How has Email Compromise Evolved?

The murky world of business email compromise has changed. Hackers are becoming more and more resilient to the traditional methods of thwarting their attempts at stealing data.

Keeping data safe is critical for businesses, but for each strategy used to combat security threats another appears. In some cases, generally low skill is required to carry out attacks against infrastructures, but successful attempts could result in large payouts for the attackers. 

According to the FBI 2017 Internet Crime Reportlosses were reported of $13.4 billion. The top cyber crimes reported involved personal data breaches and phishing. 

So what’s changed? 

Over the past 12 – 18 months, the rise of email phishing has been documented across the globe. An email impersonating a business CEO, finance director or executive with a sense of urgency requests money to be sent to (usually an international) account or transfer via crypto-currency. These emails are usually short and to the point, and often look as though they have been sent from a personal email address. 

Email phishing is very difficult to contain. It does require user awareness, as well as a robust anti-spam filter in place. 

Malware infected emails and attachments not only have the ability infect and encrypt entire networks from one email on one PC, but also launch remote access tools and keyboard logging software. 

Voice phishing is less common, but equally as devastating. A call posing as a supplier, such as the company bank may not raise too many questions. You could be advised that an urgent payment hasn’t been received. People are more likely to trust the voice of another human being, and this basic physiology is exploited during these conversations. 

You may remember the Microsoft scam; an attacker posing as a Microsoft technical employee will call and advise the user that their PC has been infected by Malware. A ‘fix’ is then downloaded which is capable of stealing personal data, such as financial details from the PC. 

Social media also has a role to play. Using sites such as Facebook, Instagram and Twitter allows attackers to research their targets to help improve their impersonation. Just the way users communicate on the platforms can assist attackers. 

Cryptocurrency use has boomed over the last 12 months. The use of such sites as BitCoin makes it near impossible to trace accounts and once the currency has been transferred, it’s not something the target will ever see again. 

So what can we do to keep our data safe? 

User awareness is more important than ever. Training schedules must be in place to ensure all employees (including remote workers) are aware of their role in maintaining email security, and how to spot phishing attempts. Having the right resources in place helps employees to keep themselves, and the business safe during their working days. 

An effective backup system must be tried, tested and have a frequent schedule in place (nightly preferred). Cloud based services reduces the risk of data loss, corruption or theft over the traditional hardware based backup media. An off-site backup will also provide an extra layer of security. A robust anti-virus and patch management programs should also be maintained. 

If you would like further information on how Netshield can assist with securing your infrastructure, please give us a call on 0333 200 1636, or email info@netshield.net
Advertisements

Why do we overlook the importance of patching?

The importance of patching is often forgotten about, with IT teams finding the time to keep user, network and security devices up to date often impossible!

The overall security of an infrastructure should be top priority, and one of the most effective preventive measures against potential threats is patching. Patching is the process of repairing system vulnerabilities which have been discovered applying to operating systems, servers, desktops, software applications, firewalls, mobile devices, the list goes on!

Unpatched systems are an easy target; with new vulnerabilities being discovered constantly, it is common for cyber criminals to exploit, target and gain entry to networks. We only have to look at the fallout from the WannaCry and NotPetya attacks to understand how effective using vulnerabilities on unpatched systems can be. A report from the Online Trust Alliance stated:

There were over 160,000 security incidents impacting businesses in 2017 – almost double the amount reported in 2016!

This is due to cyber criminals becoming more tech savvy in exploiting vulnerbilities, and perhaps businesses becoming too busy to focus on their network security.

Of course, proactively preventing such vulnerabilities causing problems is preferred to reactively attempting to mop up after a security incident. This is where patch management comes into play.

The Benefits

Manually checking for and applying updates is a mammoth task; the sheer number of available updates can be overwhelming especially for some SMB’s who may not have their own onsite technical team. To remove this time consuming job, patch management will automatically control the update process. This can also include devices in remote locations, especially helpful for remote workers that use company phones or laptops. Those devices and applications that are easy to forget about can also be included, removing any surprises later on.

Patch management enables the scheduling of a time and date for patches to be deployed, which is especially useful for devices located across different time zones. Setting updates to install out of hours or outside times of high employee productivity minimises the amount of business disruption faced whilst still maintaining the level of security needed.

Removing the need for IT teams to analyse updates, patch management also helps to free up time allowing other productive tasks to be looked at, or dedicate more time to looking after existing systems.

