The Destruction of Tyre and the Security of Cloud Applications
The city island of Tyre was a beautiful, powerful, and strategic Phoenician trading city in the eastern part of the Mediterranean Sea. Its defenses were so great that it survived a 13-year siege from the great Babylonian conqueror, Nebuchadnezzar starting in 586BC. The people were proud of how impenetrable they were. That’s why when Alexander the Great came along in 332BC, they did not negotiate with him. So, Alexander’s army razed Old Tyre which was on the mainland next to the great island city of Tyre. The army used the rubble of Old Tyre to create a land bridge to the island of Tyre where they laid siege to the city for 7 months when they utterly destroyed the city and the people.
That story comes to mind when I hear businesses say they don’t need cybersecurity protection because their data is in the cloud. It is safe and sound and no one can hack it because it is not on site. It’s hiding in the cloud. Here are three reasons why they are wrong: Keyloggers, Stealers, and RATs.
A keylogger is malware designed to record the keystrokes made on a computer or mobile device. A keylogger captures everything you type, including emails, passwords, messages, and search queries. This information is then sent to a third party.
On a typical morning for a cloud-centric business, an employee would start work by opening email. On an infected system, the keylogger has access to your business email to either spy or use the account for financial gains. The attacker is hoping your multi-factor authentication is sent to compromised email account. Next the employee logs into the business apps that are in the cloud. This could be a healthcare system, logistics system, or financial system – whatever makes that business move forward. Perhaps an administrator pays an invoice with bank account information or username and password to the bank. Maybe they use a credit card to pay the invoice instead. That’s right! All that information is now in the hands of the hacker thanks to the keylogger.
Stealer malware or infostealer malware targets user credentials, browser data, cryptocurrency wallets, and any other personal data on your device. Not only can it take the usernames and passwords saved in your browser, but it can also steal the credentials from certain applications and accounts that are not run on the browser. Some stealers have been able to access cypto-wallets such as Phantom, Binance, Coinbase, and more. Stealers gather similar information compared to keyloggers, but they don’t have to wait for anyone to login and start typing. They search your device for the information that is already available.
A Remote Access Trojan (RAT) is a type of malware that allows hackers to gain remote control over an infected computer or device. It allows the hacker to use a limited set of commands providing access. Sometimes they steal data. Other times they may install additional malware or spyware. They could reconfigure your local firewalls or shut down other security measures. RATs are usually distributed through phishing or emails with an Adobe PDF attached. The PDF calls an executable file to download the RAT.
What can you do about all this, you ask? First of all, do not fall for phishing and social engineering via email or text. Do not click on a link from a user you don’t know. Secondly, make sure you have set up multi-factor authentication everywhere possible especially anything dealing with money, but may also include social media, emails, and business applications. Making sure your anti-virus is up to date is a start, but that doesn’t stop zero day/ new malware. Monitor your accounts. If you run a business, you should have endpoint detection and response (EDR) installed on all your computers. This is an application running on your computer that watches what is written and executes on your system and prevents unauthorized execution. Talk to your local Cyber Guys for details.
Just because all your applications and systems are in the cloud doesn’t make you bulletproof. Don’t be like Tyre and find out too late that Alexander is building a land bridge in the front yard.