The Risks of Public WiFi (& How to Protect Yourself)

The Risks of Public WiFi (& How to Protect Yourself)

In a constantly connected world, free WiFi can seem like an oasis in the desert, allowing you to ration your data and safeguarding you from eye-watering overage fees.

Unfortunately, public WiFi is inherently less safe than personal, private networks such as your home internet or the office network. 

Public WiFi Leaves You Vulnerable 

Public WiFi is inherently risky: after all, you have no idea who else is on this network and what they are up to. While businesses such as stores and organizations like your municipality or public library may think they are offering a helpful public service or a valued customer perk, you can’t be sure that they take security as seriously as you do. 

Person using public wifi securely

Common Public WiFi Cyberattacks

If you are the victim of a cyberattack, please contact our team immediately and consider reading our educational article Hacked? Here’s What to Know (& What to Do Next).

Man-in-the-Middle Attacks

Man-in-the-Middle (MitM) attacks are one of the most common public WiFi cyberattacks and are, at their core, a form of digital eavesdropping. Essentially, when a device such as your phone, tablet, or laptop connects to the internet via a public WiFi network, data is sent between point A (your device) and point B (the website you are visiting or the server that hosts the app you are using). Man-in-the-Middle attacks allow cybercriminals to camp out between these two points and intercept your traffic, which they can then either read or manipulate. 

Man-in-the-Middle attacks take a number of forms, including interfering with legitimate networks, creating fake networks that the attacker controls, or rerouting internet traffic to phishing or other malicious sites. Compromised traffic is stripped of any encryption protections, which allows the attacker to steal information or change the information you are transmitting. 

Attackers don’t want you to realize they are manipulating your traffic, so it can be difficult to realize an attack has occurred until you discover your email address is being used to send spam, your bank account is empty, or you uncover other evidence of nefarious activity. As such, users must take steps to avoid falling victim to these attacks. 

While using multi-factor authentication can make it more difficult for attackers to gain unauthorized access to your accounts, your username and password can still be compromised. As such, if you absolutely cannot wait to log in to your bank account or conduct other sensitive business, opting for a cellular connection or using your phone as a personal hotspot for your laptop is a better option.

Malware & Malicious Hotspots

While most developers do their best to ensure the programs they create are secure, sometimes mistakes happen, and programs, apps, and websites can inadvertently be left with security holes or other weaknesses. Attackers use these vulnerabilities to sneak malware (malicious software) onto your device. 

Another common technique involves setting up fake hotspots full of malware and making them look like legitimate networks; an attack sometimes referred to as a honeypot. These networks usually adopt reputable names in order to trick victims into connecting. 

For example, let’s say you decide to visit a coffee shop called Kim’s Cafe. You open your phone and, without thinking, select the “Kim’s Cafe” WiFi network. How do you know that network is actually owned by Kim’s Cafe? While some businesses that offer complementary public WiFi post the network name prominently (to help ensure visitors aren’t connecting to suspicious networks), not all businesses do. You can ask a staff member for the name and password for the guest network, but that doesn’t guarantee their network is secure. When in doubt, go without or use your cellular data, don’t just select a network that appears legitimate and hope for the best. 

Person using phone and laptop on public wifi

Tips for Staying Safe on Public WiFi

When it comes to public WiFi, caution is the name of the game. The best way to stay safe on a public WiFi network is to not use the public WiFi network. However, we also understand that this can be easier said than done. 

If you do have to use public WiFi, you should start by asking yourself a single question: If someone was reading over my shoulder right now, how would I feel about it? If the thought of some stranger reading your screen makes you anxious or angry, you should probably hold off until you can connect to a secure network. 

To help you get started, here are links to guides on how to manage your security settings on these commonly used web browsers:

Leave Your PII At Home

If you need to use public WiFi, limit your activities as much as possible and avoid visiting any sites or using Apps that involve handing over your personally identifying information (PII), such as banking details, usernames, and passwords, or medical information. You wouldn’t carry a sign around with your personal information splashed all over it, so why would you risk revealing this highly sensitive data on a public WiFi network?

If you have to use a public network, stay clear of apps and websites that require you to log in. Some websites and apps require you to enter things like your full name, phone number, and other identifying information when you create an account, so even if you don’t remember providing that information when you registered, you may inadvertently be exposing that information if an attacker intercepts your internet traffic. 

Consider a VPN

If you spend a lot of time away from your desk and absolutely need to stay connected (say you are traveling for work and don’t have unlimited data), you might want to consider a VPN. A VPN allows you to create a secure connection between your device and another network (such as your work network) over the internet, shielding your browsing activity and keeping you off of public WiFi networks. 

To help safeguard sensitive company data and other digital assets, many employers provide their employees with VPNs to ensure they are always using a secure connection while accessing company data. After all, you have no idea if your employee’s home network, local cafe WiFi, or complimentary hotel network meet your security standards. 

No VPN? Look for the Lock

If you don’t have a VPN, there are still steps you can take to help safeguard your data while using public WiFi. SSL connections add a layer of encryption to your network traffic, which can help keep you safe on public WiFi. When using the internet, make sure you enable the “Always Use HTTPS” option on your browser or any websites you frequently visit that require you to enter any credentials and never enter credentials into unsecured websites. 

Disable AirDrop & File Sharing

If you absolutely have to use a public WiFi network, you should turn off any features on your device that enable frictionless file sharing.

Learn how to manage your file-sharing settings on Windows 10 and on a Mac.

Leave WiFi & Bluetooth Turned Off

Leaving your WiFi and Bluetooth settings turned off when not in use can help prevent your device from connecting to unknown networks or other devices without your explicit consent. 

Actually Read the Terms & Conditions

We know that no one actually likes wading through pages of dry technical text, but before you connect to any public WiFi network, make sure you know what you are signing up for. Look for information on what data the network collects, how it is used, and how it is stored, and keep an eye out for any red flags before you click the Accept button. 

