XP Migration - Anatomy of a Breach

It seems like everywhere you look these days, cybersecurity is in the news, from Target and Heartbleed to the recent one-two punch of Internet Explorer updates and the large-scale arrests connected to the Blackshades Trojan. These stories are often heavy on the fear-mongering and doomsday scenarios, but light on useful information, besides the ubiquitous advice to change your passwords.

 

Instead of helping you understand the threats and how they may impact you, the overwhelming volume of vague headlines can instead have a paralyzing effect that makes it difficult for you to take real steps to secure your business. It is far more useful to know what such threats look like on the ground, how they gain entry to your systems, and what they can do to you and your customer data once they’re in. Once you understand the anatomy of a breach, it is easier to take the proper precautions to defend against one.

 

Security Breaches, Defined

 

What is a security breach, exactly? Essentially, it is the computer equivalent of a break-in.  Put simply, it’s an unwelcome incursion by hackers or malware into a computer or network of computers. And just as a break-in at your office can lead to theft, property damage, and a sense of violation, so can security breaches.

 

HP_Migration_blog header image - Anatomy - FINAL 6.5.14.jpg

How Breaches Occur

 

Breaches typically occur at weak points in your network and computer’s defenses. Just as a burglar is more likely to break in through a window or unlocked door, hackers and malicious software tend to go for the easiest points of entry such as unsecured networks, peripherals and web browsers. 

 

One recent vulnerability tricks users into visiting a compromised website. This website may not appear to be threatening to you or your employees at all, but as soon as the browser lands on that site, the exploits in the code insert malware into the computer’s hard drive. Even if a user immediately leaves the site without clicking on anything, it’s too late. A breach has occurred and malware has made its way into the system.

 

On computers running more current operating systems like Windows 7 or 8.1, exploits and vulnerabilities are frequently patched, even updated automatically if you have opted in,  ensuring that you don’t have to count on an employee to remember to update. If you put off security updates, though, or continue to use no-longer-supported software, you’re leaving your system wide open to these types of attacks. 

 

In addition to browser exploits, hackers can utilize other weak points to gain entry into systems, Wi-Fi routers, networked printers, and an entire array of peripherals. These are frequently identified and patched as well, but you and your IT managers must remain vigilant to stay on top of patches and updates.

 

Sometimes these vulnerabilities are dependent on a user being lax with security or online activity, but sometimes they can be exploited independent of any user action.

 

What Happens When Your System is Breached?

 

The most common result of a breach is the insertion of some form of malware into the PC. Malware is a catchall term for malicious software, and it can take on forms too numerous to adequately cover in any one blog post. The type of malware inserted very much depends on the attacker’s intentions, however.

 

Broadly speaking, attackers have four main motivations: ideology, espionage, ransom and theft.

 

  • Ideology-driven attacks are generally targeted at specific companies or public sector institutions, and intended to make a statement, be it protest, exposing corrupt practices, or simply bragging rights within the hacker community. 
  • Espionage-driven attacks are generally rare until you get into state-sponsored or state-run cyberattacks and aimed at gaining access to sensitive or classified information.
  • Ransom-driven attacks insert a certain species of malware called ransomware onto a machine. This ransomware can encrypt data and hold it “hostage” until the victim pays for an unlock code. 
  • Theft-driven attacks are the most common and aimed at, well, theft, be it information theft, identity theft, or financial theft. Malware such as Trojan.zbot – aka “Zeus” – and the Blackshades Remote Access Tool (RAT) give cybercriminals extensive access to an infected computer and its online activity. Zeus, for example, uses keystroke logging and form grabbing to steal login credentials and financial information. Blackshades works a bit differently and gives hackers easy access to infected computers, allowing them to view files, take screenshots, log keystrokes and even turn on a computer’s webcam. In fact, in a different kind of theft, last year a U.S. college student used Blackshades to take nude pictures of Miss Teen USA through her computer’s webcam.

 

Common Sense Steps

 

How can you protect your business and your data from these types of incursions? While it’s impossible to be 100 percent secure, by following common-sense security best practices and putting security rules in place in your organization, you can protect yourself from all but the most determined threats.

 

  • Stay current with system and security updates – Keeping your software up-to-date with the latest security patches is a good place to start and will help protect you from many of the most common threats. Consider setting automatic or remotely manage updates on all of your machines to ensure that all of your employees and systems remain current. If you’re using software that is no longer supported, such as Windows XP, upgrade the most vulnerable systems in your organization immediately. This could mean prioritizing updating systems that contain sensitive business or customer data first; but make an effort to move to a more current operating system as soon as your organization is able. To use the break-in analogy, unsupported, un-patched software is the equivalent of leaving your doors and windows wide open to intruders.
  • Secure vulnerable entry points – Know the potential entry points to your system – such as web browsers, email clients, wireless routers and networked peripherals – and make sure they are secured. If you don’t have a firewall (most routers these days do), get one. Just like you use common sense to secure your physical building with locks and alarms, use the same common sense rules to secure your network.
  • Be vigilant with your online activity – Don’t open suspicious emails, attachments or URLs, even from partners or customers. This holds true across all of your online activity, from email to social networks to searches. If you aren’t sure if an email or URL is legitimate, reach out to your customer or partner – they might not know if their own systems have been breached.
  • Encrypt your sensitive information – Use strong passwords to protect your online accounts better, and consider going a step further and password-protecting sensitive files on your computer’s hard drive and/or local server. It may seem somewhat over-the-top, until a hacker using Blackshades or a similar piece of malware gains access to your system.

 

Learn more about security issues in your organization: http://www8.hp.com/us/en/ads/xp-migration/buzz.html

 

Find HP solutions to support your Windows XP migration: http://www8.hp.com/us/en/ads/xp-migration/landing.html

Search 367 Addison Avenue
About the Author
Labels