.org though. As their website now says “This Site has Been Seized by the United States Department of Defense…” and characterizes Webstressor.org as an “illegal DDoS-for-hire service.”
It’s time to rethink your cybersecurity plans. You cannot underestimate the bad actors trying to infiltrate your business. This is their focused profession, so don’t treat them like a lesser adversary. These organizations are resourceful, complex, and agile. Be proactive in establishing security protocols so when you get targeted you can identify the attack and respond appropriately. The companies who dismiss security concerns are the ones most likely to be crippled by malware. Peters & Associates offers security training and testing, as well as a series of security products which address these kinds of issues. Call 630.832.0075 or email us at firstname.lastname@example.org today!