Avoid Nosey Networks

Be wary of any public WiFi networks that require you to enter personal information, such as your email address or phone number. If you absolutely have to connect to a network that requires a lot of personal information, make sure you trust the organization that owns the network and consider creating a separate email account specifically for situations like this. 

While asking for some personal information doesn’t automatically mean that the network owner is untrustworthy, stores and restaurants in particular tend to gather this information so they can better track you across multiple WiFi hotspots and tailor their marketing efforts, not to improve security or benefit users. As such, it is up to you to decide if you are willing to give up your private information in exchange for some free WiFi. 

Find Out if Your Cable or Cell Phone Company Offers Complimentary Public WiFi

Some cell phone providers and cable companies manage complimentary WiFi hotspots for their customers, so if you spend a lot of time searching for free WiFi you may want to see if your service provider offers this perk. If you are connecting to free public WiFi through a service you are already signed up for, then you don’t have to hand over any more personal information than you already have. 

Log Out When You Are Finished (Even At Home)

Logging out of all your accounts when you are done may seem like a pain, but it can help safeguard your personal data when your device leaves your home or office. By logging out when you are finished, you can rest assured that you aren’t inadvertently exposing your sensitive data when you grab a coffee or head to the mall.

Look for Password Protected Networks

When it comes to public WiFi networks, passwords are your friend. While adding a password won’t guarantee airtight security, it does help limit who has access to the network and for how long (assuming the organization that owns the network rotates their password frequently). This bare minimum level of security does help, but you should still avoid visiting websites or using apps that contain sensitive information such as PII or private work files. 

Invest in an Unlimited Data Plan

At the end of the day, the best way to stay safe on public WiFi is simply to avoid connecting to public WiFi networks in the first place. If you anticipate having to do a lot of browsing away from your home or work network, you may want to consider investing in an unlimited data plan.

Though the best course of action is to avoid public WiFi networks altogether, there are steps you can take to safeguard your device and personal data if you need to connect. For more information on keeping yourself, your business, or your remote employees safe, please contact our team today.

Everything You Need to Know About WiFi 802.11ax (AKA WiFi 6)

Everything You Need to Know About WiFi 802.11ax (AKA WiFi 6)

Over the last year, there has been a lot of chatter surrounding WiFi 6 (also referred to by its IEEE standard name 802.11ax). But what exactly is WiFi 6? In this educational article, we will discuss what makes WiFi 6 different from its predecessors, WiFi 4 and WiFi 5, so you can get the information you need to make informed decisions about upgrading your WiFi network.

What is WiFi 6?

In 2020, the FCC announced that it would be expanding access to the broadband spectrum for unlicensed traffic. This means that routers are now able to broadcast their signals in the 6GHz range, as well as the 2.4GHz and 5GHz ranges originally designated for unlicensed traffic. Much like widening a road to accommodate increased traffic, this decision means there is now more WiFi to go around.

This is critical as the number of devices in each home and business continues to rise. The days of a single device per employee and a shared household computer are long gone; according to Statista, the average American household was home to 10.37 connected devices in 2020, and that number is likely only going to continue to increase. Many employees are now equipped with a laptop and a company phone, and with the continued rise of IoT devices in both homes and workplaces, the demand for bandwidth will only increase. 

What are the Benefits of WiFi 6?

WiFi 6 offers a wide range of benefits, including:

Enhanced Security Features

WiFi 6 offers enhanced encryption and other significant security enhancements while simultaneously eliminating some of the weaknesses of older WiFi technologies such as pre-shared keys. This is great news for security-conscious hotspot providers as well as facility managers and visitors. 

All WiFi 6 devices are designed to handle WPA3 encryption, which offers features like robust password protection and 256-bit encryption algorithms, both of which make it harder for cybercriminals to hack into your network

Faster Speeds

WiFi 6 promises speeds up to 30% faster than WiFi 5, which means your employees can spend more time working and less time waiting for web pages and internet-based programs to load. 

Increased Range

In situations when you are relying on a single router, WiFi 5 and WiFi 6 offer approximately the same range because WiFi range is dictated by the radio frequencies the APs can access (5GHz and 2.4GHz). However, if you switch to a WiFi 6 mesh system, you can increase coverage by placing the APs farther apart and use WiFi 6’s faster speeds to make up for the increased distances. Being able to place APs farther apart can be incredibly beneficial in situations where physical cabling is either inconvenient or impossible to lay. 

Though the increased distance between the APs will cause a small decrease in network speed and performance, this decrease is so minuscule you and your team likely won’t notice a difference.

Reduced Latency

Latency (the amount of time it takes for something to load) remains a large problem for many WiFi users. How fast and reliable your WiFi is depends on a variety of factors, including the signal strength of your connection and how many other devices are on the network. By expanding bandwidth access, your network will now be able to support more devices than before, allowing all WiFi traffic to move faster and increasing network reliability. 

WiFi 6 achieves this using OFDMA (Orthogonal Frequency Division Multiple Access), which is an extension of OFDM (Orthogonal Frequency Division Multiplexing) architecture (which is used by WiFi 4 and wiFi 5). While OFDM relies on a single-queue style system, which requires each device to patiently wait its turn to receive data, OFDMA allows the router to transmit data to more than one device at a time, dramatically reducing or even eliminating the need to queue. 

It does this by splitting traffic into smaller packets, so each device can receive a small amount of the data it is waiting for and pass that information on to the end-user while it is waiting for the rest of its packets. This functionality is great for high-traffic environments such as stadiums, conference centers, and large retail environments where employees, visitors, and customers are going to need WiFi access. 

Increased Power

Connecting to a WiFi network requires a proportionally significant amount of power, particularly if a device is moving in and out of WiFi range. Wider ranges, and the ability to comfortably support more devices, means that devices will need to expend less energy maintaining a reliable WiFi connection, which means your devices will be able to go for longer between charges. 

