Well, here are approaching into the second week of our shutdown here in the state of Illinois. It honestly feels like a ghost town out there, there is hardly anybody in the streets anymore or even walking. Hopefully this Coronavirus insanity will come to end soon.
But anyways, in terms of the Cybersecurity front, this pandemic has really created a huge mess for everybody. People are scared to answer phone calls in fear that they may become a victim of a Social Engineering attack or click on a malicious link that will take them somewhere where they should not be.
And of course, businesses and corporations are scrambling to get their workers to be able to work remotely, in a safe and secure fashion. Many of them did not plan for this, and it is fruitless at this point blame anybody. Hopefully at this point in time, these entities will now start to realize the importance of having a Disaster Recovery and Business Continuity plans in place.
But even more important is that they should be rehearsed.
So, summing all of what has been happening with the Coronavirus and Cybersecurity, it all boils down to three things:
*The spoofing of anything (this includes E-mail, fake websites, etc.);
*What should be included in a Business Continuity Plan;
*How to make your workers as well as corporate assets as your employees work from home for an indefinite time period.
We will tackle each of these in the next few blog postings. So, start off with, what kinds of spoofing threat variants are out there that the Cyberattacker is using during this Coronavirus crisis? Here are the top 8 that you and your employees need to be aware of. Here we go:
This is an acronym that stands for the “Address Resolution Protocol”. In this scenario, the Cyberattacker totally floods the network lines of communications with fake ARP addresses. The intent here is to interfere with the normal flow of data packets as they happen on a daily basis. The ultimate goal in this kind of spoofing attack is to direct the legitimate flow of the data packets to the Cyberattacker’s own network before they reach their legitimate destinations. But, keep in mind that they can also make these data packets into malicious ones, and still send them on to their destinations. Or worst yet, they can also be used to form the crux for a DDoS style attack.
This is also an acronym that stands for “Media Access Control”. In this instance, all of the network media that your computer uses should have its own unique ID number, much in the way that it should have its own, unique IP address. To launch this kind of attack, the Cyberattacker can prey upon the weaknesses in these network hardware devices in order to gain your legitimate MAC address. This is then used to masquerade their device as a legitimate one. From here, they can then literally bypass all sorts of authentication mechanisms in order to gain access to the shared resources on your corporate servers.
To launch this kind of attack, the Cyberattacker falsifies the source address of the legitimate data packets. This way, the true identity of the Cyberattacker is never revealed. This is a way to effectively impersonate the computer that your remote worker is using. Also, this can set the stage for the launch of a massive DDoS style type of attack.
*DNS Cache Poisoning:
This is an acronym that stands for the “Domain Name Servers”. To put it quite simply, these types of severs to make the Internet work the way it does today, especially when it comes to accessing websites through your browsers. Without them, it would be impossible to do this. In other words, the domain name that you type into your URL box in your browser gets broken down into its corresponding IP address and then gets directed to the actual Web Server where the website is hosted at. The Cyberattacker is quite well aware of the importance of this, and thus, they often try to manipulate this conversion process so that you get sent to a spoofed site that looks like the real thing.
*Caller ID Spoofing:
This is probably one of the oldest forms of what are known as Social Engineering attacks. But given the fact that everybody’s attention for the couple of years has been devoted to mitigating the risks that are associated with digital style attacks, the Cyberattacker is now turning their attention to preying upon actual hardware devices, in particular your Smartphone. But this has gotten even more sophisticated. For example, the Cyberattacker can even hijack the contact book in your Android or iOS-based device and fake a call so it appears that it is coming from somebody you know and trust. My rule of thumb here: Don’t even bother answering your phone anymore. If it looks like you are getting a call from a known contact, call them back to see if they actually initiated the communication process.
*Text Message Spoofing:
This works in the very same manner as the above scenario, but rather than getting a call, you get a text message. But these kinds of spoofing attacks have actually become much more sophisticated in nature in the sense that the Cyberattacker now makes use of an alphanumeric string, such as the name of a legitimate company, composed with the text of an enticing offer or sale. This kind of Cyberattack is very commonly used to prey upon job seekers, where it appears that they are getting a legitimate text message from a recruiter. The solution to this is the same as above: Just delete it.
For any business, some of the most commonly software tools that are used include PowerPoint, Excel, and Word. The domains for these are .PPT, .XLS, and .DOC, respectively. With this kind of attack, the Cyberattacker adds an extra to it, like this: blandocument.doc.exe. A trained eye can pretty much pick up on this at first glance, but to one of your employees that are working remotely, this probably won’t the be case, and there is a good chance that he or she will actually click on that file name. The .exe will consist of a malicious file, such as that of Malware or even a Trojan Horse.
In this kind of scenario, the Cyberattacker purposely manipulates the GPS of any mode of transportation, in order to send it to the wrong destination, or veer it off course in other ways. But this can have deadly consequences, especially if it is used to manipulate a passenger plan or a cargo ship. As far as I know, there have not been that many reported cases of this, but don’t expect this trend to continue for very long. Given the fact of just how everything is interconnected these, especially with the advent of the Internet of Things (IoT), these kinds of Cyberattacks are just waiting to happen.
My Thoughts On This
Well, there you have it, the top 8 spoofing attacks that have started to transpire because of this pandemic. Don’t forget that there is also Email spoofing and Website spoofing. No need to get into too much detail on these, as their names tell it all. Also, I have written extensively about both in previous blogs of mine.
In these times, the news media is inundating the American public with all kinds of headlines, and it can hard to tell what is real and what is not. If you want objective, real and honest advice, please visit the Cybersecurity forum that I have created on LinkedIn. Here is the link (and yes, its legitimate):
Feel free to pose any questions, comments, concerns, etc. that you may have, and I will answer them for you. If you are unable to pose something, it could be that we are not the 1st degree connections on LinkedIn. Send me an invitation to connect, I will more than likely accept it, and from there, I will then send you an invite to join into this forum.