TT RND
Games, apps, websites… anything can be abused. How to protect your family from mobile threats
Source: ESET
Date: 28 Oct 2024
ESET levels up its Mobile Security app to be even more effective against phishing.
Smartphones have become an integral part of our social lives. From children to teens and on to adults and the elderly, globally, the average user now spends almost four hours daily staring at their mobile phone. There’s really no point in naming all the things people can use their mobile phones for. From social interaction to shopping, gaming, and so on… you know what they are capable of.
These capabilities, however, come at a price. The variety of things people can do on their mobile phones creates one huge, messy cyberthreat landscape with criminals trying to steal victims’ money, data, and identities, sometimes demanding a ransom for their return.
This blog will show you some real-life examples described by ESET researchers of what such threats look like. As you will see, some of them are no longer simple scams that can be easily spotted, but are instead sophisticated, multi-staged and AI-driven attacks that require much stronger defenses than a watchful eye and simple antivirus.
The long list of ESET research pieces on this topic demonstrates how carefully ESET studies these threats. And ESET experts are not just watching. More than ten years ago, ESET created award-winning multilayered protection against a multitude of Android security issues called ESET Mobile Security, which has been protecting millions of people around the globe. Now ESET is coming forward with improved Phishing Protection, extending threat coverage even more.
Anyone can be a target
There are 4.8 billion smartphone users, which is more than half of the current global population of 8.2 billion people. Statista estimates the smartphone user base to reach 6.4 billion by 2029.
According to a 2024 survey conducted by the data management firm Harmony Healthcare IT, phone screen time increases with every generation. While U.S. baby boomers (people born from 1946 to 1964) spend 3.5 hours per day with phones in their hands, millennials’ use of phones is one hour longer, and Generation Z spends an average of 6 hours and 5 minutes on their phone daily.
And just as smartphone usage is rising, so is the total volume of detected Android malware, increasing from 1.7 million in July 2014 to 35.2 million as of July 2024, according to the AV-TEST Institute’s data.
While the usage of mobile phones grows, so does the increase in user susceptibility to phishing attacks. Global data gathered in 2022 shows that encounters of personal mobiles with phishing rose from 35.46% in 2020 to 53% in 2022, and the percentage of mobile users who tapped on six or more phishing links almost doubled from 14.3% to 27.6% within this time period.
Threats are out there
Let’s see several of the latest examples of mobile threats, some covered by the latest ESET Threat Report (H1 2024).
ESET experts complemented the research conducted by Group-IB’s Threat Intelligence unit, describing the GoldPickaxe malware family available for both iOS and Android, targeting victims in the Asia-Pacific region.
This malware can steal a victim’s sensitive personal information from financial apps such as Digital Pension for Thailand despite a requirement that users record a brief video of their face from various angles using the front camera of their mobile device as a form of secure authentication.
To achieve that, threat actors steal victims’ biometric data and utilize AI-driven face-swapping services to create deepfakes.
Another example shows that scammers don’t hesitate to even target children. According to the latest Threat Report, ESET telemetry detected phishing scams abusing Roblox, a sandbox gaming platform very popular with kids and available on multiple operating systems (including Apple and Android). Roblox contains virtual currency named Robux that can be purchased with real money, which makes it attractive for cybercriminals. The Roblox community has created a long list of Roblox threats here.
Also, using ESET detection engines in combination with other sources, ESET researchers recently discovered espionage campaigns spreading fake apps or trojanized and reverse-engineered legitimate apps to Android users in Egypt and Palestine. Threat actors used dedicated phishing websites to distribute malicious apps impersonating legitimate chat apps, a job opportunity app, and a civil registry app.
Another recent malicious campaign uncovered by ESET researchers and run in the Czech Republic targeted clients at three Czech banks to facilitate unauthorized ATM withdrawals from the victims’ bank accounts.
NFCGate architecture (source: https://github.com/nfcgate/nfcgate/wiki)
At first, cyber criminals deceived victims into believing that they are communicating with their bank, and then tricked them into downloading and installing a fake banking app with the unique malware that ESET named NGate. The malware then clones near field communications data (NFC) from victims’ payment cards using NGate and sends this data to an attacker’s device that is then able to imitate the original card and withdraw money from an ATM.
Just this handful of recent examples shows how large of a portfolio of tools cybercriminals have at their disposal. Notice the variety of their targets – children playing games or adults seeking a job, wanting to chat, or doing financial operations.
ESET Mobile Security
To deal with these scenarios, both individual users and households need a reliable security solution capable of stopping threats, ideally before they execute and cause any harm.
ESET Mobile Security provides award-winning protection against a multitude of Android security issues such as viruses, ransomware, adware, and other malware, or unwanted permissions given to applications. It also offers multilayered protection against phishing, smishing, and scams.
Here is a brief list of some features:
Antivirus – Protects against malicious app installs and from malicious apps downloaded from app stores. With permission, Antivirus can also check all files on the mobile device.
Anti-Phishing – Protects against malicious websites attempting to acquire users’ sensitive information on the most used browsers and social networks including Facebook, Facebook lite, Instagram, and Facebook Messenger. SMS notifications are also covered. It also protects from accessing phishing or fraudulent sites that can be used, for example, to distribute malicious apps.
Link Scanner – This year, ESET introduced Link Scanner, which allows ESET Mobile Security to check every link a user tries to open, not only those coming from supported websites and social network apps. For instance, if a user receives a phishing link in a game app and opens it, the link is first redirected to the ESET Mobile Security app, where it is checked before being redirected to the browser.
Remember the Roblox attacks? Some of them start exactly with phishing links received via in-game messages or found in fake profiles used by scammers.
Adware Detector – Sometimes a user cannot identify which app is causing annoying unwanted pop-ups. The ESET Adware Detector functionality tracks all apps that are shown on the screen so the user can easily identify the app that should not be running and delete it.
Payment Protection – This is a safe launcher for financial apps, ensuring that other apps on your device will not be able to recognize the launch of a sensitive app, nor allow other apps to replace or read the screens of the financial app in question. This makes use of finance or other sensitive apps safer.
Anti-Theft – The ESET Anti-Theft feature protects your mobile device from unauthorized access, enables you to monitor foreign activity, and tracks your device’s location. You can also display a message to the finder if your device is lost.
What about iOS?
There may be some iOS users who still hold on to the myth that their devices are secure simply because of the way these operating systems are built – applications on iPhone or iPad devices run in their own separate virtual spaces and can communicate with each other to a very limited extent. This environment also prevents external antivirus apps for iOS from working properly.
However, there are notable cyber incidents, proving that iOS is not impenetrable. Therefore, iOS users should enhance the security of their devices with additional layers such as , Identity Protection*, and Password Manager.
All of these are available for both iOS and Android users via ESET HOME Security, the recently upgraded all-in-one solution created for consumers who want to protect their household against all kinds of cyberthreats.