WiFi 6 accomplishes this using target wake times (TWTs, also called wake time targets), which allow the APs to communicate with devices and let them know how long they will be left waiting between transmissions. By providing devices with this information, the devices can “sleep” between transmissions, only waking up when the device needs to connect again. These short bursts of downtime significantly reduce how much power the battery needs to expend to maintain a WiFi connection, which can extend the battery life of laptops, smartphones, tablets, and other WiFi-connected devices on your network. 

Better Throughput & Reduced Congestion

When there are more devices on your WiFi network than the network can comfortably serve, WiFi performance suffers, and some devices may lose connection entirely. Because WiFi 6 uses OFDMA, it has better MIMO (multiple in/multiple out). 

Using multiple antennas, each AP is able to talk to several devices simultaneously, while WiFi 5 networks can only respond to one device at a time, creating bottlenecks and slowing down the connection of every device on the network. Being able to respond to multiple devices at once reduces the amount of time each device needs to wait for its turn, increasing speeds for everyone.

Another advantage of WiFi 6 over its predecessors is BSS (basic service set) “colors”. These colors, labeled 0 through 7, are incredibly useful when multiple APs near one another are transmitting on the same channel. While older WiFi deployments typically assigned multiple APs to the same transmission channels (a necessary approach given the limited amount of bandwidth available), causing traffic jams and slowing down everyone’s connections. To make matters worse, devices weren’t able to effectively communicate or negotiate with each other to maximize channel resources, increasing congestion further. 

Using the color-coded system, APs can assess signals from each color and determine whether they can use the spectrum at the same time as another device without causing interference by selecting a color that isn’t currently in use. 

It’s like if a grocery store had seven checkout lanes open instead of one: The old WiFi standards required all shoppers to cram into a single checkout lane, but the shoppers can talk to one another, so sometimes two or more shoppers will try to purchase their items at the same time, causing a traffic jam while the cashier sorts everything out. The color-coded system allows each shopper to assess which of the seven checkout lanes has the shortest line (or ideally no line at all) and line up there, improving efficiency and getting everyone out of the store faster. 

WiFi 6 offers a wide range of benefits from both a security and usability perspective. Are you considering upgrading to WiFi 6? Our experts have experience with a wide range of technologies, verticals, and industries and work with organizations of all sizes to support their IT and networking needs.

For more information about WiFi 6, or to get started planning your upgrade, please contact our team

Identifying a Breach: Finding Indicators of Compromise (IOC)

Identifying a Breach: Finding Indicators of Compromise (IOC)

Cybersecurity is more important than ever before: According to Government Technology, though 2020 saw an overall decline in the number of breach events, the number of breached records grew dramatically, and the number of ransomware attacks doubled between 2019 and 2020.

These troubling trends demonstrate why a robust yet adaptable cybersecurity stance is critical for all organizations, regardless of size or vertical. But how do you know if your organization has experienced a breach? In this article, we will discuss common types of cybersecurity breaches, and red flags you should look for that may indicate a breach has occurred.

If you have experienced, or are currently experiencing, a cybersecurity breach, please call our team immediately and consider reviewing our guide: Hacked? Here’s What to Know (& What to Do Next).

What Constitutes a Breach?

A security breach is like a break-in, but instead of breaking into your house or business, they break into your digital systems to steal personal information or sensitive documents or damage your network. However, there are steps you can take to best safeguard your digital assets, which include:

  1. Creating a cybersecurity incident response plan, reviewing it regularly, and updating it as necessary. Having a plan in place is critical because it allows you to respond quickly and lays out, in advance, who needs to do what should an incident occur.
  2. Investing in employee cybersecurity training. Even the best cybersecurity incident response plan is effectively useless if your team doesn’t understand why security is important, what role they play in it, and how to respond should an incident occur. All new hires should undergo training, and all employees from the CEO down should receive regular refresher training. 
  3. Regularly monitoring your network for suspicious activities. These suspicious activities, called IOCs or indicators of compromise, will be discussed in depth later in this article. 

Breaches Have Wide Reaching Consequences

Breaches cause more than headaches: to address the situation, you will likely need to pull critical personnel from other projects, hindering productivity and severely impacting your daily business activities. Depending on what data is stolen or what systems are compromised, you may also suffer financial damages in the form of regulatory fines or even lawsuits.

A poorly handled breach can cause permanent damage to your organization’s reputation, damaging consumer trust. 

Recent large-scale breaches include the Yahoo breach of 2014, the Equifax breach of 2017, and the Facebook security breach of 2019. Facebook is currently facing a class-action lawsuit, while the FTC and Equifax reached a global settlement that includes as much as $425 million to help individuals impacted by the breach. Yahoo faces paying for a settlement fund of $117,500,000 to affected individuals in the form of two years of credit monitoring, or in the case of individuals who already have credit monitoring in place, a cash payment. 

Common Types of Cybersecurity Breaches

Malware (Including Ransomware, Viruses, & Spyware)

Many cybercriminals rely on malware (malicious software) to infiltrate protected networks. The malware is often delivered via email or by tricking unsuspecting employees into downloading corrupted files from compromised or malicious websites. 

For example, an employee receives an email with an attachment, which infects your network when the attached file is opened or visits a compromised site and downloads the file directly. Once one computer is infected, the malware will likely spread to other areas of your network, sending sensitive data back to the attacker, laying the groundwork for a larger attack, or damaging your digital infrastructure. 

Phishing Attacks

Phishing attacks are designed to trick potential victims into believing they are talking with someone they trust (such as a colleague, their bank, or another trusted individual or institution) in order to hand over sensitive information (such as credit card numbers, usernames, passwords, etc.), grant the sender access to restricted areas of the network, or trick the target into downloading malware. 

