Protecting Your Digital Assets Is Essential
- April 6, 2023
- Canary Trap
In the digital age, we rely heavily on technology to carry out our daily activities. From shopping online to managing our bank accounts, digital assets have become an integral part of our lives.
However, with this convenience comes a great risk: cyber threats. Digital assets are highly coveted targets for cybercriminals, and that’s why we need to explore exactly why they are targeted and used as tools by cyber threat actors.
Any form of electronic data that has value to an individual or organization is a digital asset. This includes everything from Personal Identifiable Information (PII) like credit card and social security information to intellectual property and trade secrets. This makes it highly coveted by cybercriminals, because this information can be used to steal identities, commit fraud, and access accounts, which can incur in million dollar losses for organizations.
Why Are Digital Assets Targeted?
Digital assets are highly sought after for a variety of reasons, but easy financial gain seems to be the main motivation. Cybercriminals can make a lot of money stealing personal information, and selling it in the black market. According to a report by CNBC, “roughly $1.1 billion worth of cryptocurrency was stolen in the first half of 2018”, which was considered “pretty easy to do” by cybersecurity experts at the time, taking into account how the landscape has changed since.
Since digital assets can often be poorly secured, they have become easy targets for cybercriminals, who have developed more complex ways to try to take or destroy your assets.
- Phishing.
In a phishing attack, cybercriminals send an email that appears to be from a trusted source with a link that takes the recipient to a fake website designed to steal usernames, passwords and credit card information for financial gain. A recent example includes the attack on UCSF, which compromised data from employees and patients. UCSF Officials said they paid “approximately $1.14 million to the individuals behind the attack to unlock and return the encrypted data.”
- Malware.
Malware is a type of software designed to infiltrate a computer system without the user’s knowledge. Once the malware is installed, it can steal personal information, log keystrokes, and even take control of the computer. Cybercriminals use malware to steal digital assets like financial data and trade secrets. A recent example includes the more than $50 million lost by the University of Vermont Health Network after a malware attack on a computer.
- Ransomware.
In a ransomware attack, cybercriminals use malware to encrypt an organization’s digital assets. They demand ransom in exchange for the decryption key, and often threaten to delete the encrypted data. Ransomware can be devastating for organizations, especially those that rely heavily on their digital assets. You may remember the 2021 Colonial Pipeline attack, which according to reports could be “the largest ever cyber attack on an American energy system”, causing panic-buying, shortages and million dollar losses.
Digital Assets Used as Tools
Not only are digital assets targets for cybercriminals, but they can also be used as tools to carry out attacks, using methods such as:
- Botnets.
Botnets are networks of compromised computers that are controlled by cybercriminals. They can use them to carry out a variety of attacks, including Distributed Denial of Service (DDoS) attacks, which floods a website or server with traffic, causing it to crash.
- Social Engineering.
It refers to the use of psychological manipulation to trick individuals into divulging sensitive information. Cybercriminals can use digital assets like personal information and social media profiles to carry out social engineering attacks, for example: crafting phishing emails that appear to be from friends or colleagues.
- Credential Stuffing.
Credential stuffing is a technique used by cybercriminals to gain access to accounts by using lists of usernames and passwords obtained from previous data breaches. They use automated tools to test username and password combinations until they get access to steal personal information or carry out financial transactions.
How to Protect Your Digital Assets?
According to expert software architect, and Forbes collaborator, Thomas Griffin, before we even begin to protect our digital assets, we need to make a list. “This step is important because many business owners may not realize all of the digital assets the company owns.”, he says.
Individuals and organizations must take proactive steps to avoid falling victim to cybercriminals and protecting their digital assets, such as:
- Encryption.
This process scrambles data so that it can only be read by someone who has the key to unscramble it. Encrypting personal information and trade secrets can prevent cybercriminals from accessing the data even if they obtain it.
- Strong Passwords.
A strong password should be at least 14 characters long and contain a mix of uppercase and lowercase letters, numbers, and symbols. Passwords should be changed regularly, and individuals and organizations should avoid using the same password for multiple accounts.
- Two-Factor Authentication.
It is a security process that requires users to provide two forms of identification to access an account. For example, a user may be required to enter a password and then provide a code that is sent to their mobile phone. It helps prevent giving access to accounts even if cybercriminals obtain the password.
- Regular Updates.
Regularly updating software and applications is another important step. Software updates often include security patches that can address vulnerabilities exploited by cybercriminals.
In today’s world, your personal information, financial data, and intellectual property are ALL valuable digital assets that cybercriminals can use as tools to carry out potentially catastrophic attacks, and that’s why protecting those assets is essential.
There are a number of effective security measures, including encryption and two-factor authentication, that can help protect your data, but it’s also important to stay up-to-date on the latest threats and technologies to keep your digital assets safe.
SOURCES:
- https://www.cnbc.com/2018/06/07/1-point-1b-in-cryptocurrency-was-stolen-this-year-and-it-was-easy-to-do.html
- https://www.fiercehealthcare.com/tech/ucsf-pays-hackers-1-14m-to-regain-access-to-medical-school-servers
- https://vtdigger.org/2021/07/21/malware-on-employees-company-computer-led-to-cyber-attack-on-uvm-medical-center/
- https://www.vox.com/recode/22428774/ransomeware-pipeline-colonial-darkside-gas-prices
- https://www.forbes.com/sites/forbestechcouncil/2019/12/23/how-to-protect-your-companys-digital-assets/?sh=1041b5416c5f