Be prepared for anything
Packed with tons of features and capabilities, mobile devices should make our lives easier, and not trigger headaches due to cyberthreats. That is why multi-layered protection focusing on prevention is needed.
Being a security leader with more than three decades of experience, ESET protects smartphone users of all generations whether they are browsing the internet, chatting, shopping, playing games, or executing financial operations.
* ESET Identity Protection is available only in selected countries.
ESET boosts its home security to protect your family against identity theft and ransomware
Source: ESET
Date: 24 Oct 2024
With increasingly sophisticated attacks, households need top-end protection covering today’s complex threat landscape.
In a world where cybercriminals can abuse AI to create fake recordings of your face needed to bypass video-based authentication, or where phishing copycats of legitimate websites are almost unrecognizable from their real counterparts, and media repeatedly inform us about huge data breaches, it is no surprise that the general public is worried about what the future holds.
Even tech-savvy and vigilant home admins can’t be sure that their personal data won’t leak due to third-party data breaches, nor can they monitor their children or less-aware family members 24/7 to prevent them from being fooled by an advanced scam.
In such a world, security awareness training combined with a simple cybersecurity solution is not enough. Robust high-quality defenses covering numerous attack vectors such as accounts, web browsing, financial operations, mobile apps, and even physical theft are needed. Ideally, if such a solution is easy to use and its first line of defense is prevention – avoiding or stopping threats before they can do any harm – then home admins and their families will be able to rest better.
This year, ESET boosts its all-in-one solution for consumers, ESET HOME Security, with several new handy features battling the most feared attacks such as ransomware or phishing. Moreover, ESET introduces global Identity Protection* service, which provides rapid warning about personal data leaks and helps victims promptly mitigate possible identity fraud.
Growing concerns
The vast majority of British and American consumers are concerned that cyberattacks will increase or remain consistent over the coming year (97%) and become more sophisticated (69%), according to a 2024 study conducted by ThreatX and Dynata among 2,000 consumers. Only 13% express their confidence in being completely protected from cyberattacks in the next year.
Considering the volume of news about advanced cyberthreats and huge data breaches, these numbers are understandable. Here is a brief summary of the general public’s situation:
- Cybercrime is profitable, and it will grow. The global cost of cybercrime is expected to surge in the next four years, rising from $9.22 trillion in 2024 to $13.82 trillion by 2028.
- Technology is evolving, and so are cyberattacks. The recent Netacea survey among 440 businesses across the U.K. and the U.S. found that 93% of respondents believe they will face daily AI attacks within the next six months.
- Automated attacks are a constant threat. For example, Microsoft deflects more than 1,000 password attacks per second, spam messages accounted for over 46.8 percent of email traffic in December 2023, and more than 76 billion emails were phishing in the same year.
- The latest generation of PCs can break encryption by guessing random 6-character-long passwords in a single day, this despite the improved hashing methods used. Users of older hashing methods can get breached almost instantly.
Setting up defenses
The statistics above are not here to scare you, but rather to demonstrate the scale and complexity of the current threat landscape. This means that home defenses must be comprehensive but, at the same time, easy to operate to avoid security fatigue. Yes, cybercriminals are evolving; they use AI and automation. But guess what: cybersecurity vendors (such as ESET) can do the same.
Keeping all these threats in mind, proper home security should be multi-layered, covering multiple attack vectors and focusing on prevention. Here are some basic rules and solutions that people concerned about their cybersecurity should consider:
Cyber Hygiene – Besides awareness education, proper cyber hygiene also involves backups, regular patching and updates, encryption, and password hygiene.
Password Manager and Two-Factorial Authentication – An average person now uses 168 passwords and manages nearly 200 accounts. Considering how often cybercriminals attack credentials, it is quite useful to have these two solutions.
Antivirus – High-quality antivirus is a must nowadays. Don’t rely only on free or in-built protection.
Modern Endpoint Security – This involves Antispyware, Anti-Phishing, Ransomware Shield, and Script-Based Attack Protection combined with Advanced Machine Learning and sandbox technology that analyzes software before execution.
Parental Control – Parental Control offers a general overview of children’s online activities and flexible options to restrict access to some content or screen time.
Anti-Theft – Just recently in London, a mobile was stolen every six minutes in 2023. An Anti-Theft tool helps track stolen devices and protects their data.
VPN – Virtual Private Network is a technology that enables the creation of a secure and encrypted connection between a device and the internet.
Focus on quality
ESET HOME Security is an all-in-one, subscription-based solution offering all these technologies and covers multiple operation systems from Windows, to macOS, to Android, and also improves iOS security.
Despite being packed with a number of capabilities, it’s not hard to operate. ESET HOME Security comes with its own complete security management platform, ESET HOME, which allows easy management and sharing protection with family and friends.
Moreover, it is constructed in a way that allows low usage of your PC’s system resources, a fact also acknowledged in 2023 AV-Comparatives Performance Test.
As a global leader in digital security with more than 30 years of experience, ESET is committed to progress and staying ahead of adversaries. That’s why ESET constantly improves its technology, including ESET HOME Security.
This year, ESET comes with several new security and privacy features while improving already-existing ones:
New Global Dark Web Monitoring – ESET Identity Protection* scours websites on the dark web, black market chat rooms, blogs, and other data sources to detect the illegal trading and selling of users’ personal information. ESET technology sends prompt alerts so they can take immediate action.
New ESET Folder Guard – This technology helps protect Windows users’ valuable data from malicious apps and threats, such as ransomware, worms, and wipers (malware that can damage users’ data). Users can create a list of protected folders and files in these folders; these can’t be modified or deleted by untrusted applications.
New Multithread Scanning – Improves scanning performance for multi-core processor devices using Windows by distributing scanning requests among available CPU cores. There can be as many scanning threads as the machine has numbers of processors.
New Link Scanner – This feature improves ESET Mobile Security Anti-phishing (EMS), which, in general, blocks potential phishing attacks coming from websites or domains listed in the ESET malware database. The Link Scanner allows EMS to check every link a user tries to open, not only those coming from supported browsers and social network apps. For instance, a phishing link that pops up in a game will also be checked.
Improved Gamer mode – This feature is for users who demand uninterrupted usage of their software without pop-up windows and want to minimize CPU usage. The improved version allows users to select applications that will not run in Gamer mode. When running an excluded application in full screen mode, Gamer mode will not be used. For cautious players, there is also a new option to display interactive alerts while gamer mode is running.
Improved Password Manager – ESET’s Password Manager now includes an option to remotely log out of Password Manager when logged in on other devices. Users can check their password against the password breach list and can view a security report that informs them if they use any weak or duplicate passwords for their stored accounts. Password Manager has an integrated option to use third-party programs as an optional two-factor authentication (2FA) solution.
Improved Cyber Security for Mac users – ESET HOME Security tiers for Mac users now have a new unified Firewall with both basic and advanced setup options in the main Graphical User Interface (GUI). This means the solution is tailored to the needs of users from basic to more advanced, and without unnecessary settings.