For example, an employee might receive an email from someone pretending to work in your IT department asking them to reset their username and password, or from “their boss” requesting confidential files, or from “your company’s bank” warning that they have detected suspicious activity on a company credit card or in a company bank account, and requesting the recipient click on a link in the email to login and review the flagged transactions.

 In all three scenarios, criminals are acting as trusted individuals or individuals working on behalf of trusted institutions in order to trick unsuspecting email recipients. 

We discuss phishing attacks, and what you can do to avoid them, in our in-depth article: Don’t Let Phishing Scams Catch You Unaware

DDoS (Distributed Denial of Service) Attacks

DDoS attacks are designed to crash websites, preventing legitimate users from visiting them. Attackers do this by flooding websites with traffic, either by working with other attackers or by programming bots (software programs programmed to perform repetitive tasks) to hammer the server hosting the website with requests. 

DDoS attacks are considered security breaches because they can overwhelm your organization’s security defenses and severely curtail your ability to conduct business. Common targets include financial institutions or government bodies, and motivations range from activism to revenge to extortion. 

To learn more about hackers, who they are, and why they do what they do, please consider reading our article: The Modern Hacker: Who They Are, Where They Live, & What They’re After.

What are Indicators of Compromise (IOC)?

IOCs are pieces of forensic data, such as system log entries or files, that identify potentially malicious activity on a network or system. Like suspicious ink-stained fingers or an errant muddy footprint in a Sherlock Holmes book, IOCs are clues that help security and IT professionals detect data breaches, malware infections, or other suspicious activities. 

By looking for IOCs regularly, organizations can detect breaches as soon as possible and respond swiftly, limiting or even preventing damages by stopping attacks during their earliest stages. 

However, IOCs are not always obvious or easy to detect: they can be as obvious as an unexpected login or as complex as snippets of malicious code. Cybersecurity and IT analysts often look at a range of IOCs when trying to determine if a breach occurred, looking at how different IOCs fit together to reveal the whole picture. 

IOCs vs IOAs

IOAs (indicators of attack) are similar to IOCS, but instead of focusing on the forensic analysis side of a compromise that has already occurred, these clues aim to identify attacker activity while the breach is in progress. 

A proactive approach to security relies on both IOCs and IOAs to uncover threats or potential threats in as close to real-time as possible.

Common IOCs and IOAs

There are many IOCs and IOAs that IT and security analysts look for, but some of the most common include:

  1. Unusual outbound network traffic. This could indicate someone is moving sensitive files off the network.
  1. Anomalies in privileged user access accounts. A common tactic used by attackers is to either escalate privileges on accounts they have already compromised or use compromised accounts as gateways to more privileged accounts. By monitoring accounts with access to sensitive areas of your network, analysts can look out for signs of insider attacks or account takeover attacks.
  1. Geographic irregularities. If an employee logs out of their account from an IP address in Chicago, then immediately logs back in from New York, that is a huge red flag. Analysts also look for traffic between countries that your organization doesn’t have business dealings with.
  1. General login irregularities. Multiple failed login attempts or failed login attempts for accounts that don’t exist are both huge red flags. Analysts also look for irregular login patterns, such as employees logging in well after work hours and attempting to access files they don’t have authorization for, which likely indicate the account credentials have been compromised.
  1. Unusually high database read volume traffic. If an employee is attempting to download and read your entire personnel or credit card database, that likely means an attacker is attempting to access those sensitive files.
  1. A large number of requests for the same file. Breaches rely on trial and error a lot, so a large number of repeated requests for the same file (such as the credit card database we mentioned earlier) may indicate an attacker is testing out a variety of strategies in an attempt to gain access.
  1. Suspicious configuration changes. Changing configurations on files, servers, and devices may indicate an attacker is attempting to set up a network backdoor or adding vulnerabilities to aid a later malware attack.
  1. Flooding a specific site or location with traffic. Many attackers rely on bots for a variety of tasks and may recruit compromised devices on your network to do their dirty work. A high level of traffic from a number of devices targeting a specific IP address may indicate those devices have been compromised. 
  1. Suspiciously timed web traffic. Even the fastest typers can only type so fast, so if logs indicate that someone is trying thousands of password and username combinations a second, chances are an attacker is attempting to break into your network using a brute force attack

These are just some of the most common IOAs and IOCs that security and IT analysts use to look for signs of suspicious activity.

By monitoring your infrastructure and firewalls 24/7/365 for signs of a potential breach and keeping a watchful eye on your endpoints, you can gather the information you need quickly so you can respond to potential incidents as soon as possible. To help keep your network secure, VirtualArmour offers a variety of managed and consulting services and has extensive experience working with organizations in a variety of industries, including, but not limited to, healthcare, finance, retail, and energy as well as service providers

To learn more about how our experienced security analysts use IOCs, or to get started improving your security posture, please contact our team today

Recommended Reading

Identifying IOCs is just one small aspect of cybersecurity. To learn more about cybersecurity, why it’s important, and what steps your organization should be taking, please consider reviewing the educational articles listed below. 

Managed Services Security Providers (MSSPs)

What is a Managed Services Security Provider (MSSP)?

Leveraging Your MSSP in an “IT Light” Environment

Cybersecurity Basics

Terms & Phrases Used in the Managed IT & Cybersecurity Industries

The SMBs Guide to Getting Started with Cybersecurity

Cybersecurity Spring Cleaning: It’s Time to Review Your Security Practices

Building a Cybersecurity Incident Response Program

Beyond SIEM: Why Your Security Posture Needs to SOAR

Identity Management is Just Cybersecurity Best Practices With a Fancy (& Expensive) Name

Creating an Agile Workplace: How to Prepare for the Unexpected

Cyber Hygiene 101: Basic Steps to Keep Your Company Secure

The Ultimate Guide to Managed Threat Intelligence (2020 Edition)

What is Information Security (& How Does it Impact Your Business?)

