Cyber Security Awareness Month: Top 10 Most Malicious Cyber Security Threats of 2021

 
October 27, 2021

To close #CyberSecurityAwarenessMonth, we wanted to review the top 10 cyber security threats of 2021 and how to mitigate them.

Cyber security is a fast-moving sector as both hackers and security providers battle to outsmart each other. New threats and innovative ways to combat them emerge all the time. Keeping up with all of the changes can be a daunting task for credit union cyber security professionals. In the Celero Insights blog below, we explore the latest trends in cyber security for 2021.

Ransomware

Ransomware is a form of malicious software that infiltrates a computer or network and limits or restricts access to critical data by encrypting files until a ransom is paid to the hacker.

What is concerning is that ransomware attacks are increasing in number, sophistication and complexity, and organizations can’t just depend on backups any more to protect against ransomware. In many cases, the goal of the attack isn’t just to encrypt the data, it is to steal data for use in future criminal activities.

Ransomware often targets backup data and administrator functions, which are arguably your last line of defense. Learn more about ransomware in our Celero Spotlight podcast with Celero's Chief Information Security Officer, Matt Laba.

Data Loss

With most attacks targeting data, protecting your data is essential to keeping your credit union secure.

All organizations must create a data governance program to protect corporate data, especially very confidential and sensitive data. The main goal of data governance program is to prevent data breaches by hackers and ensures that minimal data leakage occurs outside of the corporate environment.

A solid data governance program includes data classification, data management, data discovery, tagging protection and clean up as well as data loss prevention. Learn more about data governance best practices in our Celero Spotlight podcast with Celero's Chief Information Security Officer, Matt Laba.

Social Engineering – Phishing Attacks

According to KnowBe4, social engineering is the art of manipulating, influencing or deceiving people in order to gain control over your computer systems.

The hacker might use the phone, email, snail mail or direct contact to gain illegal access. Phishing, spear phishing, and CEO fraud are all examples of social engineering. The amount of social engineering and phishing attacks increase every year and they have increased exponentially during the pandemic.

As one of the main ways that hackers get into environments, these types of attacks are very relevant as they trick the users with fake emails where they click attachments and download malware or click on a link to a familiar site and enter credentials that get stolen. Phishing campaigns and training awareness are the best ways to tackle social engineering and phishing attacks. Learn 5 ways cyber criminals bait organizations through phishing here.

Malware

Malware is a catch-all term for any type of malicious software designed to harm or exploit any programmable device, service or network, according to McAfee.

Cybercriminals typically use it to extract data that they can leverage over victims for financial gain. That data can range from financial data to personal emails and passwords — the possibilities of what sort of information can be compromised is endless.

Credit unions should be constantly scanning for malware across the environment so that it can be removed immediately. Learn how Celero’s Preventative Care solution can help protect your credit union with malware here.

Weak Passwords

With all the recent cybersecurity incidents that have taken place because of lost or stolen credentials, this is the perfect time to remind ourselves why passwords and password security is still a relevant issue for information security.

Celero is working with our partner, Specops to look for common passwords that are breached industry wide to create a breached password list. We are then going to work with our credit union clients on the passwords that are on our Active Domain to ensure that users are not using the passwords on that list.

Reviewing your password policies is also important, as standards change and hackers are becoming better at brute force attacks. Learn 10 surprising facts about password usage here.

Supply Chain Attacks

A supply chain attack, also called a value-chain or third-party attack, occurs when someone infiltrates your system through an outside partner or provider with access to your systems and data.

This has dramatically changed the attack landscape in the past few years, with more service providers touching sensitive data than ever before. Celero has seen that hackers are attacking supply chains: whether it is a firewall company or a company with VPN tools. Hackers are going after weaknesses in those businesses as they gain access to more environments that way. Most recently, we saw this happen with FireEye in 2020.

Zero-Day Exploits

According to Norton, a zero-day exploit is when hackers take advantage of a software security flaw to perform a cyberattack. That security flaw is only known to hackers, meaning software developers have no clue of its existence and have no patch to fix it.

Tied to supply chain attacks, zero-day exploits are a new vulnerability as opposed to a known vulnerability. They that are not patched and therefore can be attacked. These need to be addressed within 1-2 days and patched as soon as possible to avoid any exploitation in your systems.

Outdated Software Vulnerabilities

Technology is fast-paced, ever-evolving and fueled by innovation. As a result, software has a short life cycle — one sustained by ongoing updates and upgrades.

When software no longer has updates to sustain it, it becomes outdated. This outdated software is unmaintained and cannot integrate with new applications or run smoothly on devices. Outdated software doesn’t have patches so if you do not have a strong patching program and you do not scan your systems, there is potential for vulnerabilities in your environment that can be attacked. Constant monitoring of vulnerabilities and patching is critical to keep your credit union secure.

Distributed Denial Of Service Attacks

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of internet traffic, according to Cloudflare.

DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked devices. There are constant DDoS attacks on environments and you need sophisticated tools to detect and prevent them from happening.

Attacks on Remote Work Tools

If not properly secured, companies might face remote access attacks, putting them into a severe security disadvantage by allowing attackers the opportunity to remotely gain access to their system.

During the pandemic, hackers have been looking for different ways to infiltrate online meetings like Teams, Zoom and Webex to gain control or get vital information from systems. Celero’s Remote Desktop Services (RDS) provides the ability to host remote applications on dedicated virtual servers in Celero’s cloud environment. RDS will enable your mobile workforce to use applications like DNA securely and efficiently. Additionally, learn how Microsoft Office 365 can make working virtually easier and more secure here.

To learn more about how Celero can assist you with all your security needs and questions, talk to your Celero Account Executive or contact us. You can also follow Celero on LinkedIn, Twitter and Facebook and monitor the hashtag #CSAM2021 this month to discover resources to help keep your credit union secure.

Related posts: 

Cyber Security Awareness Month: Building an Effective and Comprehensive Security Awareness Program

Cybersecurity Awareness Month: 10 Ways to Keep Your Devices Secure

Cyber Security Awareness Month: Everything you need to know About Ransomware

Cyber Security Awareness Month: Data Governance Best Practices to keep your Credit Union Protected

Cyber Security Awareness Month: Everything you Need to Know About Assessing Risk

How to turn your employees into a "human firewall" for your credit union

Q&A with Celero’s Chief Information Security Officer, Matt Laba

Five cyber threats facing credit unions and how to stop them

 

Subscribe to Celero Insights.

Cyber Security Awareness Month: Top 10 Most Malicious Cyber Security Threats of 2021