Social Engineering is The Biggest Threat to Your Data

Security
26
Dec 2016

puppetmaster-1
We all expect hackers to use malicious code to access our sensitive data and networks, but the easiest way for them to gain access is actually through us.

It’s easy to feel that your data and network is secure once you’ve armed yourself with firewalls and antivirus software, but the truth is that hackers can easily circumnavigate your defenses by coming at them from a non-digital angle.

And hackers are frequently turning to social engineering in order to trip us up and access our systems and networks quicker than ever before. Giving hackers an easy ride is the last thing you want to do, so it’s time to brush up on the dangers of social engineering.

What is Social Engineering?

You’re probably most familiar with social engineering through those ridiculous emails which promise you millions of dollars in exchange for helping out a Nigerian prince with a bank transfer. All you have to do is forward your bank details, social security number, driving license and shoe size to an associate of this Nigerian prince to help facilitate the process…

Obviously, this is nothing more than a scam and it’s been around for well over 10 years and most people recognize this, but some people still fall for it! Thankfully, emails such as this are swiftly diverted to our spam folders these days, but hackers are adapting more sophisticated and personalized methods such as the breach of Snapchat’s defenses following an email which purported to be from Snapchat’s CEO.

And, believe it or not, but some real life social engineers are confident enough in their abilities to walk into businesses and start hacking computers in front of blissfully ignorant employees. If anything defined the evolution of social engineering and hacking then it’s this, so how do you combat the rise of social engineering?

Combatting Social Engineering

bigstock-man-and-data-protection-concep-39531229-720x380
As social engineering is such a deceptive method of hacking – which sometimes doesn’t even involve an internet connection – it’s very difficult to rely on your tried and trusted firewalls and antivirus software to safeguard yourself. Therefore, it’s crucial that you put other defenses and processes in place:

  • Slow down and think – Social engineering thrives upon its victims letting their guard down and this often happens due to them acting too quickly. Say, for example, you receive an email from your CEO requesting sensitive data, you don’t want to keep the boss waiting, but is it genuine? Would the CEO come direct to you for this or would he delegate this through the appropriate channels?

 

  • Don’t rely on email filters, rely on people – With a few tweaks, it’s easy to get any email through any email filter. And that’s why you need to rely on the knowledge of your employees. The best way to ensure that employees can recognize social engineering attempts is through regular training on what the tell-tale signs are.

 

  • Monitor your servers – Due to the ability of social engineers being able to literally walk in and take what they want, you need to make sure that your servers are monitored by CCTV. This allows you to identify and record any unauthorized access to prevent the most embarrassing form of data theft for any organization.

 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

The Threat of Malvertising

Security,
20
Dec 2016

malvertising

Some websites are seen as trusted, but malvertising is a new threat to the world of cyber security and may cause every website to be viewed with caution.

Now, we’ve all been irritated by online ads whilst trying to enjoy our favorite websites, but, with the advent of malvertising – short for malicious advertising – they’ve reached a new level of irritability. And it’s a threat that has the potential to affect everyone with popular sites such as Spotify and Reuters already falling victim.

As it’s such a new threat, it’s a good idea to familiarize yourself with the signs and symptoms of malvertising in order to protect your data and feel safe.

What is Malvertising?

online_shopping_scam

Popular websites tend not to handpick their adverts and, instead, they turn to third party ad networks who are able to use complex algorithms and read cookies (tracking files left legitimately by websites) to deliver bespoke adverts to visitors.

And, what many people are unaware of, is that when you connect to sites such as Spotify and Reuters, you’re also connecting to a number of other web addresses and these can include third party ad networks. Naturally, this instantly provides a number of routes for hackers to exploit that the web user is completely unaware of.

With malvertising, hackers use these footholds to deliver malicious adverts which may appear to be genuine, but contain malware. Sometimes the web user will need to click on the ad to activate its payload, but many other forms of malvertising will embed scripts in the affected webpage to automate the execution and infect the user.

Malvertising is also particularly effective as it’s able to ascertain details of the user’s operating system and web browser which is crucial for hackers to launch specific attacks e.g. Firefox running on Windows XP will have different vulnerabilities to Internet Explorer running on Windows 8.

