Today's world is rife with threats from all types of cyber criminals. To make matters worse, many types of attacks are nearly impossible to detect and even harder to avoid. One of the most subtle vectors of attack is a tactic often referred to as "Social Engineering", a concept first espoused by Kevin Mitnick, a legendary hacker who's 1995 arrest and prison sentence for various computer and communications crimes sparked a career as a well paid security consultant. His past is hardly a deterrent to the new breed to criminal hackers yet he has gained respect as an extremely intuitive security consultant.
It is very easy to neglect or fail to address security issues until it is too late. The neglect often happens when corporate IT systems grow over years or teams move on to new projects. So how does this happen? When a project is placed into production, it is nomrally subject to some form of a security audit to ensure risks are mitigated. Even if a project finishes and has completed security hardening when placed into production, a manager must take continual action to ensure periodic security reviews are done in the future as new exploits and vectors of attack become known. Unless an enterprise is regularly conducting security audits, it is very easy to become vulnerable through lack of action.
From decades of consulting work, we have developed a proven process to help businesses identify areas of security that require ongoing review and empower teams to conduct those reviews. The frameworks for these is fairly simple, yet unless implemented, cannot result in success.
It is a good idea to understand the major categories of security issues. The following is not considered an exhaustive list and new threats appear weekly. To remain vigilant, we recommend subscribing to our security bulletins. Here are some common types of threats.
There are too many other scams and security threats to list. Every day, new threats, viruses and types of attacks emerge.
Most attacks are done for financial gain. Ransomeware is a term used to denote a popular pattern of seizing files from an infected computer or server and demanding a monetary reward to their return (often using Bitcoin or other cryptocurrencies are they are notoriously difficult to track). In the fake support scam shown above, once criminals have your credit card, they can pretty much add charges to it at any time, without any further notifications to you. If you have been the victim of one of these types of attacks, report it to authorities immediately and monitor your credit card for suspicious transactions.
Others compromise systems for political or social purposes. The political angle is a popular tactic shared by many hackers loosely referred to as "anonymous" in the press. Contrary to popular belief, Anonymous is not a group nor does it have members or any structure or corpus. It is simply a tactic. If a person ever claimed to be a member of anonymous, you can be assured they do not have any idea what they are talking about. Those who subscribe to this tactic do not pay membership fees and carry Anonymous ID cards in their wallets. The opposite is true. A true practitioner of this tactic will likely feign complete ignorance about it when publicly questioned as the goal is to remain anonymous at all costs. Hackers using the anonymous manifesto have hacked computers systems in the past with goals of exposing or "outing" persons or activities the hacker believes are wrong and need to have a spotlight shined upon. These often include individuals how have wronged others, such as those who used to taunt and torture Amanda Todd, driving her to suicide. As such, some anonymous practitioners have gained a Robin Hood type status in the general community.
More complex goals of hacking are linked to global military gains and industrial espionage. As recently as 2021, a massive breach of multiple systems operated by many branches of the United States government was accomplished by hckers sneaking rogue code into a commonly used software update system. Foreign state actors were believed to be behind that attack. Many industrial and scientific knowledge espionage hacks were also noted in the past years.
If you have a website, we recommend spending at least two hours per year to have someone review your code base to determine if you have any technology components that have known vulnerabilities. There are still millions of websites using insecure versions of jQuery and other libraries that the authors have deprecated due to security issues. Many forms are not properly secured and the code that processes form entries can be used to spam others in some cases. We can quickly identify such libraries and recommend quick replacements, often with minimal resources. The graphic below shows a very common pattern of use of jQuery 1.9, deprecated as insecure.
We do not publish details of security analysis and threat assessment online as it would provide attackers with invaluable information on how to better hide their activities. We work with enterprises in strict secrecy and operate under a clock of non-disclosure.
To begin a security assessment, use the contact form on this website to start the process. We can custom tailor packages to any sized corporation or individual.
Any new clients receive a 100% free initial consultation with us. We have great packages for website security audits starting at just $199. We have Similar packages are available for mobile apps and other forms of software. Please use the contact form to begin your audit today.