The Next Level of Security Threats: Doxware

January 19, 2017 | Views: 5724

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Estimated reading time: 2.5 minutes

IT security threats are constantly evolving. Criminals create new threats and new ways to bypass security as soon as IT professionals learn about current ones.  As infrastructures are hardened with new technology, criminals find that it easier to manipulate end users to do their work. Ransomware attacks have taken advantage of gullible end users so they can propagate onto a victim’s network. Now there is a new threat.

Doxware is a combination of two different types of threats. Doxing is the sharing of private information on the internet. Ransomware is the practice of encrypting data on a corporate network, or user’s PC, with the intent of holding it for ransom. Doxware combines these two. The criminals encrypt your local data so you cam no longer access it. At the same time, they also copy your sensitive information to their own servers, to retain for later use. The bad guys then request payment in a short period of time. Unless you pay, they will release your information out to the public. They target business data. That data includes names, addresses, phone numbers, social security numbers, photos, or patient data. They also target incriminating information that could cause financial loss or give up a corporation’s secrets. With ransomware, you could just clean up your drives and restore from a backup. With Doxware this is not the case. They have your data and they can share it if you do not pay. The other issue with Doxware is, even if you pay the ransom, they still have a copy of your data to potentially target you a second time. Things are escalating and getting serious. So far, there is not much that authorities can do to stop these threats. You have to protect yourself and your organization.

It is imperative to review your corporate IT security strategy and ensure that security measures are in place. If you do not have the expertise in-house to take care of this, hire a professional organization to help you. Another vital, yet, an overlooked task is to make sure your end users are trained to identify potential threats and report them immediately. I have started an end user security training course within my organization.  Although I have not yet been able to get it to every department, the few departments we felt would be the most targeted having completed their training. With this simple training, we have seen the reporting of possible threats increase significantly. We have also seen a decrease in the number of end users opening suspected emails and websites. The end user training was successful and impactful. It is something to consider doing within your organization to improve security and reduce risk of attack by evolving threats.

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
8 Comments
  1. Very useful. Thank you.

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel