The New Normal for Cybersecurity

For a Security Operations Center (SOC), monitoring customer infrastructure activity and quickly mitigating cyber threats is always a top priority, but it is especially important right now as conflict continues between Russia and Ukraine. Current Advanced Persistent Threats (APTs) and destructive malware includes: 

1. Disinformation, defacements, Distributed Denial of Service (DDoS) 
2. Destructive Wiper Communities  
3. WhisperGate 
4. HermeticWiper 
5. IsaacWiper 

 All of the attacks are initiated to spread propaganda or disrupt normal operations for businesses and individuals. The Destructive Wiper Communities are different destructive malware with the intention to erase computer hardware and delete data and programs having crippling results for these businesses.  

 Following the initial attacks on Ukraine, cyberthreats were heightened globally by over 800%. While the Ntirety SOC team have not seen any targeting of Ntirety customers, we know that this could change at any moment, so we remain vigilant. We are continuing to take steps to enhance cybersecurity postures and increase monitoring for cyber threats.  

 Many data breaches can be tracked back to the tiniest flaws such as a weak or stolen password. As cybercriminal groups grow, it can be difficult for security teams to seal the cracks and fix the bugs fast enough. Protecting your business should be an ongoing effort, as there will always be cyberthreats. It is important to have all the right tools and technologies in place working together. 

 Cyber attackers look for access into endpoints- these endpoints are easily readable, readily available, and easy to access. As remote work has become increasingly more common, these endpoints, which were once located in relatively secure buildings, have moved outside of the four walls of an office. From these endpoints, cybercriminals will steal data and take down critical applications. Malicious attacks can include: 

• Phishing: Users surrender personal information by responding to fake official emails or links to fake websites 
• Malware: “Malicious software” designed to damage or control IT systems (Example: Ransomware) 
• Man-in-the-middle attacks: Hackers insert themselves between your computer and the web server 
• DDoS: “Distributed Denial of Service” A network of computers overload a server with data, shutting it down 
• Internet of Things & Edge Processing: Rogue data thefts; user error (not encrypting) 

• SQL Injection Attack: Corrupts data to make a server divulge potentially sensitive information 
• Cross-Site Scripting: Injects malicious code into a website to target the visitor’s browser 

Attackers are continuing to evolve their game and crowdsource their efforts. They can find vulnerabilities and exploit weak points within cyber infrastructures. With the help of Ntirety’s SOC your business will have eyes on your cyber infrastructure 24x7x365. For more information watch our recent webinar here and stay tuned for the next blog in this series.