Patch, Protect, Play it Smart: Stop Hackers Right at the Start

Attention, professionals! ????

I think this subject is not being talked about as deserved, so please allow me to do my part to raise awareness.

FalconFeeds.io, a threat intelligence platform, announced that it had detected and started monitoring a cybercriminal group specialised in sending ransomware. It adopts the Tunisian flag in grey and the Carthaginian symbol of “Tanit”, but it is unclear whether the group is Tunisian or not.

The cybercriminal group that calls itself “Trisec - Cyberoutlaw”, as seen in the thread on X (formerly Twitter), clearly states that it engages in a diverse range of activities, and this is concerning, in my opinion, because the next victim could be an organisation of any type or an ordinary user like you, dear reader, or me. It has already listed Toyota Ireland on their victim list.

Be concerned, but do not be afraid, as we can take precautionary measures to mitigate, but not fully protect, our endpoints and IT infrastructure.

Please consider the following advice

? If you have deactivated the antivirus, reactivate it. If you have none, consider to install one.

Antiviruses scan your machine to detect and take action against malware files or programs.

? If you have deactivated the firewall, reactivate it. If you have none, consider to install one as well.

Firewalls work with a predefined set of network rules to allow and deny incoming and outgoing network traffics on specified port numbers and services.

? If you have disabled automatic updates, reenable them.

Updates come to install crucial security updates to add security measures and fix specific vulnerabilities.

? If you use a weak password like "rayen2002", "password", "12345678", "azertyuiop" or any weak password that is commonly used or a dictionary word, please change it. Use robust passwords that have the specific criteria. Non-exhaustive examples include:

- The password should be complex, which means, for example, mixed of capital and small letters, digits and special characters (this includes letters from foreign language scripts).

- It should be longer than eight (8) characters.

- It should be a unique password, meaning it is not used on any other account.

Example: take the word "cybersecurity"

1. Try to add digits, such as altering the word to the “l33t” form => "cyb3r53cur17y"

2. Try to make some letters capitalised, for example => "cYb3r53CuR17y"

(Advice: if there are two similar letters in the same word, make one of them capitalised and keep the other small.)

3. Try to add special characters, for example => "!*cYb3r 53CuR17y%&"

4. Write the result down on a small paper and hide it somewhere; it is safer than writing it digitally on the computer.

According to PasswordMonster (link: https://www.passwordmonster.com/), it takes 25 thousand years to crack our result password "!*cYb3r 53CuR17y%&".

Of course, there are password generator services that can generate robust passwords and store them inside your account, but I do not trust them myself.

? If your Wi-Fi does not have a Pre-Shared Key (PSK), please define one. PSK is the Wi-Fi password in simple English.

Attackers often exploit Access Points (APs) that has no PSK or has a weak one. To increase security:

- Secure PSKs should be lengthy and complex, just like the steps I described earlier.

- It is recommended to use robust authentication protocols like WPA2 (legacy, supported on almost all modern devices) or WPA3 (improved security).

- WPA3-SAE is said to protect more against offline dictionary attacks and works differently than a PSK, even though it also mitigates, but not eliminates, the attack risks.

- For businesses, WPA3 Entreprise is said to be even more secure.

? If you usually log in using only a login name and password, please consider adding an extra layer of security.

Multi-Factor Authentication (MFA) is the use of several login steps in order to access your account. It is very used in “zero trust” policies used by many businesses if they wish a very confidential access to their, or some of their resources.

For an ordinary user, the most commonly used MFA method is the Two-Factor Authentication (2FA). It is usually introducing a code generated by an authentification code generation application, such as Authy and Google Authenticator. Using a phone number is also possible, though not recommended.

? If you receive an email or a text message (SMS) from a source claiming to be your company (like a bank) and asks you for immediate action by clicking a link or an attachement or downloading a file, or you receive a tempting offer for a coupon or discount that is too good to be true and asks you to click a link or open or download a attached file as well…

Do NOT click or download. This is a phishing scam and the attackers try to psychologically manipulate victims and mislead them to commit security frauds. Extra steps usually involve asking for credentials or credit card information. Please do not take any risk and contact your company in question if you need more information.

? If you are concerned about your organisation’s IT infrastructure, please contact the IT security team to discuss the strategy to add an extra security.

The authorised penetration testers (red team) hired in your organisation shall exploit vulnerabilities and make a report to the hired security analysts (blue team) to take preventive measures.

Q&A

Q: Is there a way to make my system 100% secure?

A: Yes, there is, which is: not buying an IT system nor subscribing to the internet. This way, you are 100% safe from cyberattacks.

I understand that my answer is not convincing. Nowadays, everyone needs an IT infrastructure and an internet subscription. However, attacks are undeniable, and they occur. Hence, all of us are at a risk. In addition, even if we managed to be “100% secure”, attacks change to be more sophisticated by continuous search of new vulnerabilities, and the percentage will eventually drop to 95%, 90%, 80%, and so on.

The good news ? is that although we cannot fully eliminate the risks on the internet, we can reduce them. Following the advice of experts at security helps you keep yourself safe.

Please remember: security measures mitigate, but not eliminate, the attack risks. Always be vigilant and keep yourself updated with news and advice from security experts.

Please spread the word and stay safe.

Disclaimer

I, “Rayen Ben Ali”, am not an expert at cybersecurity. This article is intended to raise awareness, and only those skilled at this domain will benefit you with additional information if you need so.

#awareness #security #cybersecurity #safety