Home is where you feel safe
Despite the digital world becoming more complex and dangerous, this doesn’t mean that average users should constantly look over their shoulders. Yes, they need to stay vigilant, but home should first and foremost be a place of peace and comfort.
So set up defenses, update them regularly, and enjoy your time with your family knowing that your cybersecurity is left to professionals.
* ESET Identity Protection is available only in selected countries.
ESET bulks up its ESET HOME consumer protections against identity theft, ransomware, phishing, and more
Source: ESET
Date: 22 Oct 2024
BRATISLAVA — October 22, 2024 — ESET, a global leader in cybersecurity solutions, today announced the launch of its upgraded consumer offering ESET HOME Security, introducing new features such as ESET Folder Guard and Multithread Scanning, together with an overall improvement of its capabilities. Identity Protection* featuring Dark Web Monitoring is now globally available.
These enhancements to ESET HOME Security, as an all-in-one solution for consumers, correspond to the increasing number of advanced, automated, and AI-driven threats targeting individuals and address growing concerns about data privacy, ransomware attacks, phishing, and scams.
Despite being packed with the latest technology, ESET HOME Security remains easy to use thanks to ESET HOME, a comprehensive security management platform available across all major operating systems — Windows, macOS, Android, iOS — and covering all typical smart home devices. Now ESET HOME Security offers even more formidable protection for entire households.
“As a progressive digital life protection vendor, ESET is dedicated to always being one step ahead of adversaries. Our team of experts created a powerful digital life protection solution that blends more than 30 years of human expertise with artificial intelligence, multilayered security technology, and live cloud protection. Following a prevention-first approach that stops threats before they can do any harm, ESET HOME Security brings peace of mind regarding privacy and security, while staying user-friendly, powerful, light, and fast,” said Viktória Ivanová, Vice President of Consumer and IoT Segment at ESET.
To complement the long list of already existing layers of protection, including Antivirus & Antispyware, Firewall, Ransomware Shield, Anti-Phishing, Safe Banking, Safe Browsing, Password Manager, and Anti-Theft — to name just a few — new features and upgrades have been added:
New Dark Web Monitoring — ESET Identity Protection* scours websites on the dark web, black market chat rooms, blogs, and other data sources to detect the illegal trading and selling of users’ personal information. ESET technology sends prompt alerts so users can take immediate action.
New ESET Folder Guard — This technology helps protect Windows users’ valuable data from malicious apps and threats, such as ransomware, worms, and wipers (malware that can damage users’ data). Users can create a list of protected folders — files in these folders can’t be modified or deleted by untrusted applications.
New Multithread Scanning — Improves scanning performance for multi-core processor devices using Windows by distributing scanning requests among available CPU cores. There can be as many scanning threads as the machine has processor cores.
New Link Scanner — This feature improves ESET Mobile Security Anti-Phishing that, in general, blocks potential phishing attacks coming from websites or domains listed in the ESET malware database. The Link Scanner is an additional layer of protection for Android smartphone users that allows ESET Mobile Security to check every link a user tries to open, not only those coming from supported websites and social network apps. For instance, if a user receives a phishing link in a game app and opens it, the link is first redirected to the ESET Mobile Security app, where it is checked, before being redirected to the browser. If the user is using an unsupported browser, the Link Scanner will block the malicious link in this case.
Improved Gamer Mode — This feature is for users who demand uninterrupted usage of their software without pop-up windows and want to minimize CPU usage. The improved version allows users to create a list of apps automatically starting gamer mode. For cautious players, there is also a new option to display interactive alerts while gamer mode is running.
Improved Password Manager — ESET Password Manager now includes an option to remotely log out of Password Manager when it is logged in on other devices. Users can check their password against the password breach list and view a security report that informs users if they use any weak or duplicate passwords for their stored accounts. Password Manager has an integrated option to use third-party programs as an optional two-factor authentication (2FA).
Improved Cyber Security for Mac users — ESET HOME Security tiers for Mac users now have a new unified Firewall with both basic and advanced setup options in the main Graphical User Interface (GUI). This means the solution is tailored to the needs of users from basic to more advanced, without unnecessary settings.
This robust all-in-one security product is an ideal solution for all who have concerns beyond general cybersecurity, and it includes privacy protection, identity protection, performance optimization, device protection, and smart home protection. Because in a world of advanced cyberthreats, quality matters.
More information about the consumer offering and subscription tiers can be found here.
* ESET Identity Protection is available only in selected countries.
ESET® provides cutting-edge digital security to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of known and emerging cyberthreats — securing businesses, critical infrastructure, and individuals. Whether it’s endpoint, cloud, or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. An ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network.
Boosting cyber health: How vulnerability and patch management decrease threat exposure
Source: ESET
Date: 10 Oct 2024
The topic of vulnerabilities remains significant as new exploits emerge, underscoring the need for continuous vigilance and proactive defense strategies.
In a world that records on average at least 7,240 new vulnerabilities per quarter (based on 2023 data), patching critical vulnerabilities should be an immediate priority; otherwise, users might face anything from exposing confidential data all the way to opening their entire networks to ransomware or wiperware. The possible negative scenarios are unlimited.
Thus, focusing on your business’ cyber health matters, and with data breach costs climbing into several millions of dollars, patching all your devices/OSs grows considerably more critical.
A health check on vulnerabilities
First of all, doctors usually say that humans should support their health by ingesting a healthy dose of vitamins every day – lowering the chances of having compromised immune systems, leading to constant bouts of sickness. For organizations, the situation is much the same. Without investing in all-encompassing cybersecurity measures and awareness training, their body (business) will be left vulnerable to compromises (literally).
However, it seems that just like humans tend to underestimate their need for vitamins and health checks, so do businesses forgo important security checks and patching. There have been a plethora of cases where a business was breached due to a known vulnerability. For example, Equifax in 2017 was breached thanks to unpatched vulnerabilities1, which threat actors used to get their hands on the private records of 147.9 million Americans.
Overall, this catastrophic breach cost Equifax around 1.4 billion USD. For a smaller business, such costs, even in proportion to their revenues, would likely bury them completely. A larger enterprise might weather the storm, but there is a high chance that they could fold as well, and all because their patching was, well, “patchy.”
Recording vulnerabilities – are you immune enough?
The database of Common Vulnerabilities and Exposures (CVEs) recorded 28,961 vulnerabilities for 2023 alone, representing a 15% rise compared to the previous year. For Q1 2024, 8,697 have already been reported (for comparison, in Q1 2023 it was 7,015).
Endpoints such as servers or computers remain risky, as they can harbor unpatched systems and apps. The same research also highlights how ransomware gangs are becoming more skilled, using programming languages that can more easily cross-compile, simultaneously targeting Windows and Linux systems.
