EC
Uploaded byEvan Clark
PPTX, PDF56 views

Common Cyberthreats and How to Prevent Them (2019)

The document outlines common types of cyber threats, including phishing, credential theft, cryptojacking, unpatched software, targeted ransomware, and the significant role of human error. It emphasizes the importance of employee education and implementing security measures such as multifactor authentication and regular software updates to mitigate risks. Proactive strategies and overlapping security defenses are recommended to protect against these evolving threats.

Embed presentation

Download to read offline
CommonTypes of CyberThreats and how to avoid them
TableofContents 01 02 03 04 Phishing Phishing is a malicious tactic used by hackers to trick their victims into handing over valuable information. Credential Theft Credential theft is a rising epidemic fueled by a global underground market. Cryptojacking Cryptojacking continues to effect big companies and individuals alike. Unpatched Software Unpatched software is often overlooked and leaves you unnecessarily vulnerable to attacks. 06 End Users End Users represent your biggest risk. Human error causes more incidents than malicious attacks. 05 Targeted Ransomware Targeted ransomware demonstrates the sophisticated development of this malware over the years.
1. Phishing
Phishing scams, don’t get hooked. Phishing is a malicious tactic used by hackers to trick their victims into handing over valuable information. • Hackers spend a lot of time crafting clever messages that appear so realistic that you wouldn’t think twice while looking at them. • Once the person who is being deceived has fallen for the attack, hackers are able to obtain what they were after; passwords, credit card information, direct access to your bank account, and even demands for money.
Phishing Example:
Tip: Educate employees on the risks of opening suspicious emails and clicking on links within emails that may ask for information that is confidential or downloading unknown attachments.
2. CredentialTheft
Credential Theft is a rising epidemic. Credential theft occurs when someone's proof of identity is stolen, be it physical or digital. • When your credentials for one website are stolen it opens the door for your entire online identity to be compromised. • Once an attacker has your usernames and passwords they can sell them on the dark web or use them to compromise your organizations network.
Top 3 Credential Hijacking Markets: 1. Dark web forums that trade compromised credentials from data breaches 2. Phishing kits that trick users into submitting their credentials to fake login pages 3. Keyloggers that collect passwords from infected machines 1.9 billion usernames and passwords exposed via data breaches 12.4 million potential victims of phishing 788,000 potential victims of keylogging Source: Thomas, Kurt, et al. “Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials” 2017
Tip: Implement multifactor authentication and make use of password managers. Authentication that relies on a username and password alone is too fragile.
3. Cryptojacking
Cryptojacking is an exploit in its infancy. Cryptojacking is a method for hackers to mine cryptocurrency from their victims computers. • Crypto mining code lingers on infected websites and ads and auto-executes once it’s loaded in a victims browser. • The code goes to work in the background of the victim's machine. The only trace it leaves to end user is slower performance.
Notable Cryptojackings: Showtime Networks Cryptojacking malware was found on Showtime’s video streaming website. It was present for at least three days in 2017. UFC Fight Pass Subscribers to the UFC’s streaming service posted screenshots of cryptojacking malware present in their source code, though the UFC denied that the code was ever present.
Tip: Protect against single points of failure in your security stack by using overlapping defensive systems. This includes endpoint, and email protection as well as firewalls and vulnerability assessments.
4. Unpatched Software
Unpatched software is one of the easiest threats to manage. Unpatched software contains vulnerabilities that are exploited by hackers. • Commonly used programs like Adobe and O365 contain vulnerabilities. When they’re discovered, a “patch” is pushed out in software updates. • The reluctance of end-users to update software and install patches can leave these vulnerabilities open for exploitation for far longer than they should be.
Tip: Update your software when prompted and install patches. Many MSSPs also offer complete patch management services to keep you up to date and protected.
5.Targeted Ransomware
Ransomware gets more sophisticated and stealthier . Ransomware didn’t go away, it got more complex. • Targeted ransomware can lock organizations out of important systems and bring work to a halt. • While these attacks are lucrative and sophisticated, the attackers aren’t looking for a challenge. Get the security basics right to stay off their hit list.
Anatomy of a Targeted Ransomware Attack: First the attacker gains entry to your network by exploiting a weak Remote Desktop Protocol (RDP) password. Once they’re in, they elevate their privileges to the admin level. Next they use their new access rights to workaround security software. Lastly they spread ransomware, encrypting their victims files and leave a note demanding money in exchange for decrypting the files. The Dharma strain of ransomware seems to target small businesses with a maximum of 150 users. Though, it isn’t known if this is a side-effect of something else or deliberate targeting.
Tip: Give attackers a challenge. Lockdown RDP and assign user rights based on need. Implement overlapping layers of security on a well segmented network.
6. End Users
Breaches begin with human error. Network security at the personnel level is just as important as your firewall. • Many cybersecurity incidents are not caused by a hacker with malicious intent, often they’re caused by a simple mistake. • It’s impossible to have 100% protection with respect to cybersecurity. What you can do is educate your employees.
Top 5 Risks Posed By End Users: 1. Lack of Situational Awareness 2. Phishability 3. Password Reuse 4. Using Unpatched Devices 5. Accidental Loss “Very often a threat is less dependent on the effectiveness of its technology than it is on how effectively it manipulates the psychology of the victim.” Source: Lance Spitzner – Director, SANS Security Awareness
Tip: Educate your employees, a little training goes a long way. Being proactive and empowering your employees with information is best way to keep your security tight.
Learn how Twinstate can help you avoid cyber threats at your organization. info@twinstate.com 800.833.8000

