Welcome to part two of our four-part series exploring the common cyber threats within the Caribbean and how to strengthen your organization's resilience by preparing for them.

On May 8, 2020, Costa Rican President Rodrigo Chaves declared a state of emergency after an unprecedented and devastating ransomware attack. The ransomware attack crippled Costa Rica's ability to offer critical services, and several government organizations, including the country's customs and tax platforms, were impacted.

As highlighted in part 1 of this series, cyber threats can arise from numerous sources, both internal and external threat actors.

The threat actor UNC1756 was responsible for the ransomware attack on Costa Rica (also known as Conti). Conti uses a two-pronged extortion strategy in which the attackers threaten to release stolen data and exploit it in future attacks if a ransom is not paid by the date. Costa Rica has yet to pay, leading Conti to post the compromised data on its data-leak website.

EXTERNAL ATTACK VECTORS

Ransomware

Ransomware is a malicious attack where attackers encrypt an organization's data and demand you make payment to restore access (National Institute of Standards and Technology [NIST]). Attackers may also steal your organization's information and demand additional payment for not disclosing the information to authorities, competitors, or the public.

Social Engineering

Social engineering is a popular vehicle for facilitating ransomware attacks because it requires attackers to trick you into revealing information (such as your password or your mother's maiden name) and then use the compromised credentials to gain access to an organization and attack its systems and networks.

Various controls can categorize social engineering attacks, such as the medium used and set targets. There are three common types:

• Phishing attacks: exploit human error to conduct fraudulent solicitation of sensitive information or spread malware, usually via infected email attachments or links to malicious websites. (50% off your next purchase)

• Smishing attacks: Also known as SMS phishing, this uses SMS messages as the basis for attacks. (Use 123 456 to verify your Instagram account. or Tap to get back into your Instagram account: ransomware link)

• Vishing attacks: uses voice calls to solicit sensitive information. (A panicked loved one trying to find out if John is in the office today because they can't reach him by his cell phone)

Other popular attack types used by attackers include:

• Password Attacks: Used to gain unauthorized access to password-protected accounts, usually aided by software that speeds up the cracking or guessing of passwords.

• Botnet Attacks: occur when a cluster of machines is infected with malicious software, enabling cybercriminals to control them and unleash a string of attacks. These attacks are commonly used to cause distributed denial of service (DDoS) attacks.

• Denial of Service (DoS) Attacks: an attempt to halt a machine or network, rendering it inaccessible to its intended users. This is done by flooding the target with traffic or transmitting information that causes it to crash.

• System Hacking: the penetration of computer systems and software to access the target machine and steal or misuse sensitive data.

Newer attack types include:

• Infiltration of Internet of Things (IoT) Devices: a compromise of an IoT system and can include devices, networks, data, and users. A cybercriminal can launch an IoT attack to steal information. They can take over an automated or IoT system and shut it down. (Source)

• Weaponized Artificial Intelligence (AI): often considered as the dark side of a double-edged sword, as AI can be used as a security solution or as a weapon by cybercriminals. Cybercriminals leverage AI to develop more intelligent malware programs and execute stealthier attacks.

Organizations must regularly examine and address their entire risk surface. You can maintain the security of your systems, your data, and your security reputation in this way. As Part 2 of our series comes to a close, I'd like to extend an invitation to stay tuned for Part 3, where we'll examine the risks associated with internal threats, which are the ones we often ignore.