There’s an online myth that Linux is inherently more secure than other systems – since threat actors only target commonly used ones. Said myth is easily debunked though, as Linux is one of the most widely used systems globally. It makes up approximately 96% of web server infrastructure, while Android represents 72% of the global mobile market share.
Recently, ESET Research broke a story about the Ebury botnet compromising around 400K Linux servers for cryptocurrency theft and other criminal activities. ESET researchers have also exposed numerous OpenSSH backdoors, leading to the documentation of almost 21 Linux-based malware families with credential-stealing and backdoor functionalities. Additionally, threat actors target Linux-based high-performance computing (HPC) clusters with sophisticated malware like Kobalos.
Thus, threats targeting Linux-based systems are quite real and can pack quite a punch to the gut of business security.
The ABCs of vulnerability solutions
Why deal with vulnerabilities, specifically? For a business that could already consider its cyber posture “ready” or “full,” it could seem like its current security software can take care of everything.
That’s not an entirely accurate observation. Endpoint security products in and of themselves are usually made up of multiple layers guaranteeing strong protection – but that doesn’t mean that your endpoint product can protect against every single external threat. There’s a reason why detection and response or cloud security are a thing these days; it’s all about minimizing risk by shrinking the attack surface as much as one can.
Though security tools can remediate rather quickly (with ESET-managed services responding in as little as 20 minutes), every piece of a security stack plays a different and important part in the active protection process.
Keeping ahead of attackers by preventing them from finding that vulnerable spot is the key to your security. Said spots can be anywhere – in an app, device OS, or server infrastructure – presenting multiple potential entry points. However, the right vulnerability and patch management solution can provide the necessary tools to assess and provide patching opportunities for that unsecure spot – wherever it may be.
ESET Vulnerability and Patch Management (V&PM) – a healthy dose of vitamins
As illustrated previously, threat development is more flexible than before, and defenses need to be shored up to protect all devices that a business employs.
With ESET Vulnerability and Patch Management, which is now also offered as a separate add-on to ESET PROTECT Entry and ESET PROTECT Advanced, even the smallest firm can start its prevention-first journey, warding off tomorrow’s threats looking to infiltrate their premises.
The V&PM module is directly integrated into the ESET PROTECT Platform and is always on – making it easy to stay up to date – protecting against attacks, zero-days, and ransomware all at once. Thus, ensuring visibility and situational awareness, which the entirely new V&PM dashboard improves by giving instant overviews of the vulnerability and patching status across an entire business network.
Moreover, to answer the need for comprehensive vulnerability assessment and patching, ESET has expanded the V&PM module by adding further system treatment into its repertoire – now also covering Linux2 and macOS3.
For Windows and Linux servers, we understand that admins need full control, therefore, on these systems, the V&PM module is not automated and gives admins total control over the entire process, so that they don’t interrupt business workflows.
And if a security admin is growing suspicious about a particular system, on-demand vulnerability scanning will enable them to act quickly in case the need arises.
Sickness be gone!
With current security tools like the comprehensive ESET V&PM module, breaches traced to a vulnerability are no longer about bad luck – they are about inattentiveness and underestimation, both of which have enormous security and even existential consequences for organizations.
Upping the ante in this important area is compliance, with regulations such as NIS2 in Europe, and PCI DSS 4.0 globally, demanding transparent vulnerability disclosure and management. This all shouldn’t be surprising – with thousands of vulnerabilities being recorded quarterly, all it takes is one unpatched hole and tragedy awaits.
So please, take that health check and don’t underestimate your immune system – when you have those vitamins at hand, why not take them?
1 The exploited vulnerability was related to a framework for creating web apps written in Java, enabling threat actors to run code remotely.
2 Please check our website for desktop Linux compatibility.
3 Additionally, Linux patch management, as well as operating system vulnerability scanning and patching in macOS, is on the roadmap.
For more information about ESET Vulnerability and Patch Management, please visit our page here.
Discover how V&PM helps in staying compliant with cyber insurance in our blog here.
ESET updates its Vulnerability and Patch Management module with new functions
Source: ESET
Date: 10 Oct 2024
- ESET Vulnerability and Patch Management (V&PM) receives new updates, expanding its coverage and functionalities
- ESET V&PM is now also available for Linux (desktop and server), and macOS systems
- The new V&PM dashboard inside ESET PROTECT grants extensive visibility and transparency
- More control for security admins, with either always-on scanning or scanning on-demand
- Customers can now purchase ESET V&PM as a separate add-on for ESET PROTECT Entry and ESET PROTECT Advanced subscriptions
BRATISLAVA — October 10, 2024 — ESET, a global leader in cybersecurity solutions, today announces its release of an update to its ESET Vulnerability and Patch Management module.
For organizations, it is crucial that they minimize their attack surface. With thousands of vulnerabilities being discovered every quarter, the threat landscape is in constant flux. A single vulnerability can bring a business, nay, a whole supply chain to a standstill. To prevent such an eventuality, vulnerability and patch management is an excellent tool, providing great cyber hygiene while helping build a proactive security posture, preventing incidents from taking place.
ESET understands all too well that threat actors continuously target an increasingly broad spectrum of devices, systems, and software. With our new update, ESET V&PM has expanded to support Linux1 (desktops and servers), as well as macOS2, covering broader parts of a business’ ecosystem.
To support such a comprehensive endeavor, the V&PM module is now also presented in a new dashboard, improved for greater visibility and transparency, enhancing its ease of use while giving an instant overview of vulnerability and patching status across a network.
At the same time, due to ESET V&PM’s deep embedding inside the ESET PROTECT Platform, it now also supports on-demand vulnerability scanning, enabling instant insight into the status of specific machines.
While as a default, vulnerability scanning is fully automated to save you time and close the attack gap against threat actors, for Windows and Linux servers, the product gives manual control to its administrators. This is especially useful in helping security admins have more oversight over their scanning and patching processes, so that they don’t interrupt business workflows.
“We believe that top-level security shouldn’t require needless complexity, as it only makes security workflows too time-consuming, which could be better spent on other important tasks. With this new update to our ESET V&PM module, we take all of this into consideration, focusing on what matters – speed, ease of use, compliance3, and proactive prevention. Threats don’t sleep and with the always-on function, neither does our solution, keeping a constant eye on your business’ security,” said Michal Jankech, Vice President, Enterprise & SMB/MSP at ESET.
ESET’s Vulnerability & Patch Management is available in the following solutions: ESET PROTECT Complete, ESET PROTECT Elite, ESET PROTECT MDR, and ESET PROTECT MDR Ultimate. With the latest update, customers can order ESET V&PM as an add-on to ESET PROTECT Entry and ESET PROTECT Advanced subscription as well, upping business security from the smallest player to the largest. As always, the current update will be rolled out automatically without any additional costs.
1 Please check our website for desktop Linux compatibility.
2Additionally, Linux patch management, as well as operating system vulnerability scanning and patching in macOS, is on the roadmap.
