Features
Pricing
Download
Team
Subscribe
Sign up for Free
Login

Today's top 15 cyber threats

Manage your SaaS

stack

access

spend

Cyber threats come in many forms - all designed to disrupt your business. No matter how big or small it is.

To be prepared, you need to understand threats and make a plan - which are the primary ones on your business and with which actions you're guarding against them.

Want to know more? Book a free meeting.

Phishing

AKA: Email spoofing, Social engineering, Identity theft
Threat level: Very High / Critical
Phishing is the fraudulent attempt to obtain sensitive information by disguising oneself as a reputable company or a familiar individual.
On the news:
Show more articlesSee all news on this threat >>

Password attacks

AKA: Compromised credentials, Password cracking
Threat level: High / Elevated
Users today have so many logins and passwords to remember that it’s tempting to reuse credentials - a fact attackers rely on.
On the news:
Show more articlesSee all news on this threat >>

Employee negligence

AKA: Human error, Bad security behaviour
Threat level: Normal / Guarded
Often data breaches are accidental and e.g. a result of an employee losing a mobile device, improperly disposing confidential data or using unsafe Wi-Fi.
On the news:
Show more articlesSee all news on this threat >>

Malware

AKA: Viruses, Trojan Horses, Spyware, Worms
Threat level: Very High / Critical
Malware is the overarching name for malicious or unwanted software. Viruses, bots, spyware, trojans, rootkits and worms are types of malware.
On the news:
Show more articlesSee all news on this threat >>

Business-email-compromise

AKA: Email fraud, CEO scams, Invoice scams
Threat level: Very High / Critical
Corporate email accounts of executives related to finance are compromised to do fraudulent transfers or steal other information.
On the news:
Show more articlesSee all news on this threat >>

Insider attacks

AKA: Malicious employees, Internal cyber attacks
Threat level: Very High / Critical
Employees (and ex-employees, vendors) can be significant cyber security threats when they have something to gain through malicious actions.
On the news:
Show more articlesSee all news on this threat >>

Ransomware

AKA: Encryption ransoms, CryptoWalls
Threat level: Very High / Critical
Ransomware is a type of malware that encrypts victim’s files, making them inaccessible subject to a ransom payment to decrypt them.
On the news:
Show more articlesSee all news on this threat >>

Outdated access rights

AKA: Wrong priviliges, Poor identity governance
Threat level: Very High / Critical
Identity and access management establish a digital identity for employees. Outdated or too broad permissions are a gift for hackers to exploit.
On the news:
Show more articlesSee all news on this threat >>

Cloud storage misconfiguration

AKA: Default credentials or conf, Missing access control
Threat level: Very High / Critical
Misconfigured servers may expose sensitive data, a mistake which is an open invitation to hackers to dump and use data for their malicious activities.
On the news:
Show more articlesSee all news on this threat >>