5 Old-School Hack Techniques That Still Work (& How to Protect Your Data)

Keeping Your Network Secure in a “Bring Your Own Device” World

Basic Website Precautions: Keep Intruders Out With These Fundamental Security Best Practices

Compliance

Security vs Compliance: What Are Their Differences?

US Companies Could Get Badly Burned by GDPR – Here’s How Not To 

The Challenge to Remain PCI & NIST Compliant During the Shift to Remote Work

Common Types of Cyberattacks

Don’t Let Phishing Scams Catch You Unaware

Cryptojacking: Because Every Currency Needs to Be Protected 

In a Remote World, Social Engineering is Even More Dangerous

How Fear Motivates People to Click on SPAM

Ransomware is Only Getting Worse: Is Your Organization Prepared to Confront it?

Everything You Need to Know About Ransomware (2019 Edition)

DNS Spoofing: What It Is & How to Protect Yourself

About Cybercriminals & Cybercrime

Hacked? Here’s What to Know (& What to Do Next)

The Modern Hacker: Who They Are, Where They Live, & What They’re After

Hackers Are Increasingly Targeting People Through Their Phones 

Airports are a Hacker’s Best Friend (& Other Ways Users Expose Themselves to Risk)

2021 Cybersecurity Trends

Our Predictions for the 2021 Cybersecurity Environment

Cybersecurity by Vertical & Industry

Cybersecurity Basics Every College & University Needs to Have in Place

The Ultimate Guide to Cybersecurity in the Healthcare Industry

How the Financial Industry Can Strengthen Their CybersecurityCybersecurity for the Manufacturing Industry, What You Need to Know Now

Making Sense of TTPs, Cybersecurity, & What That Means for Your Business

Making Sense of TTPs, Cybersecurity, & What That Means for Your Business

Once considered a nice-to-have, cybersecurity has become essential for organizations in all verticals. Even before COVID-19 made remote work the norm for many office workers (leading to a marked increase in social engineering attacks), cybercrime was already on the rise, with global losses skyrocketing to nearly $1 trillion in 2020 alone

No matter how large or small your organization is, investing in your cybersecurity posture is vital for safeguarding your digital assets, your business, and your customers. To improve your cybersecurity posture, you need to get inside the mind of a cybercriminal and figure out how to stay one step ahead in this endless game of cat and mouse. 

What are TTPs?

TTPs refers to the tactics (or tools), techniques, and procedures used by a specific threat actor (the bad guy) or threat actors. Essentially, TTPs refer to distinct patterns of activities or behaviors associated with a particular person or group of people and describe how threat actors orchestrate, execute, and manage their cyber attacks. 

Tactics

Tactics, generally speaking, refer to the vectors used by attackers. This could include accessing and using confidential information, gaining access to a website, or making lateral movements (moving sideways between devices and apps to better map your system and look for vulnerabilities in less protected areas that they can exploit). 

Techniques

Techniques refer to the methods attackers use to achieve their goals. For example, if the immediate goal (the tactic) is to gain unauthorized access to your system, then the technique could be using social engineering (such as a phishing scam) to trick employees into sharing their login credentials. A single tactic can involve multiple techniques. 

Techniques act like stepping stones towards the attacker’s overarching goal, which could include damaging your systems, infecting your network with ransomware, or stealing sensitive files.

Procedures

Procedures refer to specific, actionable, preconfigured steps used by cybercriminals to achieve their overarching goals. So, for example, if the goal is to use a phishing scam to gather login credentials from employees, the procedure could involve determining what the email should say and configuring the email to download malware when a user opens the attachment included with the email.

Why are TTPs Important for My Business?

Analyzing TTPs is vital for your cybersecurity posture since the clues threat actors leave behind can be used to help identify who is responsible for an attack or breach. By analyzing TTPs, your cybersecurity team or cybersecurity partner can:

  1. Rapidly triage and contextualize the event taking place by comparing the TTPs of the current attack with TTPs of known threat actors or groups (such as hostile foreign governments, lone criminals, criminal groups, or rival corporations) who may have launched the attack. Based on who may be behind the attack, your cybersecurity experts can try to predict what may happen next and redeploy resources to better safeguard your most critical digital assets, such as your server. 
  2. Review probable paths for research and further exploration based on what TTPs were used in the attack. This allows your cybersecurity experts to potentially identify who was behind the attack so criminal charges can be laid.
  3. Identify potential sources or vectors of the attack. This step involves identifying how the threat actors were able to gain unauthorized access to your systems so those vulnerabilities can be addressed as soon as possible so that other threat actors can’t exploit them in the future.
  4. Identify and investigate all systems that may have been compromised. This step is part of your incident response process and is critical for preventing further damage and rooting out potential back doors left by the attackers. 
  5. Create threat modeling exercises and improve your cybersecurity training so that your team won’t be caught unaware again should a similar or related event occur in the future. 

How Can VirtualArmour Help?

Security experts like the VirtualArmour team use TTPs to help identify potentially suspicious activities. When a company like VirtualArmour is monitoring your network 24/7/365, one of the things our experts look for are TTPs. TTPs act like fingerprints: Our experts know what sort of patterns to look for and use that vast wealth of knowledge to help sift out potentially suspicious network activity from ordinary, harmless network activity. 

Should an incident occur, our experts can use TTPs to narrow down the list of suspects, potentially identify third parties that may be impacted (for example, if the phishing attack came from a Gmail email address that may mean Gmail has been compromised), and allow our team to trace the route of the attack back through your network, flagging potentially compromised systems for further investigation and identifying how the attacker was able to gain access. Once we have that information, we can work with you to address your security posture’s current shortcomings and help you update your cybersecurity training so your employees are better able to identify potentially suspicious activities such as phishing emails. 