Effective Patch Management 

What does an effective patch management programme look like? The methods used will obviously vary for each company; there’s no ‘one size fits all’ configuration as each need is different. Typically, an automated patch management system is implemented. This requires the install of an agent which allows the control and management of patches from a web-based interface. Companies with a smaller network may wish to outsource this management to perform the deployments from a remote location.

So, you have the programme in place. A less obvious part of the whole management is a policy. This would dictate how often patches are performed, how quickly they need to be scheduled (especially critical updates) and a plan for rollbacks.

 

In summary, in order to keep your infrastructure safe and secure, regularly applying patches to all software should be prioritised. Cyber security needs to be taken seriously by all to stay ahead of the criminals.

 

Netshield can assist with the automation and management of the patch process, from your entire infrastructure to just a select few network devices. If you’d like further information, please don’t hesitate to get in touch.

 

 

 

 

 

 

 

Anti-Virus – Do we still need it or is it doomed?

With the advancements in technology the threat landscape is evolving too.

Malicious software is becoming harder to detect and remove – it is also starting to affect a wider range of devices because of the ‘Internet of Things’. There has been some cases that advance malicious software can even bypass the anti-virus software by changing its code!

In some ways there is truth behind what Brian Dye, senior vice president of Symantec famously said a few months ago ‘Antivirus is dead’ and it is ‘doomed to failure’ because Anti-Virus relies on a signature database to block out malicious behaviours so, if a particular piece of malicious code has never been seen before – you will probably be a victim to it.

However AV is not completely doomed as Eugene Kaspersky quite rightly said, it is still ‘very much alive and kicking’ because as threats evolved so has the traditional AV. It is about choosing a product that has a database that is continuously updated and have a good feature set.

Many vendors are now reinventing AV and changing it to ‘Endpoint Security’ which offers a wider range of features from your standard things like Anti-Virus, Anti-Spyware and Anti-Malware but, include features like application control, mobile device security, encryption and rule-based system behaviour blocking.

However security has become more complex and just because AV or ‘Endpoint Security’ has more features, we cannot just relying on it to be the sole system defences, it is not viable anymore. It will not provide an adequate level of protection for a modern day complex network.

Networks have developed into complex environments with multiple layers and a range of devices connected so, a layered approach to network security is key because it helps protect the different level within the infrastructure.

AV should just be seen as the first line of defence only, its aim is to protect users from things like spam emails, malicious attachments and websites. Occasionally some will get through but this approach is more secure and safer. Always keep in mind there is no 100% defence against the malicious cyber-attacks because the variables are always changing. Continuously network monitoring is also key to catching any abnormal behaviour.

For more information on network security please feel free to contact us on 0845 603 5552 or info@netshield.eu

Netshield Anti-Virus service – powered by BitDefender

Anti-Virus software is a necessary evil – it can take valuable time and energy to deploy, update and manage and they are not all the same! Netshield Anti-Virus is a comprehensive solution that acts as your first line of defence against malicious software.

Check out the video below for a quick summary…

Could being sociable online be dangerous to businesses?

‘Social Engineering is the technique of manipulating people into performing actions to divulge sensitive or confidential information’ – Cyber Security Guide 2013

 

Social media has grown considerably in recent years, not only it is a tool individuals use to interact, create, share or exchange information, it is also increasingly important fsocial mediaor businesses to have a social presence.

However, being sociable online can come at a cost, it can be a security risk otherwise known as ‘Social Engineering’ – ‘a non-technical intrusion that is reliant on human interaction and tends to involve trickery, causing individuals to break usual security protocols’.

Social Engineering is heavily reliant on personal information and social media is a goldmine for Social Engineers looking to do harm. It relies on individuals being careless with their information and the results can be harmful to individuals as well as businesses.

Many Viruses, Phishing and Malware email attacks are now are prime Social Engineering examples. This is because they are getting more personalised and often you have to look at it twice before you realise it is not legitimate. Like CryptoLocker that disguised itself as a delivery note from popular courier companies or phishing emails disguising themselves as well-known banks.

social engineeringSocial Engineers also take advantage of individuals natural inclination to choose passwords that are meaningful to them and using them for a number of logins. By using meaningful passwords, paired with personal information gained from peoples online presence – it can make them easy to guess. By uploading photos of your pet, comments about a restaurant or your daily activities, it can be used by a hacker to build a picture of you.

‘12% of social media users say someone has hacked into their social network account and pretended to be them according to the 2013 Norton Report’

It is not about censuring online activity but, individuals and businesses need to understand how valuable information is, how it can be used against us and how we should take precautions to minimise the risk of social engineering.

For more information on how to defend against Social Engineering contact one of our Netshield consultants today on 0845 603 5552.