How website security and SEO are intimately connected

Learning how to optimize your website can be a challenge. At one time, it was only about figuring out what Google wanted, which was largely keywords. Now, it’s much more complex. Google is focused on not only delivering high-quality, relevant search results, but also on protecting people from malware and unscrupulous websites. Not only that, a hack of your website by others can give Google false information that directly impacts your rankings. That’s why it’s vital for your website to have strong web security if you want to do well in SEO. How security can directly impact SEO Hacks, or attempts at hacks, can keep Google’s bots from accessing your site and assessing your content and keywords. Your server may report missing pages to Google because of a web scraper or hacker impacting your website. Why would someone hack your site? Usually it’s to do back-door SEO. For instance, a hacker wants to put a link on your site, or add a web page. Sometimes they even target your domain and redirect it to another site altogether. Sucuri has an excellent example of a common hack they see on WordPress sites. These hacks make your website look like an untrustworthy page, or may even draw penalties from Google that cause your site to be blacklisted. Sometimes, no matter how much effort you put into SEO, failures in cybersecurity can drastically impact how Google sees your site, therefore also impacting your place in the SERPs. The first step in security to boost SEO One of the first things you need to do to protect your website and boost your Google ranking is to install HTTPS. Google named this security protocol a ranking signal several years ago, so it’s obvious that your SEO results will be tied to it. You’ll need to make sure you have a proper certificate and allow indexing so that Google can still read your website. However, this is only the beginning. An HTTPS setup does not secure a website, it only secures the connection and encrypts data that is sent. That means that communication between your server and the web browser a visitor is using is secure and data — like a credit card number used for purchase — cannot be stolen. Other important security steps Information security, or keeping your stored data secure, is another important part of keeping your website secure and helping it rank well, and the good news is that this security requires the same vigilance that SEO does. As a result, you can monitor both simultaneously. Platform security Be sure you’ve chosen a good web host that has strong security on their end. Use security software or plugins as appropriate. For smaller websites using WordPress, you can use Wordfence, iThemes Security, or Bulletproof Security, for example. Overall, you want plugins that address the known security issues in the platform you use. All websites can also benefit from using SiteLock, which not only closes security loopholes but also monitors your website daily for malware, viruses, and more. Secure passwords Believe it or not, the number one most common password is still 123456. In a business environment, it’s easy for usability to overtake security — after all, you want everyone to be able to access the resources they need, and the importance of secure passwords may take a back burner. Unfortunately, this is exactly the mindset that makes it so easy for hackers to access your website and destroy your search engine ranking. Use a truly secure password and consider using software such as a password manager if accessibility is a concern. Password software can generate and store secure keys that are much safer from hackers. Use automated backups If there is a hack or other problem, you don’t want to be stuck frantically reconstructing your website if you have to wipe any of your content or other data. Automated backups make it easy to recover your site to its original condition quickly, which may allow you to dodge Google penalties. Automatic backups mean you don’t have to remember to manually back up your website each week or month. It will give you peace of mind and make it simple to resume business as usual, even if a breach occurs. Most web hosting companies offer automatic backup services, so it’s possible all you need to do is configure it. If you use WordPress, there are plugins that schedule automatic backups as well. Protect your input Forms One of the most common sources of website breaches come from SQL injections into web forms that don’t have strict enough parameters. Any time you allow someone to supply outside information, it’s important to secure the form. There are several steps you can take to prevent a SQL injection, so be sure you’ve covered your bases. For instance, you can use prepared statements so that a user cannot insert malicious values directly into the backend of your website. You can also limit user input so that it can only be of a specific type and length, which helps you avoid coded attacks. Another idea is to create a generic error message so that hackers cannot use the codes to learn about your database architecture.   Recovering from a hack What if your website is hacked, despite your security precautions and other best efforts? Is there any way to recover your SEO rankings in enough time to ensure you don’t lose a large amount of business or traffic? The good news is that there is. Google allows webmasters to submit a reconsideration request after a penalty. Your website has to be fully restored and any malicious files removed, however, which is why automated backups are so important. Google works hard to help webmasters after a hack. Take a look at their resources if you’re struggling to recover from a hack. Security and SEO go hand-in-hand Keeping your website safe is already a top priority in most businesses. What you might not realize is that great security helps protect your search engine ranking as well. With the right security in place, you’re much less likely to suffer a hack that compromises your website. If there is a concern, implementing the right safeguards and backups will help you to quickly recover and submit your website for reconsideration, hopefully avoiding any hefty drops in your SERP rankings. It’s imperative to take time once or twice a year to review your security processes and make sure they’re the best they can be, including automated backups of your site, updated security protocols, and so on. Proactive solutions will always be better than reactive ones — and potentially save you a lot of grief in the long run.       

Unpatched vulnerabilities

AKA: Security patches, Software updates
Threat level: Very High / Critical
Failure to patch makes a network doubly vulnerable. As the vulnerability has been publicized, it is very likely to also be exploited.
On the news:
Show more articlesSee all news on this threat >>

Man-in-the-middle attacks

AKA: Wi-Fi spoofing, IP spoofing, eavesdropping
Threat level: Very High / Critical
Man-in-the-middle (MitM) attacks occur when an attacker inserts themselves into two-party transactions between e.g. your computer and a server.