3 Regulations such as NIS2 in the European Union require transparent vulnerability disclosure and management for compliance.
For more information about ESET Vulnerability and Patch Management, please visit its product page here.
To understand why patch management should be a necessary component of business security strategy, read our blog here.
About ESET
ESET provides cutting-edge digital security to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of known and emerging cyber threats — securing businesses, critical infrastructure, and individuals. Whether it’s endpoint, cloud, or mobile protection, its AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multi-factor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. An ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network. For more information, visit www.eset.com/vn-en or follow us on LinkedIn and Facebook
Attention! Alert fatigue can result in severeburnout
Source: ESET
Date: 1 Oct 2024
Sometimes there is just so much work to do that we lose focus and begin to miss some crucial details, leading to a degradation in efficiency, performance, and output – resulting in a complete burnout. This is especially true for IT jobs, where burnout rates are high due to an insurmountable amount of tasks.
In cybersecurity, alert fatigue is one major sign of burnout, which can enormously influence the state of a business’s cybersecurity. Knowing about the symptoms and ways to ameliorate any possibility of it happening is paramount for the continuing well-being of your business and employees.
What is alert fatigue?
Alert fatigue is a sign of many things, but mostly, it is a sign of an incoming burnout. Be it because of complex interfaces, faulty security software rife with false positives, or low bandwidth to handle incoming alerts, especially in cybersecurity, it is easy to become overwhelmed.
Solutions like Extended Detection and Response (XDR) can be helpful but can also be very demanding, as they require trained eyes to operate. Likewise, Security Information Event Management (SIEM) is very useful, but it can be hard to discern what is or isn’t important, and the incoming traffic of logs can overwhelm even the most skilled professional.
What this results in is a constant demand for one’s attention, increased levels of stress, and a possible distaste for more in-depth investigation of incidents due to the number of reports, which, coupled with other calls for attention at work, can heavily increase one’s workload. Imagine it as a constant need to be alert and attentive. Repeat this several times and, voilá, burnout is achieved.
Demanding workloads
Curiously, a question can be raised whether it is truly the workload that drives alert fatigue, or if it is the result of cybersecurity tools not being up to the task of lightening the human touch.
A case can be made for the need to lower the burden on business IT generalists (staff), since they often also fill in other roles as (aside from having to protect the company from external threats) they also manage the networks and devices used by the employees, among other tasks.
It is not usually a single person managing all the previously mentioned tasks, but that doesn’t mean that individuals in a team cannot suffer burnout; the demands can be high, their bandwidth low, and working on repetitive chores is one way to waste time and achieve insanity. On the flip side, excessive can also lead to the same result.
Complex software
For IT specialists, a bane of their existence is bad, buggy, or overly complex software that makes work many times harder. This is why the current trend is to simplify user interfaces and graphics, or add a bit of automation to highlight only the most relevant points.
This is easy to see when looking at the evolution of operating systems or widely used apps – during the 2010s, most companies decided to simplify and make interactions with their prospective parts easier than before (a good example is the iOS 7 update or Windows 11 compared to previous releases). ESET did the same with the ESET PROTECT Platform, introducing a simple and easy-to-use dashboard for ESET PROTECT to make the work of IT security operators more manageable.
What’s more, this design philosophy has driven the company to design features such as the ESET AI Advisor or ESET Vulnerability and Patch Management, addressing the elephant in the room – complex security doesn’t need to be a burden as, believe it or not, being frustrated with security is a great way to weaken it.
Managing burdens and reducing complexity
There is always some way to make work easier, and there always are solutions that exist as an answer to some deficiencies or weak points of others. For example, overburdened or small business IT teams can opt to outsource their security to managed security service providers (MSSPs), lowering the chance of fatigue as a result of cybersecurity-related work.
Cannot cope with the number of detections coming from your extensive business infrastructure? Look for a Managed Detection and Response (MDR) solution that can help any business leverage the added skills and knowledge of an experienced cybersecurity vendor, upscaling their quality and state of protection.
Not every business can afford to increase the size of their IT teams, especially during times when there is a lack of professionals, and those that are available can be very expensive to hire. And if the current specialists are already struggling, why lose them because of burnout?
Work smarter, not harder
Apart from outsourcing, there are also some techniques individuals can use to ward off alert fatigue or burnout in general:
- Take breaks: Overworking yourself is a surefire way to experience burnout sooner rather than later, so try to space yourself and take breaks. 15 minutes every two hours is the recommended amount for office workers, with 8 hours of sleep, of course.
- Automate some tasks: Oftentimes, people do not know about specific tools that can make their lives easier by employing automation. For example, ESET PROTECT lets admins automate certain tasks, such as OS and product updates, scanning, computer shutdowns, freeing up the bandwidth of security admins. Likewise, the AI-native power of ESET PROTECT’s modules, including ESET AI Advisor in ESET Inspect, can ensure fewer capacity-induced stressors, increasing productivity and efficiency.
- Look for comprehensive simplicity: Having an easy-to-use interface presenting lots of important data on a single pane of glass is a great way to make IT work more effective, so look for products that, instead of overwhelming you, offer comprehensive protection with simple usage patterns.
- Learn to delegate: A common complaint of senior IT professionals is that delegating work is hard, as they cannot be sure of the quality of their peers’ work, so they opt to do it instead of focusing on more high-level tasks. However, everyone has a limited bandwidth, and not delegating tasks to others can overwhelm even the best senior employee.
- Outsource: Cannot cope with all those IT tasks? Consider outsourcing at least your IT security to an MSSP, offloading the IT teams’ burden at least partially, making it harder to burn out. Alternatively, supercharge your current security with an MDR service that can also aid your compliance-related requirements.
As a side note, burnout does not strictly need to be caused by work; there can be many additional factors, such as anxiety from human interaction, depression, or anything coming from the external environment that can have an impact on the human psyche. In those cases, also consider coaching as it might help cope with some problems that not even a job change might solve.
Hacktivism is evolving – and that could be bad news for organizations everywhere
Source: ESET WeLiveSecurity
Written by: Phil Muncaster
Hacktivism is nothing new, but the increasingly fuzzy lines between traditional hacktivism and state-backed operations make it a more potent threat.
Hacktivism surged back into mainstream consciousness with Russia’s invasion of Ukraine in February 2022. Less than two years later, politically-motivated groups and individuals were out in force again, this time ostensibly to make their point amid the Israel-Hamas conflict. Worryingly, hacktivists have been spotted using increasingly sophisticated and aggressive tactics to bring their agendas to public attention.
Perhaps even more disconcerting is the likelihood that many groups are, in fact, either backed by, or even consist of, nation-state actors. Indeed, the lines between state-sponsored cyber operations and traditional hacktivism have become fuzzy. In a world increasingly characterized by geopolitical instability and an erosion of the old rules-based order, organizations, especially those operating in critical infrastructure, should consider building the hacktivist threat into their risk modelling.
