The ransomware attack on City Power demonstrates just how vulnerable critical infrastructure and corporate networks are to cybercrime. And it was a stark reminder that local businesses are under siege. Sparking the rise of the local hacker.
In South Africa, there are more than 13,800 attempted cyberattacks every day; malware attacks increased by 22% in the first quarter of 2019, compared to the same period in 2018; and more than 35% of local IT decision-makers are on high alert for a cyberattack on their businesses – within days.
“Traditionally, businesses were targeted by hackers from countries like Russia, China, and Nigeria. Now we’re seeing an increase in attacks originating from within South Africa,” says Colin Thornton, MD of Turrito Networks. “We’re also seeing an increase in the number of attacks launched from within the Local Area Network, often by employees and amateur hackers. Of which one could be a local hacker.”
The security landscape is evolving yet again, and businesses need to pay as much attention to their internal security as they do to their peripheral security, he says.
Covered in this article:
New dog, new tricks
Local hackers are using simple, common methods to penetrate corporate networks, says Thornton. And they rely on human negligence – intentional or not – to get in.
“We’re seeing an increase in wi-jacking, where hackers gain access to networks, laptops, desktops, and servers through the business’s WiFi network – and it’s very easy to do.”
Anyone who has jumped onto a neighbour’s network without permission has successfully hijacked a WiFi connection. Where before people may have done this to download movies or browse Facebook we’re now seeing cases where amateur hackers are accessing networks to extort money or steal information, says Thornton. They’re also using the data to create much more advanced and customised phishing campaigns.
“All they need is the password, which can be bought off a rogue employee, and they’re in. And once they’re in, assuming the network isn’t highly protected, they can do a lot of damage.
The devil you know
Businesses should also be careful about who they allow into their systems, says Thornton.
“We’re also seeing cases of malware being deliberately installed by unscrupulous service providers in the IT market. They’re called in to fix something but might also install spyware to monitor bank account logins, emails, and customer information. Imagine how much data they can collect if the spyware is not detected.”
With access to even one laptop that has the right permissions, hackers can install malware, steal data – or launch a ransomware attack that cripples a city power utility.
What if the local hacker is in my network?
Thornton says businesses need to pay more attention to configuring their internal networks.
“Traditional IT security products like firewalls and anti-virus are still critical but not enough businesses are going further. The answers to the following questions would probably worry the average business owner.”
What if someone gets hold of the WiFi password?
What if an employee deliberately sets out to steal confidential information?
What if an employee has malware installed on their laptop and introduces it to the business network?
Can anyone with the right username and password access the network, regardless of the device they’re connecting from?
Could someone plug a potentially dangerous USB stick, picked up in the parking lot for instance, into their work laptop?
Many businesses are not prepared for any of these scenarios, says Thornton.
Visibility is crucial when it comes to the local hacker
“They need to turn their focus inward. It’s possible to lock down a network for instance so that a user connecting from an unknown device, even with the right credentials, would be blocked.”
This involves:
- setting up access permissions for users and devices, and updating them regularly;
- configuring alerts to flag suspicious behaviour on the network;
- setting rules to encrypt business-critical documents the moment they leave the network;
- conducting regular security scans; and
- regular reporting on the internal and external security environment.
“Just concentrating on the peripheral security layer is no longer good enough. No amount of peripheral security can guard against attacks from the inside,” he says. “Securing internal systems also has ramifications for POPIA compliance: it’s a massive step in the right direction for data protection.”
Thornton says it’s a matter of time before the security landscape evolves again.
“When we step up security in one area, hackers will find vulnerabilities in another. Without the tools, skills, and knowledge to secure their internal systems, businesses are fighting a losing battle.”
This article originally appeared on ITWeb