It’s safe to say that 2018 wasn’t a great year for security. Even the biggest companies in the world struggled to defend themselves against the constant onslaught of hacking attempts.
When you are faced with organized nation-state attacks, it’s hard for the average company to defend itself. Just last week, a ransomware email made the rounds and threatened to detonate an actual bomb if the victims didn’t pay $20,000 in bitcoin. These emails were widely circulated, but proved to be a hoax. However, not every threat will turn out to be harmless, no matter how absurd they may seem.
If you want a true sense of the level of sophistication that you are up against, consider Trend Micro’s report from last week. Trend Micro highlighted a new kind of malware that hides inside Twitter memes. This insidious use of a legitimate service has to be to disturbing to anyone who is trying to defend a network against external attacks. How can you possibly defend yourself against such creative malice?
There is a new kind of malware that hides inside Twitter memes. How can you possibly defend yourself against such creative malice?
As Trend Micro described the meme malware: “Hidden inside the memes mentioned above is the “/print” command, which enables the malware to take screenshots of the infected machine. The screenshots are sent to a C&C server whose address is obtained through a hard-coded URL on pastebin.com.” It doesn’t cause direct harm, but MSPs should take note of how inventive bad actors are capable of being.
Foreign governments sponsoring hacks
Just recently, the Justice Department announced that Chinese government-sponsored hackers were responsible for hacking 45 U.S. tech companies and government agencies. Chinese government hackers were also accused of being responsible for the huge Marriott data breach that resulted in the leak of personal data of over 500 million guests from the company’s database.
By now, you know that your hacker is probably not some pimply faced kid sitting in his parent’s basement with a bag of Fritos and a laptop. Instead, what you face is a sophisticated and well-funded government or organized crime outfit (or both). It’s enough to make you throw your hands up and quit.
Consider it all to be a part of a sophisticated game. Knowing that the government is working to assist with the central problem is certainly helpful. You are not an isolated powerless entity. You just have to keep yourself as secure as you can in the face of these ever-growing threats.
While the bomb threat was thankfully not a real problem, something in the coming year almost certainly will be. How you react could help define your year (or your client’s). Be vigilant, be ready, but most all, be realistic, and know that your job is never truly done.
Photo: Stokkete / Shutterstock.