What’s new in hacktivism?
At its most basic, hacktivism is the act of launching cyberattacks for political or social reasons. As an indication of the seriousness with which it is now viewed, the Red Cross last year issued eight rules for “civilian hackers” operating during wartime, all while noting that hacktivists are increasingly causing disruption to non-military targets such as hospitals, pharmacies and banks.
READ ALSO: ESET APT Activity Report Q4 2023–Q1 2024
Predictably, there’s been little sign of hacktivists adhering to the guidelines issued by the Red Cross. Indeed, with attribution still difficult online, the pros of engaging in hacktivist activity still largely outweigh the cons – especially if attacks are secretly backed by nation states.
The old and the new
The current Israel-Hamas conflict has drawn unprecedented numbers of activists onto streets around the world. And, in lockstep, it has led to a surge in online activity. Much of this is similar to the tactics we’ve seen in previous hacktivist campaigns, including:
- DDoS attacks: According to some sources, hacktivist-driven DDoS activity last year peaked in October at “record levels, following the conflict between Israel and Hamas.” This made Israel the country most targeted by hacktivists; with 1,480 DDoS attacks recorded in 2023, including some big-name organizations.
- Web defacement: Over 100 hacktivists launched over 500 web defacement attacks on Israeli websites in the week following the October 7 raids, according to Cambridge University researchers. Similar low-level web defacements continue to this day.
- Stolen data: Some groups claimed to have stolen and published data from Israel and allied organizations. In other words, hacktivists can infiltrate corporate systems to pilfer sensitive information before releasing it publicly to embarrass or harm the target.
However, there are also signs that hacktivism is becoming more targeted and sophisticated:
- One report suggested hacktivist group AnonGhost exploited an API vulnerability in the “Red Alert” app, which provides real-time missile alerts for Israeli citizens. The group “successfully intercepted requests, exposed vulnerable servers and APIs, and employed Python scripts to send spam messages to some users of the app,” it noted. The group even managed to send fake messages to civilians about a nuclear bomb.
- Other reports noted that hacktivist had posted screenshots indicating they had access to Israeli water systems’ SCADA devices. The researchers were unable to verify these claims, but suggested that hacktivists may have been conducting reconnaissance operations targeting the sector.
When nation states get involved
Hacktivists with more advanced technical know-how and/or access to tools and knowledge on the cybercrime underground may have been behind the latter attacks. However, nation state backing can’t be ruled out. Many countries have geopolitical and ideological reasons to attack other countries and their allies under the camouflage of hacktivism.
RELATED READING: State-sponsored or financially motivated: Is there any difference anymore?
In fact, suspected Russia-affiliated groups seem to have a long history of doing so, including under the Anonymous Sudan moniker, which has taken down many targets in the West. The group claimed the attack on The Jerusalem Post and several others targeting industrial control systems (ICS), including the Israeli Global Navigational Satellite Systems, Building Automation and Control Networks and Modbus ICS. Another pro-Russian group, Killnet, claimed to have taken down an Israeli government website and the website of security agency Shin Bet.
While these attacks are notably high profile, there are hints of more insidious state-backed efforts masquerading as hacktivism. Disinformation efforts include the use of AI-generated images purporting to show missile strikes, tanks rolling through ruined neighborhoods, or families combing through rubble for survivors.
The focus here is to generate images that create a strong emotional reaction – such as one of a baby crying amidst bomb wreckage, which went viral late last year. Fake social media and Telegram accounts amplify the disinformation. In one case, X owner Elon Musk apparently promoted a post from a faked account that was viewed 11 million times before deleting it.
Security researchers have observed suspiciously coordinated activity following the Hamas attack – possibly suggesting state involvement. One study claimed at least 30 hacktivist groups immediately pivoted activity to the conflict within 48 hours.
How organizations can manage hacktivist risks
In many ways, whether the hacktivist threat comes from genuine groups, those aligned with state interests or covert nation state operatives themselves, the threat remains the same. Such groups are increasingly targeting private sector organizations with the audacity to speak out on political sensitive issues. In some cases, they may do so simply if there is a perception that the organization is aligned to one side or another. Or as a smokescreen for more shadowy nation state goals.
Whatever the rationale, organizations can follow these basic high-level steps to mitigate the hacktivist risk:
- Ask the right questions: Are we a target? What assets are at risk? What is the extent of our attack surface? Are existing measures enough to mitigate hacktivist risk? This is where a thorough cyber-risk assessment of externally facing infrastructure can help.
- Plug any gaps revealed by such an assessment, including vulnerabilities or misconfigurations – ideally this should be done in a continuous and automated manner.
- Ensure assets are protected from threats at an email, endpoint, network and hybrid cloud layer and continuously monitor for threats with XDR/MDR tools.
- Use threat intelligence to gather, analyze, and act on information about current and emerging threats.
- Apply robust encryption, both at rest and in transit, to protect sensitive data from being read or modified by unauthorized parties.
- Enhance identity and access management with zero trust architecture and multi-factor authentication (MFA) and and keep an eye out for suspicious data access patterns.
- Run continuous employee education and awareness training programs.
- Partner with a trusted third-party for DDoS mitigation.
- Build and test a comprehensive incident response plan.
Hacktivism is nothing new. But the increasingly blurred lines between ideologically/politically motivated groups and government interests makes it a more potent threat. It may be time to rethink your risk management planning.
No room for error: Don’t get stung by these common Booking.com scams
Source: ESET WeLiveSecurity
Written by: Christian Ali Bravo
From sending phishing emails to posting fake listings, here’s how fraudsters hunt for victims while you’re booking your well-earned vacation
Booking.com has become one of the main go-to platforms for travelers looking for holiday accommodation deals, but also for services like car rentals and airline tickets. In fact, it is the most visited travel and tourism website worldwide, having processed more than a billion bookings in 2023, double the number recorded in 2016.
Obviously the site’s popularity hasn’t escaped the attention of cybercriminals, who invariably flock to online services with high traffic and exploit it as lucrative hunting ground for victims.
Booking.com itself has acknowledgement the magnitude of the problem and said that it has seen a staggering “500 to 900% increase” in travel scams in the past 18 months – and that this increase is largely driven by cybercriminals’ misuse of tools such as ChatGPT since November 2022.
With vacation season in full swing, let’s review some of the most common scams exploiting Booking.com and what to look out for when using this platform.
Phishing
Phishing emails, texts and social media messages are a staple in fraudsters’ arsenals. In these scams, they impersonate a reputable platform or organization to trick the victim into believing they are in contact with the site’s official representative.
Obviously Booking.com isn’t immune to these scams, and fraudsters continue to churn out campaigns where they pose as the platform or representatives of the hotel or another service that the targets have booked via the site.
They often come up with a plausible story where they drum up a sense of urgency and seek to dupe the victim into clicking on a malicious link, under the guise of a new payment that should fix a purported error – or else face the prospect of losing their reservation.
