Mending a Bleeding Heart: Cognizance as an IT Security Solution

    Mending a Bleeding Heart: Cognizance as an IT Security Solution

    Posted by Dillon MacInnis
    Mon, Jun 08, 2015

    The nationally publicized security disaster of April 2014 known as the "Heartbleed" bug has certainly drawn attention to the developing need to prioritize security when dealing with information systems. A single, flawed line of code written into an extension of the widely used web encryption software called OpenSSL granted access to stored private and personal data to those who sought to illegally obtain it. While the software was built to maintain periodic open connections between servers in order to regulate operation, the mentioned line of code inadvertently allowed 64 kilobytes of information to be accessed by a web attacker when an open connection was established. Furthermore, given that the process was periodic, an individual extracting information illegally could accumulate valuable data over time by continuously exploiting each open connection. As a consequence, hackers were able to acquire usernames, passwords, credit card information, and each server’s private digital key, which made classified internal documents available to unauthorized parties. Although this vulnerability was ultimately patched, the event made an example of the problems that arise when software is not monitored for exploitable weaknesses.

    heartbleed

    With disaster, however, came useful lessons, and perhaps the best way to stop a heart from bleeding is not simply to patch it up but to prevent whatever is causing it in the first place. Consequently, extensive research has been conducted in order to understand popular trends in cybercrime as well as practical preventative measures. It may be a general cognizance of the intentions and methods of web attackers that allows both private consumers and employees of businesses to identify potential security threats. This approach, of course, requires knowledge, and security software developer Symantec has certainly reached some important conclusions. In their 2015 Website Security Threat Report, Symantec explored various components of cybercrime, including categories and contexts. By understanding this information as well as the conclusions provided by other sources, individuals can take more effective steps to at least ensure the protection of information that they do not want shared.

    When confronting cybercrime, it is important to understand the motives of web attackers. Some motives often include stealing data for sale in the underground economy, blackmail, extortion for money, distraction from additional cybercrimes, personal revenge, and the social movement that has been given the title of hacktivism. While these certainly follow logically from what someone would expect as the motivation for cybercrime, these observations are covertly invaluable. In each interaction that any individual has with the internet in which they are being asked to perform an action, one should ask whether the request being made could be correlated with one of these motives. Even if this method is not practiced faultlessly, it is the general knowledge that these motives exist that should be integrated into your understanding of the internet experience.

    img_cyber_criminal_283x229

    In addition to understanding motives, it is also important to acknowledge what kinds of cybercrimes exist altogether. Firstly, it should be observed that not all cybercriminals are those that developed the assaulting software itself nor are they all acting on behalf of themselves. Web attacking software, attack services, and stolen information are all purchasable goods and services within the underground economy. Therefore, the world of cybercrime transcends the epitomic image of the single computer hacker ceaselessly pressing every key on his keyboard and stealing trade secrets. Instead, there are several components that constitute the collective meaning of cybercrime. One of these components is a method called malvertising (malicious advertising) in which a link to a precarious download disguises itself as an authentic advertisement in order to entice a website user to click on it. Sometimes, this can lead an individual to an inescapable web page that indicates that if they do not pay a certain fine, then they will be charged by the authorities for downloading illegal materials. This method is called ransomware, and it is a popular means of collecting profit as a web attacker. Ransomware has further evolved into a program that, when downloaded, encrypts all of the files on the user’s computer and gives them the choice of paying a given amount of money in order to regain access. There is also general malware (malicious software), which often plays a role in both malvertising and ransomware, that infects a computer with a virus or attempts to steal personal information. While there are a significant number of approaches for web attackers to utilize, these three are important to understand when browsing the internet. If you can recognize the approach of a web attacker, you can better identify when you are dealing with one.

    Although security software continues to develop and to challenge cybercrime, awareness is underrated as an IT security solution. While web attackers often exploit vulnerabilities such as the Heartbleed bug, they do not hesitate to exploit the ignorance of the individual web user as well. The mere recognition that institutions such as advertisements, which we have been conditioned to trust, can let us down is an important step towards ensuring a secure IT environment. Additionally, it is important to regularly upgrade security features as each new upgrade publicizes the vulnerabilities that are being corrected. To have obsolete software is to invite cyber criminals to take advantage of the vulnerability of which they have been made explicitly aware. Fortunately, as Operating Systems and other technology continue to advance, security is becoming a priority. Microsoft has made it clear that Windows 10 will have frequent and voluntarily automatic security updates that seek to quell the vulnerability concerns in general. Moreover, websites are being protected by SSL certificates that only apply to data inputted within a certain time period so that cybercriminals cannot be given an all access pass by obtaining a SSL certificate private key. These are certainly powerful weapons against cybercrime, but it may be cognizance and education that serve as the most effective line of defense.

    WE provide Powerful Internet Security

    Sources

    http://www.cnet.com/news/heartbleed-bug-what-you-need-to-know-faq/

    Symantec. Website Security Threat Report 2015. Rep. Print.

    Images

    http://heartbleed.com/heartbleed.png

    http://now.symassets.com/now/en/GB_SITE/pu/images/Non-Product/Misc/img_cyber_criminal_283x229.png

    Topics: Data Security, Technology Improvements, Cloud Security

    Written by Dillon MacInnis

    Contact Us