Skip to main content

IS ZERO RISK ACHIEVABLE?

 

IS ZERO RISK ACHIEVABLE?

 

 

The forecasts in the field of cyber security are all more pessimistic than the others. Those made for the year 2020 were already not sad and unfortunately the actuality only confirmed them: It is said that computer attacks have exploded in 2020. We talk about exponential curve and inventiveness of the attackers (Guillaume Poupard, general director of ANSSI - National Agency for Information Systems Security) and this statement is valid for the whole world.

 

1.

 

The following list, which only shows a few of the most resounding attacks month by month, only confirms this observation:

 

-          January 2020: Travelex, Manor Independent Scool District, WAWA, Microsoft…

-          February 2020: Estee Lauder, Danish Tax Portal, DOD DISA (White House), General Electric, UK Financial Conduct Authority…

-          March 2020: T-Mobile, Mariott, Whisper, UK Home Office, Virgin Media, MCA Wizard…

-          April 2020: US Small Business Administration, Nintendo, Email.it…

-          May 2020: EasyJet, Blackbaud, Mistubishi, Illinois, Wishbone…

-          June 2020: Amtrak, University of California SF, AWS, Postbank, NASA…

-          July 2020: CouchSurfing, University of York, MGM Resort, V Sherd, EDP…

-          August 2020: Cisco, Canon, LG, Xerox, Intel, The Ritz London, University of Utah ...

-          September 2020: Nevada, BancoEstado…

-          October 2020: Barnes & Noble, Boom! Mobile, Google, Ubisoft, Crytek… (1)

-          November 2020: 30 healthcare organizations reported breaches, which resulted in nearly one million health records compromised, Ransomware continued to be the most common cyber threat, Ransomware Forces Baltimore County Public Schools to Close, US Fertility Clinic Giant Struck by Ransomware, Patient Data Stolen, Delaware County, PA, Country $ 500K DoppelPaymer Ransom, IOT Manufacturer Hit With $ 14M Ransomware Demand, Medical Billing Co. Data Breach Affects 100,000+ Students… (2)

-          December 2020: T-Mobile, Metro Vancouver's TransLink Transportation Agency, Dental Care Alliance, SolarWinds to Infiltrate 18,000 Government and Private Networks (3).

 

For the year 2021, G DATA CyberDefense predicts that it will be the year of "ransomware 2.0", with increasingly aggressive attacks,

 

More professional social engineering and more innovative malware (4)

 

Ransomware will become more and more "aggressive, targeted and intelligent" in a word, more sophisticated.

 

Malware-as-a-Service platforms and polyglot code (combining harmless files with malware) will be used on a larger scale. (5)

 

Hence, the need to "implement epidemiologically inspired approaches to quantify cyber threats that have not been observed, detected, or spotted to better address detection, risk assessment, and prioritization gaps" (Sophos 2021 Threat Report).

 

2.

 

In order to spread viruses or worms in their target's installations in order to steal data, exfiltrate them or penetrate information systems, attackers use vectors.

 

Among the most used and known vectors are Phishing in all its forms (Smishing, Vishing, Spear Phishing, Pretexting, Baiting, Answering, Water holding, Quid pro quo), social engineering (which is the main vector used for Ransomware), not to mention compromised websites, malvertising which requires no intervention from the victim, brute force, skimming...

 

Of course, there are many recommendations, means and tools that can be used to protect oneself from computer attacks. 

 

The best way to fight phishing and social engineering is to educate the users.

 

But in general, PREVENTION, DETECTION and RESTORATION are the keys to a good protection of a computer system.

 

Experts recommend, in case of a computer attack, to respect the 1-10-60 rule, that is to say 1 minute to detect the attack, 10 minutes to investigate and identify the nature of the attack and 60 minutes to remedy it.

 

But we have to admit that this rule is only an ideal to reach, an ideal that is in fact never or very rarely reached. To be convinced of this, it is enough to note the number of victims and who they are.

 

3.

 

Having held, from the middle of 2020, the same reasoning that led the SOPHOS team to conclude the 2021 threat report, PT SYDECO team concluded that the best way to protect a facility was to take inspiration from nature and follow its rules: Every living being has an immune system that protects its body from external bacterial attacks.

 

And when there is an epidemic, precautionary measures must be taken. Among these measures, the most basic is the isolation of the infected body.

 

PT SYDECO's Research and Development team had already created ARCHANGEL© to protect the internet and SST© to protect data by transforming and writing them in the form of waves without the use of any key, when are appeared, with the covid 19 pandemic, the attacks carried out against hospitals which resulted in deaths and against public services, depriving their users of their vital services (for example, the hacking of the computer system managing the drinking water network of a city in Florida).

 

It is a fact that against computer attacks, the traditional means of defense are ineffective: the attackers show an overflowing imagination and the time to find the adequate parades, the damage is done and the consequences are sometimes terrible: Death, Bankruptcy, Heavy financial burden, Loss of reputation...

 

The attacks against hospitals and public services have shown that it is not only the data that must be protected, but also and above all, the information systems.

 

It was therefore necessary to be able to immunize the information systems, programs, source codes against any attack.

 

A firewall, just like an antivirus, needs to know the nature of the attacking agent in order to counter it, and this knowledge comes only after a certain amount of time has been spent studying it.

