As Data Security Deteriorates, Reconsider Your Exposure
March 22, 2021 Alex Woodie
The shift towards digitalization wrought by COVID-19 and the associated lockdowns has given new life to cybercriminals, who are exploiting the changes in computer access patterns to steal data and enrich themselves. For IBM i shops, the time to lock down vulnerable endpoints in the system-of-record was yesterday.
If you’re not feeling a sense of urgency about the data security situation, then you’re not paying attention. Since the start of the year, numerous reports from security professionals have alerted the IT community to new and evolved dangers that are lurking online.
Consider a report due this week from SlashNext Threat Labs, The State of Phishing 2021, which discusses how phishing attacks exploded last March.
As the COVID-19 pandemic kicked into high gear, so did cybercriminals. The company says researchers saw a 3,000 percent increase in COVID-19 theme phishing URLs practically overnight.
“Cybercriminals launched thousands of new phishing pages every hour to harvest personal information, steal corporate data, and commit credit card fraud with no sign of slowing down,” the researchers write in the report.
Phishing has grown since then. By the middle of 2020, SlashNext Threat Labs was seeing 25,000 phishing threats per day. That hit 50,000 threats per day by December, and grew to 80,000 threats per day in early 2021. All told, the number of phishing URLs on the Web has increased by 42 percent from 2019 to 2020, when there were 10 million detected by the company.
Phishing attacks are getting more sophisticated and tougher to detect. There is always a telltale giveaway to a phishing attack – a malformed URL is the real payload here – but that is not stopping people from clicking them. According to SlashNext’s study, 40 percent of employees have clicked on a phishing attack in the last 30 days.
The reason for the increase is that cybercriminals have grown quite sophisticated at using automation, AI, and behavioral targeting “to launch mass quantities of highly targeted spear phishing attacks simulating messages from trusted sources,” the company says.
In other words, most phishing attacks today are now spear phishing attacks (i.e. targeted attacks). The Tolly Group says in a report that Microsoft and Proofpoint now fail to detect two-thirds phishing emails. However, 85 percent of phishing attacks now don’t use email, according to Fire Eye.
Phisher people have bought new rods and reels, and expanded into new waters. Text-based phishing (i.e. “SMishing”) is on the rise, along with phishing via video games, collaboration tools, and videoconferencing platforms. We have even been treated to Twitter-based phishing attacks, which is probably more like trawling.
It seems long ago, but back in the summer of 2020, Elon Musk and other celebrities like former President Barack Obama and Microsoft co-founder Bill Gates appeared to tweet messages saying they wanted to give away Bitcoin. The recipients, of course, had to click on a URL that, of course, was malformed. The celebrities’ Twitter accounts had been hacked.
“Throughout 2020, we’ve seen a litany of high-profile breaches that have created real damage,” the SlashNext report says. In addition to the Twitter hack, Marriott International and the World Health Organization were breached.
The sheer number of compromised accounts means that it’s likely that that you or somebody in your company has already been compromised. “A 2020 audit of the dark web audit revealed 15 billion compromised logins from 100,000 breaches,” says FireEye, the cybersecurity research firm that SlashNext was spun out of. “Virtually every organization has infected features and employees.”
While Phishing can be used as a means to a range of ends, it is often tied to ransomware, which has also seen a uptick since COVID-19 started. In the healthcare industry alone, ransomware attacks have impacted 600 clinics, ensnared more than 18 million patient records, and cost the victims almost $21 billion, according to the data security firm Comparitech.
IBM i shops are not immune to phishing and ransomware attacks. While traditional malware can’t very easily impact the native file system, the IBM i server’s IFS is as vulnerable as any other Windows-based file system.
There are plenty of stories of IBM i being victimized when the IFS becomes infected with Windows viruses and ransomware. The IBM i’s reputation as an iron-tight server often ends up hurting organizations because employees just assume that the server is secure. In fact, the IBM i server is one of the most secure systems on the planet, when it is properly secured.
The solution, then, becomes obvious: Do more to properly configure the IBM i server, and in particular the IFS system. That’s the advice provided by says Tony Perera, the president and co-founder of IBM i security software company Trinity Guard.
“Why give the opportunity for a hacker to come?” Perera said in a recent interview with IT Jungle. “Lock it down as much as you can. Secure your IFS and secure your network through exits, especially the socket exit. Secure all of that, plus monitor what’s happened. Secure as much as you can. If you are only using Port 21 and 25, block every other port. So that way a hacker won’t penetrate through the system through an open port.”
IBM i offers multiple layers of protection. In addition to network security (i.e. exit points) and authorities granted through user profiles, there is the object security system that allows customers to lock down objects on the system. Using a mix of security controls in a layered fashion is the best way to minimize the odds that your IBM i server gets compromised, according to Carol Woodbury, an IBM i security expert and co-founder of DXR Security.
“What I see people doing going forward is taking advantage of the multiple layers of defense that IBM i has,” Woodbury said in the recent IBM i Futures Conference sponsored by COMMON. “We have a lot of features that comes right with the operating system.”
The uptick in malware and hacking during COVID-19 pandemic has laid bare the need to ensure that all exposed elements are locked down, from the IBM i server to the laptop used to log onto corporate networks from home.
“There have been a lot of people who have been infected with malware, with ransomware,” Woodbury said. “It’s just realizing that it’s not the endpoint they have to secure but it’s throughout their entire enterprise.”
If there’s a bright side to the pandemic, the lockdown, and working from home, it’s that more folks realize the value of their IBM i data, Woodbury said.
“I think that this pandemic has helped bring this to light and when that data isn’t available for some reason, it causes business disruption,” she said. “I think that people are really starting to take notice of that and will start importing more of those multiple layers of defense.”