Figure 1. Scam attempt (Source: Reddit)
The easy availability of generative AI tools has opened the floodgates to waves of more convincing and effective scams. By generating phishing emails that are grammatically correct, contextually appropriate, and free of typical red flags that might alert the recipient, they can easily trick people and businesses into downloading info-stealing malware on their devices or into divulging sensitive information or transferring money.
Hijacked chats
Some scammers may go a little further than sending out random phishing messages. There have been a number of reports of attackers finding a way to dupe their victims via the platform’s messaging system.
After finding their way into the accounts of the hotels where holiday-makers made their reservations, they have contacted large numbers of people directly via the in-app chat and urged them to make a payment to confirm the booking.
The ruse involved an alleged error with the previous payment, requiring them to pay again and avoid missing out on their holiday. In other variations of this ploy, the fraudsters requested credit card or passenger data to verify or confirm the booking.
While this didn’t occur as a result of a breach of the platform’s backend systems or infrastructure, you’re well advised to look out for any communications that request your personal or payment data.
Non-existent accommodation
Many holiday properties appear to be straight out of a fairy tale. Indeed, some of them are, quite literally, unreal. Over the years, many holiday-makers have fallen victim to fake listing scams where cybercriminals advertise a luxury holiday home that can be rented at an irresistible price and instruct people to pay, even via Booking.com. Upon arriving, you’ll find that the accommodation doesn’t exist or the property is not for rent.
In fact, soon enough, the platform’s own systems kick in – the fake listings are discovered and removed. However, your vacation may be ruined by then, so you’re better off doing your diligence before booking.
Look for reviews and ratings for the place, check if the price is roughly similar to those for “competing” houses or apartments, and reverse-search the image to see what comes up – it is likely a free stock image or it was stolen from other websites. The bottom line is, if something looks too good to be true, it usually is.
Fake job offers
The text or social media message is straightforward enough: “We need someone to evaluate hotel bookings. We pay between $200 and $1,000. All you need to do is rate or like the hotel on (a fake Booking.com link).” This is how the message offering an irresistible side hustle, supposedly from Booking.com, begins. It’s also a variation on popular work-from-home scams.
Figure 2: Bogus job offer (Source: Reddit)
You’re then asked to pay an advance fee to secure their jobs and/or to send their personal information like Social Security numbers or other details, which can be used to commit identity theft. In some cases, the scammers may be after your bitcoin or other crypto.
How to stay safe? Booking.com doesn’t hire people to review hotels, and they don’t hire people via unsolicited text messages. Hiring as such takes place through Booking Careers, and there is no job vacancy on the platform requiring people to review hotels.
12 tips for avoiding Booking.com and other travel scams
These tips will go a long way towards helping you stay safe while using Booking.com.:
- Whenever you’re contacted by someone who represents Booking.com or a hotel where you’ve booked your stay, watch out for the typical signs of a phishing email, such as requests for urgent action.
- Always verify that emails came from their official domain and be wary of slight misspellings or variations. A number of trusted email addresses are also listed on the site itself.
- If you receive any suspicious communication, go directly to the website and log into your account to verify any claims.
- Booking.com never asks for information like your full credit card details, social security number, or passwords via email or chat.
- Avoid clicking on links in unsolicited emails or messages.
- Make payments through the official Booking.com platform. Avoid transferring money directly to the accommodation provider.
- Check reviews and ratings of the accommodation on Booking.com and look for reviews that are authentic and detailed. Inspect and cross-check the accommodation details and images on other travel websites or review platforms.
- Ensure your devices have up-to-date security software to protect against malware and phishing attempts.
- Keep your operating system and other software updated to protect against security vulnerabilities.
- Protect your online accounts with strong and unique passwords or passphrases and two-factor authentication.
- If you encounter any suspicious activity, report the issue to the platform’s customer service.
- If you suspect that your payment information has been compromised, inform your bank or credit card provider immediately.
Bon voyage!
BEFORE YOU GO: Going on vacation soon? Stay one step ahead of travel scams
Virtual kidnapping: How to see through this terrifying scam
Source: ESET WeLiveSecurity
Written by: Phil Muncaster
Phone fraud takes a frightening twist as fraudsters can tap into AI to cause serious emotional and financial damage to the victims
It’s every parent’s worst nightmare. You get a call from an unknown number and on the other end of the line hear your child crying out for help. Then their ‘kidnapper’ comes on the line demanding a ransom or you will never see your son or daughter again. Unfortunately, this is not an imagined scenario from a Hollywood film.
Instead, it’s a terrifying example of the lengths that scammers can now go to in order extort money from their victims, co-opting new technology for nefarious purposes. It also shows the quality of AI voice cloning technology that is now convincing enough to trick even close family members. Fortunately, the more people know about these schemes and what to look out for, the less likely phone-based fraudsters are to make any money.
How virtual kidnapping works
There are several key stages to a typical virtual kidnapping scam. Broadly speaking they are as follows:
- The scammers research potential victims they can call up and try to extort money from. This stage could also be optimized with the use of AI tools (more of this later).
- The scammers identify a ‘kidnapping’ victim – most likely the child of the person they identified in stage 1. They could do this by trawling through their social media or other publicly facing information.
- The group then creates an imagined scenario, being sure to make it as harrowing as possible for the person they’re about to call. The more scared you are, the less likely you’ll be to make rational decisions. Like any good social engineering attempt, the scammers want to rush the victim’s decision making for this reason.
- The fraudsters might then perform some more open source research to calculate when the best time to call would be. They may scour social media or other sources to work this out. The idea is to contact you at a time when your loved one is elsewhere, ideally on holiday, like the daughter of Jennifer DeStefano.
- Now it’s time to create the audio deepfakes and put in the call. Using readily available software, the scammers will create audio with the victim’s ‘voice’ and use it to try and convince you that they have kidnapped a relative. They may use other information gleaned from social media to make the scam sound more convincing, for example by mentioning details about the ‘kidnappee’ that a stranger might not know.
- If you fall for the scam, you will most likely be asked to pay in non-traceable way, like cryptocurrency.
Supercharging virtual kidnapping
There are variations on this theme. Most concerning is the potential for ChatGPT and other AI tools to supercharge virtual kidnapping by making it easier for fraudsters to find the ideal victims. Advertisers and marketers have for years been using “propensity modelling” techniques to get the right messages to the right people at the right time.
Generative AI (GenAI) could help scammers to do the same, by searching for those individuals most likely to pay up if exposed to a virtual kidnapping scam. They could also search for people within a specific geographical area, with public social media profiles and of a specific socio-economic background.
RELATED READING: Your voice is my password
A second option would be to use a SIM swapping attack on the ‘kidnappee’ to hijack their phone number ahead of the scam. This would add an unnerving legitimacy to the kidnapping phone call. Whereas DeStefano was eventually able to ascertain that her daughter was safe and well, and therefore hang up on her extortionists, this would be much harder to do if the victim’s relative is uncontactable.