 

Even if the staff of a company is educated, mistakes are human.

 

In these conditions the zero risk cannot be reached.

 

Therefore, to be effective, the system must be able to resist all types of attacks, all new viruses or worms, any failure of the staff to open wide the doors of the computer network of their office.

 

4.

 

PT SYDECO has created SP-One© (6) with all these requirements in mind.

 

SP-One© is a program and a system that is creating a hermetic secure shelter around the source codes or programs that are used either in an office, an administration, at University, in the Cloud, in any mechanic or in SaaS.

 

SP-One is acting as the immunity system of any information system.

 

One of the most important benefits of SP-One© is that even if the information system of an organization is victim of an attempt of a Ransomware attack and during and after such attack, THERE WILL BE NO DISCONTINUITY, in its work, its production, or its services:  

 

1.      The Hospital will continue to care,

2.       The Industry will continue to produce,

3.      The University will continue to educate their students,

4.      The Public Services will not stop.  

 

NO HUMAN LIFE IN DANGER, NO RANSOM TO BE PAID, and NO LOST IN PRODUCTION, NO LOST TIME IN REPAIRING THE SYSTEMS….   

 

5.

 

SP-One© system, which uses SST© and ARCHANGEL© technologies, does not need to recognize the type of attack in order to provide an effective defense: it obeys the 0-0-0 rule, which is the best one that can exist.

 

If SolarWinds had protected its company's software system with SP-One, it would have been impossible for the attacker to penetrate it and add malicious code into the company's software system.

 

So we can say that with SP-One©, ZERO risk is no longer a utopia.

 

*

 

(1)    https://www.zdnet.fr/actualites/2020-les-cyberattaques-qui-ont-marque-l-annee-39914023.htm

(2)    https://arcticwolf.com/resources/blog/top-cyberattacks-november-2020

(3)    https://arcticwolf.com/resources/blog/top-5-cyberattacks-december-2020

(4)    Bill Fassinou, https://securite.developpez.com/actu/310972/2021-sera-l-annee-du-ransomware-2-0-avec-des-attaques-de-plus-en-plus-agressives-une-ingenierie-sociale-plus-professionnelle-et-des-malwares-plus-innovants-selon-G-DATA-CyberDefense/

(5)    https://www.globalsecuritymag.fr/G-DATA-IT-Security-Tendances-pour,20210111,107020.html; https://www.sentinelone.com/blog/7-common-ways-ransomware-can-infect-your-organization/

(6)    https://syde.co/sp-one/

 

 

 

Comments

Post a Comment

Popular posts from this blog

QUIZZ

The 3 first ones who will give the right answers to the 10 following questions will win a Personal Firewall ARCHANGEL© PICCOLO   1.       What is the relation between the 3 background photos that are on the profile page of Mr. Patrick HOUYOUX President-Director of PT SYDECO? 2.        How many devices does the Firewall of Next Generation ARCHANGEL© 2.0 series SA1470 protect and how many secure tunnels does it create? 3.       What is the price of a one-year licence that a user of ARCHANGEL© PICCOLO will have to pay to continue protecting his or her IT installations from the second year onwards? 4.       What are the three programs which are housed in a single server that enable PT SYDECO's Integrated Protection System, to protect data at all times? 5.       Can PICCOLO protect a Smartphone? 6.       When (D/M/Y) did PT SYDECO signed a MOU with the Faculty of Engineering of University Gadjah Mada Yogyakarta? 7.    What are the three main features that make SydeCloud©, PT SYDECO'
Post a Comment
Read more

A lesson in cyber safety

In an article published on 19 June 2023 in globalsecuritymag.fr/, Benoit Grunemwald, cybersecurity expert at ESET France, recounts the cyberattack suffered by REDDIT, an American social news aggregation, content rating, and discussion website, in February of the same year, and draws some lessons from it. This article follows the hackers' attempts, last repeated on 16 June, to obtain a ransom of 4.5 million dollars in order to delete the 80 GB of data stolen from the company, to which the company did not respond. The data was not encrypted, so the company did not lose it. However, the same cannot be said for its reputation.  Benoit Grunemwald explains that " It all started with a phishing email to harvest employee account data. All it takes is for a single employee to be trapped for cyber criminals to gain access to internal documents, software code, employee data , etc." He goes on to stress the " need to integrate in-depth security methods and resources, such as zer
Post a Comment
Read more

BOT attacks: a growing threat on the Internet

Bot attacks , the malicious and damaging use of automated computer programs known as bots (or BOTS), have become a growing concern and a pervasive reality in the modern digital landscape. BOTS, or software robots, are automated programs originally designed to perform tasks on the Internet without human intervention. Unfortunately, hackers have also managed to turn them into a hacking technique, created with malicious intent, to manipulate, defraud or disrupt a site, application, API or users, potentially causing enormous damage to businesses and users, compromising the security of systems and data. To carry out their BOTS attacks, the majority of hackers use software called botkits, which are freely available online and sold on the Dark Web. Vendors of this type of software also offer paid services to carry out BOT attacks, including software to power DDoS attacks. BOT attacks include, but are not limited to,  Email Spam , which is used to send spam emails containing malicious software
Post a Comment
Read more