To help keep organizations like yours safe, we offer a variety of managed services and consulting services, including SOCaaS (security operations center as a service). Most SMBs don’t have the budget to maintain a full, in-house security team. Virtual Armour SOC as a service offers a cost-effective solution: Our full team of cybersecurity experts and analysts act like an extension of your existing security team or can be used to supplement staff in IT light environments, managing and monitoring your network, devices, and digital assets.

VirtualArmour’s SOCaaS premium includes:

  • Managed Detection & Response
  • Enforcing Sanctioned Enterprise Applications
  • Endpoint Security Policies
  • Firewall Rule Management
  • Firewall Configuration
  • Security Incident Investigations
  • Regular Cadence Reporting
  • Identification of Vulnerable
  • Software/Hardware
  • Configuration Auditing for Security Gaps
  • Data Enrichment and Context for Alert

For more information about TTPs and their importance, or to get started improving your cybersecurity posture, please contact our team today. 

Further Reading

To learn more about cybersecurity and the steps your organization should be taking to improve your cybersecurity posture, please consider reading one of our other educational articles.

General Knowledge

Hacked? Here’s What to Know (& What to Do Next)

Terms & Phrases Used in the Managed IT & Cybersecurity Industries

Leveraging Your MSSP in an “IT Light” Environment

The Ultimate Guide to Managed Threat Intelligence (2020 Edition)

Security vs Compliance: What Are Their Differences?

What is a Managed Security Services Provider (MSSP)?

Tactics, Techniques, & Procedures

In a Remote World, Social Engineering is Even More Dangerous

The Modern Hacker: Who They Are, Where They Live, & What They’re After

Hackers Are Increasingly Targeting People Through Their Phones

How Fear Motivates People to Click on Spam

Ransomware is Only Getting Worse: Is Your Organization Prepared to Confront It?

5 Old-School Hack Techniques That Still Work (& How to Protect Your Data)

Airports are a Hacker’s Best Friend (& Other Ways Users Expose Themselves to Risk)

Everything You Need to Know About Ransomware (2019 Edition)

DNS Spoofing: What It Is & How to Protect Yourself

Don’t Let Phishing Scams Catch You Unaware

Cryptojacking: Because Every Currency Needs to Be Protected

Steps Your Organization Should Be Taking

Building a Cybersecurity Incident Response Program

The SMBs Guide to Getting Started with Cybersecurity

Cyber Hygiene 101: Basic Steps to Keep Your Company Secure

Creating an Agile Workplace: How to Prepare for the Unexpected

Cybersecurity Spring Cleaning: It’s Time to Review Your Security Practices

Keeping Your Network Secure in a “Bring Your Own Device” World

19 Essential Cybersecurity Best Practices

Basic Website Precautions: Keep Intruders Out With These Fundamental Security Best Practices

Industry-Specific Information

Higher Education

Cybersecurity Basics Every College & University Needs to Have in Place

Healthcare

The Ultimate Guide to Cybersecurity in the Healthcare Industry

Healthcare Industry Case Studies

Finance

How the Financial Industry Can Strengthen Their Cybersecurity

Financial Industry Case Studies

Manufacturing

Cybersecurity for the Manufacturing Industry: What You Need to Know Now

Retail

Retail Industry Case Study

Energy

Energy Industry Case Studies

Service Providers

Service Provider Case Studies

Deleting Yourself From Social Media: A Brief Guide to Getting Out

Deleting Yourself From Social Media: A Brief Guide to Getting Out

With many of us still stuck at home, social media has become a bit of a lifeline – It can help us stay connected with friends and loved ones as well as expand our social and professional networks. However, social media both increases our risk of being caught up in a data breach and has been shown to negatively impact mental health, leading many to wonder whether it’s time to hit the delete button for good. 

Why You Should Consider Breaking Up with Social Media

Cybercriminals are increasingly targeting social media accounts. While most attacks simply leverage social media as a delivery mechanism for malware and phishing scams, more advanced attacks aimed at social media networks are now able to leverage user’s contacts, location data, and business activities to develop targeted malware advertising campaigns aimed at specific users.

Most attacks use compromised social media credentials to discreetly gather personal data on the victim’s online friends and colleagues or take the guise of a classic phishing scam: tricking victims into revealing their password or other sensitive data by using scare tactics and “urgent” messages, purportedly originating from the platform’s internal team. Social media is also taking its toll on our mental health: Multiple scientific studies have found a strong link between social media use and poor mental health, including an increased risk of depression, anxiety, and loneliness. 

How to Delete Your Social Media Accounts

Though many social media platforms use dark patterns to actively discourage users from deleting their accounts (or otherwise trick you into doing something you don’t actually want to do), there are steps you can take to break up with social media permanently.

Facebook

Facebook offers two ways for you to remove yourself from their platform: deactivation and deletion. Deletion permanently removes your account, while deactivation is billed as a way to hide your account on Facebook (though, as one former Facebook user discovered, your account is still live, which means some people can still interact with it).

Deactivate Facebook

To deactivate your Facebook account using a web browser, you need to visit Facebook’s site and log in to your account. Next, using the drop-down arrow located in the top right corner of your screen to select Settings. Under General, select the Manage Account option and click Edit, then choose Deactivate your Account. At this point, Facebook will prompt you for your password and ask you to provide a reason for leaving. Select your choice, click Deactivate, and you’re done. 

You can also deactivate (but not delete) your Facebook account via the Facebook mobile app. For iOS users, just open the app and hit the menu button (the three-line icon) in the lower right-hand corner. Then click Settings, Account Settings, General, Manage Account, and Deactivate. Android follows a similar process, but you can reach Account Settings from the first submenu.

Delete Facebook

To delete your Facebook account, you will need to visit this page using your web browser. Once you have logged in, click Delete my Account. Though your Facebook friends will no longer be able to interact with your account, Facebook may take as long as 90 days to delete your data. 