More Related Content

PPT
Web Security
byBharath Manoharan
 
PDF
WHITE PAPER▶ The Evolution of Ransomware
bySymantec
 
PPT
Ransomware - The Growing Threat
byNick Miller
 
PPTX
Types of Attack in Information and Network Security
bypadmeshagrekar
 
PPTX
Ethical hacking
byHarishBabuKaveri
 
PPT
Ransomware: Prevention, privacy and your options post-breach
byGowling WLG
 
PPTX
ETHICAL HACKING PPT
bySweta Leena Panda
 
PDF
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
byClearDATACloud
 
Web Security
byBharath Manoharan
 
WHITE PAPER▶ The Evolution of Ransomware
bySymantec
 
Ransomware - The Growing Threat
byNick Miller
 
Types of Attack in Information and Network Security
bypadmeshagrekar
 
Ethical hacking
byHarishBabuKaveri
 
Ransomware: Prevention, privacy and your options post-breach
byGowling WLG
 
ETHICAL HACKING PPT
bySweta Leena Panda
 
5 Ways to Protect Your Healthcare Organization from a Ransomware Attack - HIM...
byClearDATACloud
 

What's hot

PDF
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
byRoger Hagedorn
 
PPTX
Ransomware
byAkshita Pillai
 
PPTX
Cryptojacking
byXnews
 
PPTX
Types of Malware (CEH v11)
byEC-Council
 
PPTX
Cyber security and Cyber Crime
byDeepak Kumar
 
PDF
How to analyze cyber threats
byAkankshaPathak27
 
PDF
Cyber Attack Analysis : Part I DDoS
byKenny Huang Ph.D.
 
PDF
Ransomware: History, Analysis, & Mitigation - PDF
byAndy Thompson
 
PDF
4. Mitigating a Cyber Attack
byisc2-hellenic
 
PPT
Types of attacks and threads
bysrivijaymanickam
 
PPTX
Malware
byMichael Carthy
 
PPTX
Cyber Security
byRameesha1
 
PPTX
CYBER SECURITY THREATS - Polytechnic Ungku Omar
byzakuan zolkefly
 
PPTX
Ransomware: How to avoid a crypto crisis at your IT business
byCalyptix Security
 
