Human Factors Related To Ransomware
Threat actors are constantly operating in the dark web network. As a result of these activities, they share among themselves the evil deeds they do to do business or to gain a reputation. Among these shares, unfortunately, there are databases that they seized by attacking companies. Other threat actors also buy or feed on free shares when necessary to use these free shared or sold shares for their benefit. In this way, unfortunately, direct or indirect information belonging to the company or company employees are found in the hands of the threat actors. In this case, threat actors have the chance to create a wide attack surface on the operations they want to carry out. Unfortunately, the occurrence of data breaches that are shared or sold on the Dark Web is often caused by faulty human factors. Also, it is known that 95 percent of cybersecurity breaches are caused by human error.
Today, the inventories that companies or institutions use in the working environment or that they acquire to improve their systems and make them more useful have gained diversity and richness day by day. These differentiated inventories have also become complex for end users. To securely manage and use these systems, which were created to facilitate the transactions of end users, users need to give each of them strong passwords. Since users are using more than one system simultaneously, they use weak passwords that they can remember to reduce this complexity. Still, they also use the same weak password for different applications and use various services to remember these passwords. This situation creates a threat both for the security of the person and the security of the company related to the person. Such security breaches, unfortunately, attract the attention of ransomware groups, and ransomware groups capture essential information and use it against companies or institutions that they want to operate.
Type of Human Factor
Due to threat actors analyzing human psychology well use various social engineering methods to make end users errors. If we want to give some examples of these:
- Rewarding technique
- Feeling in debt
- Build a sense of intimacy
- The frightening method
- Raise authority to speak Warrant
For these psychological tactics to work, not only is the right timing sufficient, but the end users also lack cybersecurity awareness.
Human errors can be attributed to many more causes, but we can basically divide them into two different types:
- Errors due to lack information
- Wrong decisions made to take an action
These two types of error types basically cover all human factor errors.
Lack of Knowledge
It is generally seen in users who are not aware of cyber security. Because they do not know how to act correctly in the situations they encounter, decisions will be wrong. For example, they do not see that they have to delete the content of the incoming mail without opening it from a phishing mail attack when clicking on the mail to view the mail content and unintentionally inform the other party that the mail address is active.
Even though end users increase their security awareness, their wrong decisions against phishing or other social engineering attacks encountered in moments of high distraction pose a danger to themselves or the associated institutions. Unfortunately, threat actors who feed on such mistakes know human psychology very well.
An Example of Human Factor and Breach Data a Ransomware Attack
Cisco Ransomware Case
Yanluowang ransomware group made a post on Tuesday evening, August 10, that it claims to have hacked Cisco and will publish it. After the ransomware group, Yanluowang shared, Cisco made a statement about this alleged incident on its official site. The statement stated that the detection date of the attack was May 24, 2022.
How did the attack take place? The details of the article published by Cisco were shared on the Darkweb and leaked. The attackers seized the personal Google account of the Cisco employee. Cisco’s information, which was kept in sync with the victim’s browser via Google Chrome, bypassed MFA with the Vishing technique performed by the attackers and gained access to the Cisco network.
It is claimed that 2.8 GB of data was accessed due to the attack.
How Brandefense Fights Against Data Breaches
At Brandefense, we crawl and examine more than 100 resources used by threat actors in the dark web, deep web, and surface web on a daily basis. These resources include various types of resources such as communication channels used by actors, black markets, and forums. Thanks to automatic tools, we scan the data shared by the actors for malicious use in these channels and report the data of our customers to you without being involved in attacks. In this way, we ensure that our customers remain safe by reducing the ancestral surface in the hands of attackers.
Since our establishment, we have analyzed 35.4 billion data breaches and leak indicators for our customers.
CVEs Related To Ransom Attacks
Today, companies use various technologies to create their systems and maintain these systems in a healthy way. These technologies used also bring security risks. Threat actors, especially ransomware groups, are experts in exploiting unaware technologies, as well as phishing attacks, in carrying out their operations. For this reason, it is essential for companies or institutions to be aware of current vulnerabilities and to take necessary updates and measures against them.
Here again, the human factor comes into play. Users who have authority over the systems do not download the programs they have installed in order to carry out their operations from the original source due to lack of information, but download the malware from other sources or make the wrong decision and delay the update when the updates of the applications they use to increase the risk factors. Systems with such vulnerabilities are among the jumping points used by ransomware groups to carry out their operations.
How Brandefense Helps Companies About CVEs
With the increasing new technologies in cyberspace, the number of new vulnerabilities is increasing day by day. We publish special reports for our customers to understand the impact of new vulnerabilities in an early and understandable way. In addition, you can instantly follow the trending CVE codes on Twitter. Furthermore, you can automatically scan the assets you add, and if you have any questions, you can contact our analysts if there is a weakness. In addition to receiving notifications about the vulnerabilities of the technologies you use, we also offer solutions for them.