Is cyber complacency the biggest cyberthreat of all?
It seems that it is raining cyberattacks as the methods for deploying attacks grow easier and more accessible. Malicious subscription-based services such as ransomware-as-a-service (RaaS) are prevalent. And, a recent launch of malware-as-a-service (MaaS) signals that the days of cyber complacency are over.
What is the Eternity Project?
An unidentified threat actor has launched the ‘Eternity Project,’ a Tor-hidden website where threat actors can purchase modules from a nefarious toolkit of malware. (Tor-hidden allows users to publish their service without revealing their identity through IP address.)
The Eternity Project has 500 followers on Telegram (a freeware, cross-platform, cloud-based instant messaging service) and modules in the project are notably affordable. Mainstream access to information about how to use the malware toolkit and the affordability of the various modules means professionals and amateur cybercriminals alike can acquire and deploy modules from the Eternity Project.
Different modules within the toolkit can be combined with others depending on the attack desired. Modules include an info-stealer, a coin miner, a clipper, a ransomware program, a worm spreader, and soon, a DDoS (distributed denial of service) bot.
What can risk management do to mitigate cyber complacency?
“Complacency is not an option if you plan to survive and thrive in 2022.” Here are three tips for upping your chances of digital survival in the current threatscape:
1. Say no to web browsers who ask you to “remember me.” Seriously, when your browser asks you to allow it to remember your credentials, your answer should always be “No or Never”. Unfortunately, browser manufacturers have duped users into a sense of security by allowing them to remember sensitive information including passwords, credit cards, addresses, etc. without regard to the risk they are taking. Web browsers and other tools, not purpose-built for identity and password management are akin to using an umbrella in a hurricane.
2. Find and use a good password manager. It’s incumbent upon all of us to use military-grade protection in the cyberwar we all face every time we touch a screen or keyboard. Pay for the premium versions of password managers – which, by the way, cost less than a cup of coffee and a bagel for a one-year subscription.
3. Above all else, use multiple layers of defense. Like it or not, we’re at war when it comes to protecting our private information. Assume and recognize your credentials have already been compromised and take proactive measures immediately to defend yourself and those around you. Protective gear and defensive weapons are not optional in this day and age.