PDF
NormShield 2018 Cyber Security Risk Brief
byNormShield
 
PPTX
What is a Malware - Kloudlearn
byKloudLearn
 
PPTX
Cyber Attack Survival: Are You Ready?
byRadware
 
PPTX
Ransomware
byArmor
 
PPT
this is test for today
byDreamMalar
 
PDF
The top 10 security issues in web applications
byDevnology
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
byRoger Hagedorn
 
Ransomware
byAkshita Pillai
 
Cryptojacking
byXnews
 
Types of Malware (CEH v11)
byEC-Council
 
Cyber security and Cyber Crime
byDeepak Kumar
 
How to analyze cyber threats
byAkankshaPathak27
 
Cyber Attack Analysis : Part I DDoS
byKenny Huang Ph.D.
 
Ransomware: History, Analysis, & Mitigation - PDF
byAndy Thompson
 
4. Mitigating a Cyber Attack
byisc2-hellenic
 
Types of attacks and threads
bysrivijaymanickam
 
Malware
byMichael Carthy
 
Cyber Security
byRameesha1
 
CYBER SECURITY THREATS - Polytechnic Ungku Omar
byzakuan zolkefly
 
Ransomware: How to avoid a crypto crisis at your IT business
byCalyptix Security
 
NormShield 2018 Cyber Security Risk Brief
byNormShield
 
What is a Malware - Kloudlearn
byKloudLearn
 
Cyber Attack Survival: Are You Ready?
byRadware
 
Ransomware
byArmor
 
this is test for today
byDreamMalar
 
The top 10 security issues in web applications
byDevnology
 

Similar to Common Cyberthreats and How to Prevent Them (2019)

PPTX
Lecture 2.pptx
byMuhammadRehan856177
 
PPTX
Lecture 3.pptx
byMuhammadRehan856177
 
PDF
7 Types of Cyber Security Threats | The Lifesciences Magazine
byThe Lifesciences Magazine
 
PPTX
COMPUTER SEMINAR network security threats .pptx
bymanishae08
 
PDF
Cybersecurity - Webinar Session
byKalilur Rahman
 
PDF
Top 10 Cyber Threats in 2025 _ Main Types of Cyber Threats.pdf
bymanisha06650
 
PDF
Cyber-Security-Threats-Understanding-the-Landscape.pdf
byVAIBHAVSAHU55
 
PPTX
attack vectors by chimwemwe.pptx
byJenetSilence
 
PDF
5 network-security-threats
byReadWrite
 
PDF
1. introduction to cyber security
byAnimesh Roy
 
PPTX
Cyber security threats and its solutions
bymaryrowling
 
PDF
Cybersecurity Essentials for Small Businesses & Freelancers in 2025: Protect ...
bysagarbaghel100
 
PPTX
Crimes in digital marketing..pptx
byRajviNikeetaRathore
 
PPTX
CyberSecurity Threats in the Digital Age(1).pptx
byzainchaudary496
 
PPTX
Cybersecurity: Definition, Importance, and Best Practices.pptx
byCloudavize
 
PPTX
Lecture 2.pptx
byMuhammadRehan856177
 
PDF
Cybersecurity Threats & Trends: Key Insights for Businesses
byGrapesTech Solutions
 
PDF
Five Network Security Threats And How To Protect Your Business Wp101112
byErik Ginalick
 
PDF
Data security best practices for risk awareness and mitigation
byNick Chandi
 
DOCX
Five cyber threats to be careful in 2018
byRonak Jain
 
Lecture 2.pptx
byMuhammadRehan856177
 
Lecture 3.pptx
byMuhammadRehan856177
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
byThe Lifesciences Magazine
 