Denial-of-service attacks

AKA: Botnet attacks, Traffic floods, Zombie network attacks
Threat level: Very High / Critical
During a denial-of-service (DoS) attack the attacker floods a website with more traffic than it was built to handle.
On the news:
Show more articlesSee all news on this threat >>

The “Great Cannon” has been deployed again

Summary The Great Cannon is a distributed denial of service tool (“DDoS”) that operates by injecting malicious Javascript into pages served from behind the Great Firewall. These scripts, potentially served to millions of users across the internet, hijack the users’ connections to make multiple requests against the targeted site. These requests consume all the resources of the targeted site, making it unavailable: Figure 1: Simplified diagram of how the Great Cannon operates The Great Cannon was the subject of intense research after it was used to disrupt access to the website Github.com in 2015. Little has been seen of the Great Cannon since 2015. However, we’ve recently observed new attacks, which are detailed below. Most recent attacks against LIHKG The Great Cannon is currently attempting to take the website LIHKG offline. LIHKG has been used to organize protests in Hong Kong. Using a simple script that uses data from UrlScan.io, we identified new attacks likely starting Monday November 25th, 2019. Websites are indirectly serving a malicious javascript file from either: http://push.zhanzhang.baidu.com/push.js; or http://js.passport.qihucdn.com/11.0.1.js Normally these URLs serve standard analytics tracking scripts. However, for a certain percentage of requests, the Great Cannon swaps these on the fly with malicious code:  Figure 2: Malicious code served from the Great Cannon The code attempts to repeatedly request the following resources, in order to overwhelm websites and prevent them from being accessible: http://lihkg.com/ https://i.loli.net/2019/09/29/hXHglbYpykUGIJu.gif?t= https://na.cx/i/XibbJAS.gif?t= https://na.cx/i/UHr3Dtk.gif?t= https://na.cx/i/9hjf7rg.gif?t= https://na.cx/i/qKE4P2C.gif?t= https://na.cx/i/0Dp4P29.gif?t= https://na.cx/i/mUkDptW.gif?t= https://na.cx/i/ekL74Sn.gif?t= https://i.ibb.co/ZBDcP9K/LcSzXUb.gif?t= https://66.media.tumblr.com/e06eda7617fb1b98cbaca0edf9a427a8/tumblr_oqrv3wHXoz1sehac7o1_540.gif?t= https://na.cx/i/6hxp6x9.gif?t= https://live.staticflickr.com/65535/48978420208_76b67bec15_o.gif?t= https://i.lihkg.com/540/https://img.eservice-hk.net/upload/2018/08/09/181951_60e1e9bedea42535801bc785b6f48e7a.gif?t= https://na.cx/i/E3sYryo.gif?t= https://na.cx/i/ZbShS2F.gif?t= https://na.cx/i/LBppBac.gif?t= http://i.imgur.com/5qrZMPn.gif?t= https://na.cx/i/J3q35jw.gif?t= https://na.cx/i/QR7JjSJ.gif?t= https://na.cx/i/haUzqxN.gif?t= https://na.cx/i/3hS5xcW.gif?t= https://na.cx/i/z340DGp.gif?t= https://luna.komica.org/23/src/1573785127351.gif?t= https://image.ibb.co/m10EAH/Atsps_Smd_Pc.gif?t= https://img.eservice-hk.net/upload/2018/06/02/213756_d33e27ec27b054afcc911be1411b5e5a.gif?t= https://media.giphy.com/media/9LZTc9dQjAAL5jmuCK/giphy.gif?t= https://img.eservice-hk.net/upload/2018/06/13/171314_55de6aac9af0e3c086b83bf433493004.gif?t= https://i.lih.kg/540/https://i.lihkg.com/540/ These may seem like an odd selection of websites and memes to target, however these meme images appear on the LIHKG forums so the traffic is likely intended to blend in with normal traffic. The URLs are appended to the LIHKG image proxy url (eg; https://na.cx/i/6hxp6x9.gif becomes  https://i.lih.kg/540/https://na.cx/i/6hxp6x9.gif?t=6009966493) which causes LIHKG to perform the bandwidth and computationally expensive task of taking a remote image, changing its size, then serving it to the user. Impact It is unlikely these sites will be seriously impacted. Partly due to LIHKG sitting behind an anti-DDoS service, and partly due to some bugs in the malicious Javascript code that we won’t discuss here. Still, it is disturbing to see an attack tool with the potential power of the Great Cannon used more regularly, and again causing collateral damage to US based services. Mitigations These attacks would not be successful if the following resources were served over HTTPS instead of HTTP: http://push.zhanzhang.baidu.com/push.js; or http://js.passport.qihucdn.com/11.0.1.js You may want to consider blocking these URLs when not sent over HTTPS. Timeline of historical Great Cannon incidents Below we have described previous Great Cannon attacks, including previous attacks against LIHKG in September 2019. 