Twitter

Twitter allows users to deactivate their accounts, with un-reactivated accounts being deleted after a set period (regular users have to wait 30 days, while verified users have to wait 365 days before their data is deleted). 

To get rid of Twitter, visit the login page in your web browser and log in to your account. Scroll down to the bottom and select the Deactivate your Account option. Once you have read through the information provided by Twitter, you can select Deactivate. You will be prompted to enter your Twitter password and confirm that you really do want to deactivate your account. 

Once you have chosen to deactivate your account, Twitter will begin erasing your presence on their platform. Your profile and tweets will be hidden immediately, but Twitter holds onto your data and tweets for either 30 days (regular users) or 365 days (verified users). If you log back into Twitter during this cool-down period, your profile and past tweets will be automatically restored. 

LinkedIn

Delete LinkedIn

Most people don’t really consider LinkedIn to be a social media platform like Facebook to Twitter, but it uses a lot of the same social and engagement patterns. 

Start by clicking on your profile icon to open your Settings and select the Account tab. Scroll down to the bottom of the menu and select Closing your LinkedIn Account. LinkedIn will then ask you to specify why you are deleting your account. Unfortunately, you can’t skip this step, so choose whatever answer best fits. You can leave additional feedback if you want, but it isn’t required.

Finally, you will need to enter your password to confirm your identity and your intention to leave, and LinkedIn will once again warn you that this is your last chance to turn back. Once you have entered your password, select Close Account and make sure to check the Unsubscribe from Emails box just to make sure you don’t get any pesky emails trying to tempt you to come back. 

Hibernate LinkedIn

You can also choose to “hibernate” (deactivate) your account, which will temporarily remove your account from circulation without removing your data from the site. If you select this option, any previous comments or posts will be attributed to “LinkedIn member”.

Instagram

Instagram accounts can only be deactivated via their website, not through their mobile apps. Once you’ve logged in, select your profile icon in the top right corner of your screen and select Edit Profile, then click Temporarily Disable my Account. Once you select this option, Instagram will ask you why you are leaving and then prompt you to enter your account password and select Temporarily Disable Account.

Much like Facebook (who owns Instagram), you are only allowed to pause your account, not delete it. Once you temporarily disable your account, other users will no longer be able to view your Instagram page, but the platform will continue to hold onto your data (including photos and comments). If you log in to the platform again, your Instagram account is automatically restored.

To actually delete your account, you need to visit the delete your account page from your web browser. Log in to your account, state why you are leaving, and re-enter your password. Finally, you can click Permanently Delete my Account, which will remove all traces of your account from Instagram’s servers, including all likes and messages. 

TikTok

To delete your TikTok account, start by visiting your profile and open your Settings by clicking the ellipsis in the top corner. Then, select the tab marked Manage my Account and scroll down to the bottom of the screen to select Delete Account. Once you have done this, you will be asked to send yourself a confirmation code via SMS to verify your identity and make sure someone isn’t trying to delete your account on your behalf. 

Once you enter the code, TikTok will warn you one last time that you are deleting your account (and explain what that entails). Select Delete Account, and you are done. Unlike other social media platforms, TikTok doesn’t hold onto your data after you choose to leave.

Snapchat

Snapchat also requires users to visit their website to delete an account. Start by logging in to your account, and then re-enter your username and password on the next page (yes, they really do make you sign in twice to prove it is really you and show that you really do want to get rid of Snapchat). Once you click Continue, Snapchat will begin the account removal process.

From that point forward, your friends will no longer be able to contact you via Snapchat, but your account is still active. If you change your mind in the next 30 days and log back into the platform, your account will be completely restored. 

If you don’t log in again during the 30-day cooling-off period, Snapchat will go ahead and delete your account.

Pinterest

To delete your Pinterest account, you will need to log in and select the directional down chevron icon in the top right corner (this will open your menu). Select Settings and navigate to Account Settings on the left-hand side of your screen. Go to Account Changes, and click Close Account. You will then need to tell Pinterest why you are deleting your account and click Next. You will then need to click Send Email to receive a confirmation email to close your account. Once you have received the email via the email address associated with your Pinterest account, you can confirm that you really do want to close your account. Whether you are leaving social media because of security concerns or for other reasons, we hope you found this guide helpful. To learn what other steps you can take to improve your security, please contact our friendly team today.

Is it Possible to Still Browse Anonymously?

Is it Possible to Still Browse Anonymously?

When it comes to cybersecurity, there are no guarantees, and the same holds true for browsing the internet. Though there are steps you can take to increase privacy and make yourself more anonymous, achieving total and complete privacy and anonymity is unlikely.

There are many reasons organizations and individuals seek to browse the internet anonymously or privately. For businesses, keeping employee internet traffic private is a matter of security: shielding employee internet traffic makes it more difficult for cybercriminals to gather the information they need for social engineering attacks or blackmail. As such, taking organizational-wide steps to improve employee privacy as well as educating employees about the importance of privacy and what steps they can take is critical for any security posture. 

To help you best safeguard your organization, we have created this handy guide outlining some tools and policies you may want to consider adopting.

Private is Not the Same as Anonymous

It takes a surprising amount of work to remain anonymous on the internet. Though many articles and organizations within the cybersecurity space use the terms “anonymity” and “privacy” interchangeably, they are not actually interchangeable. 

An encrypted message is private because only you and the recipient can read its contents, but because of metadata, you aren’t actually anonymous. Metadata is snippets of information that provide context about the message, such as who you are talking to, how long you have been exchanging messages, how many messages you have sent, the presence and size of attachments, and what medium you are using (text, email, etc.), and unlike the contents of your message, isn’t encrypted. 

Because you can’t encrypt this metadata (which can be accessed by cybercriminals and other unauthorized individuals with the right tools, technical knowledge, and motivation), you can’t actually browse the internet or send messages anonymously.