COMPUTER SEMINAR network security threats .pptx
bymanishae08
 
Cybersecurity - Webinar Session
byKalilur Rahman
 
Top 10 Cyber Threats in 2025 _ Main Types of Cyber Threats.pdf
bymanisha06650
 
Cyber-Security-Threats-Understanding-the-Landscape.pdf
byVAIBHAVSAHU55
 
attack vectors by chimwemwe.pptx
byJenetSilence
 
5 network-security-threats
byReadWrite
 
1. introduction to cyber security
byAnimesh Roy
 
Cyber security threats and its solutions
bymaryrowling
 
Cybersecurity Essentials for Small Businesses & Freelancers in 2025: Protect ...
bysagarbaghel100
 
Crimes in digital marketing..pptx
byRajviNikeetaRathore
 
CyberSecurity Threats in the Digital Age(1).pptx
byzainchaudary496
 
Cybersecurity: Definition, Importance, and Best Practices.pptx
byCloudavize
 
Lecture 2.pptx
byMuhammadRehan856177
 
Cybersecurity Threats & Trends: Key Insights for Businesses
byGrapesTech Solutions
 
Five Network Security Threats And How To Protect Your Business Wp101112
byErik Ginalick
 
Data security best practices for risk awareness and mitigation
byNick Chandi
 
Five cyber threats to be careful in 2018
byRonak Jain
 

Recently uploaded

PDF
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
PDF
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
PDF
What Is a Private LLM and Why Enterprises Need It
byAivada
 
PDF
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PDF
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
PPTX
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PPTX
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
PDF
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PDF
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
PDF
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
PDF
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
The State of the Gen AI economy - 2025 - The Meliora Company
byClive Dickens
 
Workshop on Sustaining & Growing Open Source Communities - GAS2025
bySammy Fung
 
What Is a Private LLM and Why Enterprises Need It
byAivada
 
100 Insights After the 200th Issue of NewMind AI Journal
byNewMind AI
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
HCSP-Presales-Campus Network Planning and Design V2.0
byVeronica916344
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
Top _HR Technology Trends _for 2026_.pptx
byAutomationEdge Technologies
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
API-First Architecture in Financial Systems
bycyy111112
 
Session 2 - Solving Unstructured & Complex Documents with UiPath IXP
byDianaGray10
 
WCAG Analyzer Tools and Techniques for User-Friendly Websites
byAccessibility Analyzer
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
Exam Prep Plan Overview: Amazon Web Services (AWS) Certified
byVICTOR MAESTRE RAMIREZ
 
Cross-Cultural Agile Development -Challenges and Strategies for Overcoming Them-
byTakashi Makino
 
AI Powered Document Processing and Data Extraction
byRobert McDermott
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 

Common Cyberthreats and How to Prevent Them (2019)

