The new work-from-home culture has made life easy for hackers thanks to common mistakes being made by everyone from big corporations to individuals, according to IT security experts at GISEC 2021, the Middle East and Africa’s most influential and connected cybersecurity event, which runs at Dubai World Trade Centre, DWTC, June 2.
Paula Januszkiewicz, CEO of CQURE, the cybersecurity firm that works in partnership with Microsoft, delivered a keynote address on day two titled ‘Hacker’s Paradise – Top 10 Biggest Threats When Working from Home’, in which she discussed how the shift to remote working has played into the hands of hackers.
The IT security expert highlighted the disabling of firewalls and reuse of passwords, or installation of over-simple passwords, as the biggest mistakes made when working from home, with systems becoming easy targets for cybercriminals.
Januszkiewicz pinpointed how a lack of server message block signing, trusting solutions without having the knowledge to break them, misusing service or privileged accounts and falling for “hipster tools”, means hackers can make quick money in the remote working era.
“Firewalls are often misconfigured, there’s no need-to-know process or protection,” she said. “Passwords are almost always re-used, or easy to guess; they invariably include the company name and a number,” she added, while giving a live demonstration of how easy hackers can pose as a colleague to access a system and company network.
“Phishing is the main means of transportation of malware, ransomware. It is fast and it is easy. The average income of someone who runs a malware or ransomware scheme is about USD 90,000. It’s good money.”
While education and awareness is key, Januszkiewicz added hackers have become a “little lazy” in the pursuit of quick money and with the right approach it is possible to limit their impact.
Forget ‘morality and emotion’ when dealing with hackers
Matthias Schranner, a former FBI hostage negotiator and now CEO of the Schranner Negotiation Institute, set out five key steps for organisations to negotiate with cybercriminals at the GISEC Main Stage.
“I’ve been in a lot of difficult hostage negotiations; I’ve also worked undercover for six years dealing with various criminal organisations and been part of some high-value illegal transactions. One of the main things you come across with hostage takers is high demand, no cooperation. ‘If I don’t get my getaway car, I will kill the hostage’, ‘if I don’t get the money, I will not restore your system’.
“Do not waste time trying to solve the problem yourself. Companies underestimate danger and believe that their IT teams will be able to solve the problem. Every hour that passes while they try to figure out a solution will cost the business money.”
Companies should consider setting up a negotiating team and establishing proof of life, according to Schranner. “The team should comprise an internal commander and an external expert, who is not emotionally invested in the company. If the chief negotiator is emotionally involved, he or she will make mistakes; any thoughts about injustice and morality need to be set aside.
“Ransom is mostly paid in cryptocurrency such as bitcoin,” he added. “If a business wants to pay, first it needs to be able to pay, but it is not possible to buy huge amounts of bitcoin instantly, it can take two or three days. We recommend companies have a contingency fund for this. The negotiator will agree the payment details.”