The Rise of Email Compromise

THE TERM PHISHING is certainly becoming more prevalent in today’s cyber-security obsessed world. Cyber criminals pose as a CEO, finance director or other senior members of staff in a company and send fraudulent emails containing details of payments ‘that must be made immediately’ with bank details attached. The catch is usually the address that the email has been sent from; it will resemble very closely the email of the senior management figure, with this spoofing often duping unsuspecting employees into making the payments or disclosing financial/personal information as requested.

According to the Verizon Data Breach Investigations Report, phishing tactics were used in more than 90% of all security incidents and breaches in 2017. So why has there been such a rise in business email being targeted?

 

How does it work?

Phishing emails are very simple; target multiple users or one individual, in a company, convince them that the sender is a high ranking senior management member, extract sensitive information. The email will usually be labelled with high importance, eliciting a sense of urgency in the user (who wants to upset their CEO by delaying a task in an urgent email?) who then provides login credentials, credit card details or actually make the requested payment.

Some will contain a malicious attachment, so if users don’t fall for the money transfer requests they may still infect their PC and later the network with malware.

Links to sign-in forms (such as the Gmail scam that occurred at the start of 2017, affecting over 1 billion users) can also be included. The URL’s resemble the official one, so a glance at the address bar won’t raise any alarm bells unless you look closely, so even the most tech-savvy users can fall victim. Once credentials have been entered the attackers have full access to that account. This could obviously be disastrous if business banking credentials have been entered.

 

Believing your business is safe from an attack as ‘it hasn’t happened to us yet’ is not the way to be thinking anymore. So what can be done? 

  1. Improving User Awareness 

Training employees on how to spot phishing attempts, what to do if they are in receipt of one and how to defend against attacks.

According to the Verizon Data Breach Investigations Report:

30% of phishing messages get opened by targeted users and 12% of those users click on the malicious attachment or link.

It’s also important to encourage employees to report possible incidents or breaches as soon as they are discovered.  Clear and readable security policies should be implemented and distributed to all users regularly so employees are aware of their roles and responsibilities during such an incident.

Ongoing security awareness training should be considered for all IT team members on a regular basis to keep their knowledge of evolving scams up to date.

2. Management Involvement 

Assigning key responsibilities for cyber security at management level ensures all employees are aware that is is being taken seriously, and provides a great example for them to follow. Of course everyone within a company has a part to play in keeping the infrastructure secure, but it does need to start at senior management level to show the importance.

A tech-savvy staff member should be allowed time to keep informed about the latest phishing techniques, preferably a senior member of the IT team. By being aware of latest scams as early as possible, the management board can be informed and discuss the best way to prevent the business being affected.

3. Build your Battle Plan

Ensuring your IT infrastructure is as robust as possible must be a priority at all times. Although very important, gone are the days we could just rely on heavy duty firewalls to prevent malicious traffic reaching its target.

  • Two factor authentication can be used over a variety of applications and software, either built in or as an ‘add on’. With most people only having one layer of security (their password) to protect accounts, two-factor authentication adds a security code that must be entered on top of this. This can be directed towards your mobile or a security key. With 2FA enabled, should the bad guys gain control of passwords they still won’t be able to access what is behind without the users phone or security key.
  • Updates are released in response to loopholes that phishers can take advantage of. Ensuring all IT systems are up to date is often forgotten about. We’ve previously posted about how patching can help prevent major security vulnerabilities (read more here), this also reaches out to anti-virus and anti-malware. Should the worst happen, this is your first line of defense. Browsers should also be updated as soon as one is available. A good patch management schedule will ensure this is carried out regularly.
  • A quick check to verify site security of a site is not time consuming but does help give you peace of mind. Make sure the URL begins with ‘https’, and that a small, closed padlock icon is visible near the address bar.
  • Anti-virus should be installed across all devices, including remotely used ones. New security definitions are added all the time, which makes ensuring the software is up to date even more important. AV helps prevent damage to systems by scanning every file coming through the internet to your PC.
  • Scrutinize an email address or URL if you’re a little bit unsure. Sender of an email joe.bloggs@exampl3.com rather than the usual @example.com? Don’t trust it. It doesn’t hurt to reach out and double check with who you believe the email is from separately to check.

 

Unfortunately there is no fool-proof way to prevent attacks occurring; promoting a company culture of staying vigilant and being on guard is one of the best defenses you can have.

 

For information about how Netshield can assist with your anti-phishing policies and defenses, please feel free to contact us here.

 

 

Advertisements

Malware – The Potential Horrific Consequences

In the Kaspersky Security Bulletin it suggests Corporations are increasingly falling victim to Cybercrime, a whopping 91% of those surveyed by Kaspersky Lab and B2B International  fell victim to a cyber-attack at least once in the last 12 months. The top causes included Viruses, Malware, Spam and Phishing – in 2013 alone Kaspersky Lab products detected almost 3 billion malware attacks on user computers!

Spam and Phishing is certainly not a new concept but, the emails sent are becoming more sophisticated, they are adopting an appearance of something that the recipient is familiar with – appear like it is from a delivery company, social media, stores etc.

Spam can just be a simple form of electronic junk but, it can also be malicious spam with the purpose of either make money, obtain sensitive information or spread malicious codes – like CyptoLocker, which surfaced in 2013, it would encrypt the victim’s data and sell it back to them for monetary gains. It is a Trojan Ransomware distributed through a series of phishing campaigns. The emails imitated well-known delivery companies and financial institution preying, on our trust of these companies and our curiosity to see what the attachment is about. It effected over 12,000 victims within one week and to this day there are still stories of CyptoLocker causing chaos and victims paying to obtain decryption keys for their own data.

The sophistication of spam, malware and phishing attacks is not just limited to emails being sent through a computer – but, in January it was found 750,000 spam emails were sent from compromised smart fridges!

However these fridges were not infected using traditional methods like a Trojan Horse but, most of them have been ‘simply left open, so existing software running on them can be used by attackers’ said a spokesperson for Proofpoint who made the discovery. It would be interesting to know, how many people have smart fridges and how many people would buy one?

The US retailer ‘Target’ would be one of the recent examples of how malware can cause horrific consequences. Target’s point-of-sale (POS) system was infected with malware, causing as many as ‘40 million credit and debit card details and 70 million customers’ personal details being stolen in a cyber-attack!

This POS malware attack has caused financial losses, decrease in brand reputation and consumer confidence. In a recent press release issued by Target due to the attacks they had to reviewed their forecasts, predicting a 2% – 6% decrease in sales for this quarter and whether it is directly related to the data breach or not, Target also stated there will be store closures in May.

Target’s incident shows being a victim can have an impact on profits, consumer confidence and brand reputation. A malware breach on this scale is not something that a company can recover from overnight and it can potentially have long-term implications but, only the coming months will reveal the true scale of the consequences for Target.

The consequences of being victims of spam, malware, viruses and phishing is never a good one. In general the motive is simple – cybercriminals want to obtain business data and make money! So, be vigilant and make sure your systems are protected.

To discuss methods of protection against malicious software contact us today.