Cyber Security, the buzz word, has become dominant in recent times, the proliferation of hackers grabbing large amounts of data, compromising networks, the take over by cyber criminals, of large networks, cyber government spy teams, ransomware, and sextorsion, are just a few of the many situations a company or even government institutions, such as what recently happened with the government of Baltimore, can suffer and lead to expensive consequences.

How we can define a cyber attack?

The question is complex, because there’s not just a single definition, as cyber attacks can take many shapes and forms, and they all work differently the only common factor, is they are designed to penetrate, and infiltrate your network, and gain access to your precious data.

Common patterns in a cyber attack or hacker penetration

There are common denominators, and behaviors, for instance, usually the hacker, or hacker group, tries to get access to the weakest point in the network. Usually all networks are not protected equal, as they depend on human operators, and users, not all of them are tech savvy, or they are plain lazy, so they create very weak passwords, that make penetration pretty easy, even by new hackers, as there are tools in the Dark Web, that allow even the most novice, to gain access to complex networks, and leaks of famous toolsets like the infamous leak of the NSA tool, that caused the creation of the famous Wanna Cry, and all its incarnations.

These weak points, are usually in places where there are new employees, in lower ranks, that didn’t have a proper training, and usually get scared when they see something that comes from an unknown CEO of an unknown company, as they are new, and they want to be in a good relationship with their bosses, they don’t know what to do so they rush into clicking fearing they will face consequences if they don’t deliver the message in time, then suspicious links, that lead them to websites designed with the only purpose of getting access credentials, or inject malicious code, malware, rootkits, that will allow the hacker to easily gain access to the network privileges, and therefore, upgrade themselves as admins, gaining access to protected information, and databases, lures them into the trap. That’s called phishing, and it’s the most common type of attack using social engineering.

The other way they gain access is by luring these same users, into believing they are someone from another department, that needs access to some information, to correct some problems, or to monitor some suspicious activity in the network, that was how the Wanna Cry took control and turned down, the huge Maersk network, by entering a Shop’s computer, with outdated Operating Systems, and not patched, that shop was just selling memorabilia, on a huge Maersk complex.

Once hackers gain access to the network, is like a corn field, and they have a huge harvesting machine, it can literally decimate the network, usually gaining complete control and encrypting all files, and applications it encounters, therefore making access by the tech teams most complicated, as they have a private key, they only know and only release it in exchange of a ransom. Usually in the form of BTC(Bitcoins), cryptocurrency, and most companies end up paying, because it’s so complicated to decrypt terabytes of data, and it will depend on their own IT teams internal policies, if they have backups in places in remote places, completely isolated, from the large network, and are heavily maintained. That’s not always the case because of the cost of having such facilities, and the limited budget these departments have.

This is just the tip of the iceberg as cyber attacks grow in size and sophistication, and tools get more aggressive, therefore making the fix even more expensive, and the losses more profound, the array of tools and the creativity they have is exponential, therefore making the job of the network administrators even more complex, that’s how new forms of hacking have been born, such as the recent sextortion, that sends an email to a high ticket individual or a company asking for some BTC(Bitcoins), in exchange of deleting some random video they made while the user was accessing a porn site, and they gain access to their cameras, the threat is if they don’t comply they will send the recording to their contact list, creating an embarrassment, even though this is just a mind game, many victims pay.

So how can cyber attacks be prevented?

There are many ways to prevent cyber attacks, by creating more deep training programs for interns and new employees, making them aware of the company policies, and what is allowed and disallowed, what type of emails are legitimate, and what are the methods to prevent clicking on links, unless there is an 100% legitimate one.

Hardening password policies, preventing weak passwords and enforcing controls, so no leaks, and changing corporate passwords quickly, preventing access to apps within critical network components, using a separate non related network, or banning all social media apps, that aren’t related to specific IPs and range of IPs.

Through better hardware, like old computers, network components need to be replaced, new ones need to be in place of older ones that might have leaks, or known exploits, firmware needs to be updated, on a regular basis.

Our Solution to prevent Cyber Attacks and check existing vulnerabilities

Our parent company Outlet Season was named Silver Partner for the US for the year 2019 of the complete line of SecPoint cyber security products.

These products are designed to be the first line of defense against cyber attacks, and also to check vulnerabilities on your network that might leave you exposed.

There are several products, the range includes, hardware solutions, software only solutions, cloud based solutions, and software and hardware solutions, all of them award winners.

Hardware Solutions

Penetrator – 1U Rack Mount

The Penetrator is a powerful hardware solution to scan your network for vulnerabilities and expose weaknesses and flaws. It’s capable of simulating a number of powerful cyberattacks, that will provide a flow of information, that can help your IT Department to work on the network, to harden it. It comes in 2 form factors, full rack 1U or Small Form Factor.

Protector – 1 U Rack mount by SecPoint

The Protector is your first line of defense, a Powerful firewall combined, with sophisticated software and hardware, prevents all common types of network penetration, and block malware, ransomware, and any services you select.

Software Solutions

There are also software versions, of the hardware devices, with a number of different applications.

Leave a Reply