Data Protection Day – comment from IEEE expert
January 2022 by IEEE
In recent years, sophisticated cybersecurity attacks such as data breaches have significantly impacted hospitals, government institutions, and businesses. Bad actors often use manual hacking techniques and open-source tools to move laterally through private networks and gain administrative access to as many systems as possible before initiating the file encryption.
Ahead of Data Protection Day this week (28th January), Kevin Curran, senior IEEE member and professor of cybersecurity at Ulster University, shares the most prevalent risks at the moment, and how to best prevent these:
“Currently, ransomware is one of the leading threats and is growing more sophisticated by the day. Once a network has been compromised, ransomware penetrates the connected internal network using exploits and automatic USB infection to encrypt files in addition to sending them outwards. Techniques to avoid detection include frequently checking AV results, as well as changing versions on all infected servers when any trace of detection appears. In addition, it’s essential to monitor memory consumption to prevent common server administration utilities from detecting the ransomware processes.
“Phishing is usually how ransomware attacks begin. Many cyber-criminals are targeting large numbers of employees with pandemic-related claims and taking advantage of people’s nervousness in the current climate. These attacks use tailored techniques, dynamic websites, and regularly update the methods used to remain new and undetected to those mostly untrained and working from home. The result is a series of attacks that have an alarmingly high success rate, yet a relatively low detection rate.
“Developing techniques to stop ransomware is difficult – organisations need to implement multi-factor authentication, and ensure no resources are enumerable in the public Application Programming Interface. Developers need to complete client-side input validation and know how to configure cloud services and use HTTP Strict Transport Security or Intrusion Detection Systems to restrict ports and ensure minimal access privileges. Another option to prevent data leaks is to use a form of Fully Homomorphic Encryption which supports computations over data in encrypted form, including Searchable Encryption (SSE). It is quite common for attackers to target data in use, rather than when it is encrypted during storage and transit. That’s where modern techniques such as Fully Homomorphic Encryption or Searchable encryption could be considered.”