2015: GreatFire and GitHub During the 2015 attacks, DDoS scripts were sent in response to requests sent to a number of domains, for both Javascript and HTML pages served over HTTP from behind the Great Firewall.  A number of distinct stages and targets were identified: March 3 to March 6, 2015: Initial, limited test firing of the Great Cannon starts. March 10: Real attacks start against a Chinese-language news site (Sinasjs.cn). March 13: New attacks against an organization that monitors censorship (GreatFire.org). Figure 3: Snippet of the code used in early Great Cannon attacks. Later scripts were improved to not require external Javascript libraries. March 25: Attacks against GitHub.com start, targeting content hosted from the site GreatFire.org and a Chinese edition of the New York Times. This resulted in a global outage of the GitHub service. Figure 4: The URLs targeted in the attack against Github.com. March 26th - Attacks began using code hidden with the Javascript obfuscator “packer”: Figure 5: Snippet of the obfuscated code. Current attacks continue to use the same obfuscation. Research by CitizenLab identified multiple likely points where the malicious code is injected. The Great Cannon operated probabilistically, injecting return packets to a certain percentage of requests for Javascript from certain IP addresses. As noted by commentators at the time, the same functionality could also be used to insert exploitation code to enable “Man-on-the-side” attacks to compromise key targets. 2017 and onward: attacks against Mingjingnews In August 2017, Great Cannon attacks against a Chinese-language news website (Mingjingnews.com) were identified by a user on Stack Overflow. The code in the 2017 attack is significantly re-written and is largely unchanged in the attacks seen in 2019. Figure 6: An excerpt of the code to target Mingjingnews.com in 2017. We have continued to see attacks against Mingjingnews in the last year. 2019: Attacks against Hong Kong democracy movement On August 31, 2019, the Great Cannon initiated an attack against a website (lihkg.com) used by members of the Hong Kong democracy movement to plan protests.  The Javascript code is very similar to the packer code used in the attacks against Mingjingnews observed in 2017 and onward, and the code was served from at least two locations: http://push.zhanzhang.baidu.com/push.js http://js.passport.qihucdn.com/11.0.1.js Initial versions targeted a single page on lihkg.com. Figure 7: The Javascript code originally targeting lihkg.com. Later versions targeted multiple pages and attempted (unsuccessfully) to bypass DDoS mitigations that the website owners had implemented. Figure 8: The Javascript code later targeting lihkg.com. Detection We detect the Great Cannon serving malicious Javascript with the following Suricata rules from AT&T Alien Labs and Emerging Threats Open. $EXTERNAL_NET any (msg:"AV INFO JS File associated with Great Cannon DDoS"; flow:to_server,established; content:"GET"; http_method; content:"hm.js"; http_uri; content:"hm.baidu.com"; http_host; flowbits:set,AVCannonDDOS; flowbits:noalert; classtype:misc-activity; sid:4001472; rev:1;) ET WEB_CLIENT Great Cannon DDoS JS M1 sid:2027961 ET WEB_CLIENT Great Cannon DDoS JS M2 sid:2027962 ET WEB_CLIENT Great Cannon DDoS JS M3 sid:2027963 ET WEB_CLIENT Great Cannon DDoS JS M4 sid:2027964 Additional indicators and code samples are available in the Open Threat Exchange pulse.       

Illegal personal data processing

AKA: Data procetion compliance, GDPR compliance
Threat level: Very High / Critical
Under the GDPR you're required to report data protection basics and showcase how you're protecting data and ensuring compliance.
On the news:
Show more articlesSee all news on this threat >>

Violations of data subject rights

AKA: Unaccurate informing, Unclear privacy notices
Threat level: Very High / Critical
Under the GDPR, if data subjects ask you, you must give confirmation of data processing their data, their personal data and other privacy information.
On the news:
Show more articlesSee all news on this threat >>

Supply chain attacks

AKA: Third-party attacks, Watering hole attacks
Threat level: Very High / Critical
A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply network.
On the news:
Show more articlesSee all news on this threat >>