  • 1.
  • 2.
    TableofContents 01 02 03 04 Phishing Phishing is amalicious tactic used by hackers to trick their victims into handing over valuable information. Credential Theft Credential theft is a rising epidemic fueled by a global underground market. Cryptojacking Cryptojacking continues to effect big companies and individuals alike. Unpatched Software Unpatched software is often overlooked and leaves you unnecessarily vulnerable to attacks. 06 End Users End Users represent your biggest risk. Human error causes more incidents than malicious attacks. 05 Targeted Ransomware Targeted ransomware demonstrates the sophisticated development of this malware over the years.
  • 3.
  • 4.
    Phishing scams, don’t gethooked. Phishing is a malicious tactic used by hackers to trick their victims into handing over valuable information. • Hackers spend a lot of time crafting clever messages that appear so realistic that you wouldn’t think twice while looking at them. • Once the person who is being deceived has fallen for the attack, hackers are able to obtain what they were after; passwords, credit card information, direct access to your bank account, and even demands for money.
  • 5.
  • 6.
    Tip: Educate employees onthe risks of opening suspicious emails and clicking on links within emails that may ask for information that is confidential or downloading unknown attachments.
  • 7.
  • 8.
    Credential Theft isa rising epidemic. Credential theft occurs when someone's proof of identity is stolen, be it physical or digital. • When your credentials for one website are stolen it opens the door for your entire online identity to be compromised. • Once an attacker has your usernames and passwords they can sell them on the dark web or use them to compromise your organizations network.
  • 9.
    Top 3 Credential HijackingMarkets: 1. Dark web forums that trade compromised credentials from data breaches 2. Phishing kits that trick users into submitting their credentials to fake login pages 3. Keyloggers that collect passwords from infected machines 1.9 billion usernames and passwords exposed via data breaches 12.4 million potential victims of phishing 788,000 potential victims of keylogging Source: Thomas, Kurt, et al. “Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials” 2017
  • 10.
    Tip: Implement multifactor authentication andmake use of password managers. Authentication that relies on a username and password alone is too fragile.
  • 11.
  • 12.
    Cryptojacking is an exploitin its infancy. Cryptojacking is a method for hackers to mine cryptocurrency from their victims computers. • Crypto mining code lingers on infected websites and ads and auto-executes once it’s loaded in a victims browser. • The code goes to work in the background of the victim's machine. The only trace it leaves to end user is slower performance.
  • 13.
    Notable Cryptojackings: Showtime Networks Cryptojacking malwarewas found on Showtime’s video streaming website. It was present for at least three days in 2017. UFC Fight Pass Subscribers to the UFC’s streaming service posted screenshots of cryptojacking malware present in their source code, though the UFC denied that the code was ever present.
  • 14.
    Tip: Protect against singlepoints of failure in your security stack by using overlapping defensive systems. This includes endpoint, and email protection as well as firewalls and vulnerability assessments.
  • 15.
  • 16.
    Unpatched software is oneof the easiest threats to manage. Unpatched software contains vulnerabilities that are exploited by hackers. • Commonly used programs like Adobe and O365 contain vulnerabilities. When they’re discovered, a “patch” is pushed out in software updates. • The reluctance of end-users to update software and install patches can leave these vulnerabilities open for exploitation for far longer than they should be.
  • 17.
    Tip: Update your softwarewhen prompted and install patches. Many MSSPs also offer complete patch management services to keep you up to date and protected.
  • 18.
  • 19.
    Ransomware gets more sophisticatedand stealthier . Ransomware didn’t go away, it got more complex. • Targeted ransomware can lock organizations out of important systems and bring work to a halt. • While these attacks are lucrative and sophisticated, the attackers aren’t looking for a challenge. Get the security basics right to stay off their hit list.
  • 20.
    Anatomy of aTargeted Ransomware Attack: First the attacker gains entry to your network by exploiting a weak Remote Desktop Protocol (RDP) password. Once they’re in, they elevate their privileges to the admin level. Next they use their new access rights to workaround security software. Lastly they spread ransomware, encrypting their victims files and leave a note demanding money in exchange for decrypting the files. The Dharma strain of ransomware seems to target small businesses with a maximum of 150 users. Though, it isn’t known if this is a side-effect of something else or deliberate targeting.
  • 21.
    Tip: Give attackers achallenge. Lockdown RDP and assign user rights based on need. Implement overlapping layers of security on a well segmented network.
  • 22.
  • 23.
    Breaches begin with humanerror. Network security at the personnel level is just as important as your firewall. • Many cybersecurity incidents are not caused by a hacker with malicious intent, often they’re caused by a simple mistake. • It’s impossible to have 100% protection with respect to cybersecurity. What you can do is educate your employees.
  • 24.
    Top 5 RisksPosed By End Users: 1. Lack of Situational Awareness 2. Phishability 3. Password Reuse 4. Using Unpatched Devices 5. Accidental Loss “Very often a threat is less dependent on the effectiveness of its technology than it is on how effectively it manipulates the psychology of the victim.” Source: Lance Spitzner – Director, SANS Security Awareness
  • 25.
    Tip: Educate your employees,a little training goes a long way. Being proactive and empowering your employees with information is best way to keep your security tight.
  • 26.
    Learn how Twinstatecan help you avoid cyber threats at your organization. info@twinstate.com 800.833.8000