What the future holds for voice cloning
Unfortunately, voice cloning technology is already worryingly convincing, as also our recent experiment proves. And it is increasingly accessible to scammers. An intelligence report from May warned of legitimate text-to-speech tools which could be abused, and a growing interest on the cybercrime underground in voice cloning-as-a-service (VCaaS). If the latter takes off it could democratize the ability to launch such attacks across the cybercrime economy, especially if used in combination with GenAI tools.
In fact, beside disinformation, deepfake technology is also being used for business email compromise (as tested by our own Jake Moore) and sextortion We are only at the start of a long journey.
How to stay safe
The good news is that a little knowledge can go a long way to diffusing the threat of deepfakes in general and virtual kidnapping in particular. There are things you can do today to minimize the chances of being selected as a victim and of falling for a scam call if one does occur.
Consider these high-level tips:
- Don’t overshare personal information on social media. This is absolutely critical. Avoid posting details such as addresses and phone numbers. If possible, don’t even share photos or video/audio recordings of your family, and certainly not details of loved ones’ holiday plans.
- Keep your social media profiles private in order to minimize the chances of threat actors finding you online.
- Be on the lookout for phishing messages that could be designed to trick you into handing over sensitive personal information, or logins to social media accounts.
- Get children and close family to download geolocation trackers such as Find My iPhone.
- If you receive a call, keep the ‘kidnappers’ talking. At the same time try to call the alleged kidnappee from another line, or get someone close by to.
- Stay calm, don’t share any personal info, and if possible get them to answer a question only the kidnappee would know and request to speak to them.
- Notify the local police as soon as possible.
Virtual kidnapping is just the start. But stay up to date with the latest scams and you stand a good chance of nipping attacks in the bud before they cause serious emotional distress.
Better safe than sorry: 10 tips to build an effective business backup strategy
Source: welivesecurity by ESET
Author: Phil Muncaster
How backup best practices can help drive resilience and improve cyber-hygiene in your company
Could your company survive if its most critical data stores were suddenly encrypted or wiped out by cybercriminals? This is the worst-case scenario many organizations have been plunged into as a result of ransomware. But there are also many other scenarios that could create serious business risk for companies.
To mark Cybersecurity Awareness Month (CSAM), we looked at how both individuals and companies that fail to prepare are preparing to fail. Today, we’ll dive a little deeper into one particular aspect of how companies can help drive resilience and improve cyber-hygiene.
Having a backed-up copy of that data ready to restore is a safety net that many fail to consider until it’s too late. And even those with backups may manage them in a way that continues to expose the organization to risk. Indeed, backups can be a target too.
Why do you need backups?
Ransomware has perhaps done more for awareness about data backups than any other cyberthreat. The prospect of malware designed to encrypt all corporate data – including connected backups – has driven companies to invest in mitigations en masse. And it appears to be working. According to one estimate, the share of victims who pay their extorters dropped from 85% in Q1 2019 to just 35% in Q4 2022. Given that ransomware remains disproportionally a problem for SMBs, the threat from external hackers remains a major driver for backups.
READ: ESET SMB Digital Security Sentiment Report: The damaging effects of a breach
However, it’s not the only one. Consider the following risks, which backups can help to mitigate:
- Destructive data extortion attacks, partly driven by the cybercrime-as-a-service ecosystem, in which data is exfiltrated and encrypted drives before a ransom is demanded. ESET’s Threat Report for September to December 2022 found the use of increasingly destructive tactics, such as deploying wipers that mimic ransomware and encrypt the victim’s data with no intention of providing the decryption key.
- Accidental data deletion by employees is still a challenge, especially when sensitive data is saved to personal devices which don’t back it up. These devices could also be lost or stolen.
- Physical threats: floods, fires and other natural disasters can knock out offices and data centers, making it doubly important to store a separate copy of sensitive data in another geographical location.
- Compliance and auditing requirements are becoming ever more onerous. Failure to produce the information required of your business could lead to fines and other punitive action.
It’s difficult to put a price on it, but failing to backup in line with best practices could be a costly mistake. The average ransomware payment in Q4 2022 was over $400,000. But there are many other direct and indirect costs to consider, both financial and reputational.
How do I get there?
Best-practice backup strategy doesn’t need to be a black box. Consider the following 10 ways to achieve success:
- Develop a strategy
It sounds obvious, but it pays to plan carefully to ensure any backup strategy meets the requirements of the organization. Consider this as part of your disaster recovery/business continuity planning. You’ll need to consider things like the risk and impact of data loss events, and objectives for data restoration. - Identify the data you need to backup
Data discovery and classification are a vital first step in the process. You can’t backup what you can’t see. Not all data may be deemed business critical enough to warrant backing up. It should be classified according to the potential impact on the business if made unavailable, which in turn will be informed by your corporate risk appetite. - Follow the 3-2-1 rule
This posits that you make three copies of the data, on two different media, with one copy stored offsite and offline. The last bit is particularly important, as ransomware often hunts out backed-up data and encrypts that too, if it is on the same network. - Encrypt and protect your backups
Given that threat actors also seek out backed-up copies of data for extortion, it pays to keep them encrypted, so they can’t monetize the data stored within. This will add an extra layer of defence beyond the 3-2-1 mechanism (at least 3 copies, 2 different storage types, 1 copy offsite) if you use it. - Don’t forget cloud (SaaS) data
A great deal of corporate data now resides in software-as-a-service (SaaS) applications. That can provide a false sense of security that it is safe and sound. In reality, it pays to add an extra layer of protection by backing this up too. - Test your backups regularly
It’s pointless having a backed-up copy of your company data if it won’t restore properly when called upon. This is why you should test them regularly to ensure the data is being backed up correctly and can be retrieved as intended. - Run backups at regular intervals
Equally, a backup is of limited use if it restores to a point in time too long ago. Exactly how regularly you should run backups will depend on the time of business you have. A busy online store will require almost continuous backing up, but a small legal practice can get away with something less frequent. Either way, consistency is key. - Choose your technology partner carefully
No two businesses are the same. But there are certain features which are useful to look out for. Compatibility with existing systems, ease of use, flexible scheduling and predictable costs all rank highly. Depending on the size and growth trajectory of your business, scalability may also be important. - Don’t forget the endpoint
Backing up network drives and cloud stores is one thing. But don’t forget the wealth of data that may reside on user devices like laptops and smartphones. All should be included in a corporate backup policy/strategy. - Look beyond backups
Don’t forget, backups are only one piece of the puzzle. You should be complementing them with security tools at the endpoint, network and server/cloud layer, extended detection and response tooling, and more. Also follow other cyber-hygiene best practices like continuous patching, password management and incident response.
Data is your most important asset. Don’t wait until it’s too late to formulate a corporate backup strategy.
FURTHER READING: Small and medium-sized businesses: Big targets for ransomware attacks