Tips & Tools to Increase Your Privacy Online

Is it Possible to Still Browse Anonymously?

Using Tor & Signal

Adopting Tor and Signal for your internet browsing and message sending needs is a good place to start. 

Tor

Tor is the largest, most comprehensive, and highly effective meta-data resistant piece of software designed to promote privacy and anonymity. Though Tor doesn’t guarantee it will keep your browsing habits private, it is the best option currently available. Tor has developed a bit of a bad reputation because it is favored by criminals looking to keep their illegal activities secret, but it has also been a critical tool for journalists looking to research stories anonymously and has even partnered with Reporters Without Borders. However, using Tor comes with some complications: browsing the internet over Tor is slower than using other search engines, and some large web services block Tor users. 

Tor is available for both desktop browsing (Linux, Mac, and Windows) and mobile browsing on both Android and iOS devices

Signal 

Signal is a popular and highly effective messaging app that allows users to send and receive encrypted text messages, voice memos, audio calls, and video calls. Its user interface is similar to other popular messaging apps, making it easy to use even for less tech-savvy individuals.

However, just because your messages are private doesn’t mean you are anonymous. Any network-level adversary can tell you are using Signal, and government agencies such as the CIA can still digitally peek over your shoulder using malware. Also, the metadata associated with Signal users is still available, so organizations such as the US government and Five Eyes are able to access Signal traffic to learn who is communicating with whom when they are communicating and how long they have been in communication. Though the developers of Signal are aware of these shortcomings, metadata-resistant communication remains an unsolved technical problem. 

In short, Signal is the best encrypted messaging app available, offering a more private communication experience, but it isn’t perfect and cannot be relied on for total or even strong anonymity. 

VPNs Are Useful, But Don’t Actually Offer Anonymity (Only Privacy)

VPNs (virtual private networks) do not actually anonymize your browsing. All they do is move trust from your ISP address (at home, at the office, at your local coffee shop) to someone else’s server. VPNs can be incredibly effective security tools (and vital for remote workers who might be logging on from less than secure networks), but they don’t offer anonymity. 

Since the VPN just shifts your traffic to their server, they can still see all of your traffic; as such, if someone you wish to hide your browsing from accesses the VPN’s servers (either through a cyber attack or via legitimate means such as a court order) they will also be able to see all your traffic. 

Is it Possible to Still Browse Anonymously?

Using Zero-Knowledge Services

Many of the tools you likely use every day, including Gmail, Office365, and DropBox, know everything you do on their respective platforms; Google reads your emails, Office365 can access everything you write, and DropBox has the ability to open and examine all files you upload. These three organizations, along with many more, are also Prism providers, which means they cooperate with mass surveillance programs and, as such, are willing to share anything you do on their platforms with the US government.

While you can protect your privacy on these platforms by encrypting everything you do, you can also choose more privacy-conscious alternatives such as SpiderOak (an alternative to DropBox) or Protonmail (as opposed to Gmail). You should carefully vet these companies for yourself before using their products, but these zero-knowledge options are certainly worth exploring further. 

Check Your App Permissions

Though Apple recently released an update designed to improve user privacy and security (including limiting photo and location access, discouraging Wi-Fi tracking, and at a future date, limiting app tracking), both Apple and Android users should still take the time to check their app permissions. Many apps request greater permissions than they need (including camera and microphone access, location data, and other information), raising security and privacy concerns. 

Be sure to periodically check your app permission settings and revoke unnecessary permissions. 

Consider Installing an Ad Blocker on Your Browser

Ads used to be targeted at wide demographics, using a one-to-many broadcasting model. However, targeted advertising now means that what ads you see while browsing the internet are specifically tailored to you to maximize your chances of clicking a link or buying a product or service. This personalization is possible because of online tracking.

Installing an ad blocker won’t completely hide your browsing activities from curious advertisers, but products such as Brave Browser, AdBlock, and the Electronic Frontier Foundation’s Privacy Badger offer better protection than nothing at all. 

Consider an Ad Blocking DNS Service 

To block ads at the network level, you may want to consider a DNS adblocker such as Pi-hole. DNS ad blockers are basically DNS (domain name system) servers that act as DNS sinkholes, blocking ad traffic by checking requests from your browser (in this case, coming from advertisers who want to serve you ads) against your client hosted DNS server, which contains a list of domains that usually serve ads. If a requester is on that list, their request is denied, blocking the ads before they even reach your computer. This approach is usually done via hardware (for example, Pi-hole requires a Raspberry Pi). 

Technically savvy readers who use Windows may want to consider checking out this handy guide on DNS-level ad Blocking from Privacy International

Fire Your Digital Assistant

Google Home, Amazon Echo, and Apple’s Siri offer convenience, but they are a privacy nightmare. In order to know when to update your grocery list, play a requested song, or call your parents, these devices need to be constantly listening for instructions. Private conversations aren’t private if you have a digital spy in the room, but even if you refuse to get an Amazon Ring for your front door, it doesn’t really matter if they are ubiquitous in your neighborhood. 

However, if you are concerned about privacy, you should still consider banning these devices from the office (and the home office) and turn off Siri voice activation.  

Use Common Sense

At its core, privacy is about autonomy: choosing which information you share and with whom. A good general rule is that you are doing something you don’t want the world to know about, it’s probably best to keep it off the internet. If your team needs to discuss a top-secret project, have them meet in person (when it’s safe to do so) or limit communication to secure devices and products only.

Depending on the nature of your business, you may want to create clear social media and internet use guidelines for employees, contractors, volunteers, and any other individuals involved in your organization.

It’s almost impossible to be truly anonymous on the internet, but that doesn’t mean there aren’t steps you can take to improve privacy (and, by extension, security) at the individual and organizational level. For more information about steps, your organization can take, please contact the Virtual Armour team today.