Jennifer Hardin, Global Risk Management Specialist at Blumont, was a speaker in a workshop at InterAction Forum 2016 that focused on the intersection of cyber security issues and NGOs. The discussion touched on the shift from traditional physical security to a new digital environment; the current mindset among humanitarians that they are not a target because of the work they do; the difference between digital security and information security; and social engineering vulnerabilities. Jennifer and the other panelists delved more deeply into the topics of phishing, water-holing attacks, and ransomware.
Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. For example, two emails were sent to two junior level individuals with an attachment for review. The attachment, an Excel file, was opened by the user and it exploited a vulnerability in Flash. Since phishers don’t have specific targets in mind, any organization or individual can fall victim to the same attack.
A water-holing attack is the hijacking of legitimate websites to push malware, the incidence of which is increasing dramatically. With watering holes, attackers target anywhere from a single company or government agency to larger communities of interest – such as a group of organizations. Malware is downloaded via seemingly legitimate files or products through websites the organizations are known to visit and find credible (Adobe Flash; versioning updates). There was a malware infection inside the “Thought of the Day” Flash widget which appeared whenever users tried to access a Forbes.com page. Visitors didn’t need to do anything other than to try to load Forbes.com in their browser to get infected. The demographics of the typical visitor to Forbes.com is senior executives, managers, and other professionals working for firms with Department of Defense contracts. The international development community needs to be aware and prepared for water-holing attacks because they are targeted in nature and international development organizations access the same resources (DOS website, govwin, Devex…) which makes us vulnerable as a community.
Ransomware, such as CyptoLocker, CyptoWall and Torrent Locker, targets both computers and smartphones by granting privileges and then changing the pin. It can also appear in the form of a Trojan physical access breach with a USB device that affects shared drives connected to the network. These days everyone uses smartphones for professional and personal applications – a breach could result in a loss of work for multiple days or weeks. Ransomware works by holding information and/or data ransom for digital currencies like Bitcoin (one side anonymous) or Altcash (both sides anonymous) which protect the identity of the attacker. If the ransom is not paid sensitive biometric data can be leveraged to harm vulnerable populations, such as those the international development community seeks to empower.
Some key takeaways include sharing attack stories with industry professionals; proper training for HQ and field offices; choosing the right tools, such as encryption; and avoiding weak passwords.
– – – RELATED READING – – – –
Hostile Environment Awareness Training (HEAT)