Hackers can also target specific individuals by infecting ads which use specific keywords e.g. a lawyer looking for “lawyer briefcase”, so this, again, highlights just how sophisticated and bespoke a method of hacking malvertising is.

Combatting Malvertising

protect_against_advertising

Malvertising may be new, but it doesn’t mean you need to panic about being defenseless. In fact, if you follow the advice below then you should find you’re well protected from malvertising:

  • Keep your browsers updated – Internet browsers such as Chrome and Internet Explorer are designed with safety measures in place to identify websites exploited by malvertising. However, you need to ensure that your browser is up to date to ensure you’re protected from the latest threats.
  • Update Flash – We’ve discussed the security flaws in Abobe Flash before and it’s no surprise to discover that malvertising just loves to exploit Flash. Therefore, it’s crucial that all patches and updates are installed as soon as possible. Or, alternatively, just disable Flash from running at all times.
  • Use ad-blockers – Popular with many users, ad-blockers prevent ads from being displayed and prevent users clicking on them and activating malware. These may, however, block genuine adverts that are necessary, but these can easily be put on ‘exceptions’ lists.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Security Fatigue Is a Threat to Data Security

Security
13
Dec 2016

confusion

We’re frequently bombarded with requests to remember and reset passwords, but this taxing memory drain is causing security fatigue and making us less safe.

And this security fatigue is causing PC users to take shortcuts with their cyber security e.g. using the same password time and time again across all the online platforms you have to sign in to. Whilst this is a simple solution, it’s also incredibly unsafe as it’s compromising the security of almost all your data.

As this is a security threat which is entirely rooted in the user base, it’s one that’s relatively simple to treat, but in practice it’s one that’s overlooked. Let’s take a look at exactly what’s happening and how you can tackle it.

What Is Security Fatigue?

It seems that not an hour goes by where we’re not prompted to change a password, verify an incoming connection or download a security patch. And this can be a time consuming affair when we’re in the middle of something important, so many PC users begin to experience security fatigue and go for the easy option: ignore everything.

Unfortunately, this puts you at a high risk of susceptibility to hackers. If we go back to our password example, from earlier, we can begin to understand the risks of security fatigue – you won’t just lose one account’s data, but all your data period. And, obviously, overcoming this security fatigue and creating multiple passwords is going to contribute heavily towards damage limitation.

Tackling Security Fatigue

security-fatigue-a-wakeup-call-for-business

The use of computers in our daily business lives has rapidly expanded in the last 15 years, so the need for security has rapidly increased accordingly. Whereas you once needed just one password to log on your PC, you now probably have to have a whole host of passwords for accessing databases, online portals and emails etc.

As a result there’s no going back to the days of single passwords – we now require around 25 daily to cover all our needs – so we need to learn how we can adapt to this new landscape. And there’s no use dismissing the threat of hackers targeting your data simply because it doesn’t relate to anything important. If a hacker can find even the most insignificant entry point into your network they’ve got a huge head start on causing damage within.

Organizations, therefore, need to work towards lightening the load on their user’s security requirements, but at the same time keep their data secure. This is not an easy problem to solve, but by employing the services of security companies you can gain professional insights on the best way to create a simple security system which reduces the difficulty of decision making and prevents security fatigue setting in.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Taking Down the Internet: The Attack on Dyn

Internet,
06
Dec 2016

ddos-attack

Even the biggest firms are failing to combat cyber-attacks as a recent DDoS case has revealed; if the big firms are struggling, what does this mean for you?

Well, what’s most interesting is that this distributed denial of service (DDoS) targeted some major players of the online world such as Twitter and PayPal. As you would imagine, these firms spend millions of dollars on cyber-security, but they were still successfully hacked and found their services severely disrupted.

It’s incidents such as this which highlight just how frail security defenses can be when confronted by a formidable foe. To help you understand how the power is shifting out there, I’m going to take a look at the current landscape.

The Dyn Inc DDoS Attack

 

outagemap-0

The DDoS attack we’ve been focusing on was aimed at the cloud based online infrastructure company Dyn Inc; basically, these guys form the server backbone for brands such as Twitter, PayPal and Netflix.

And it was this backbone which was targeted by hackers through a phenomenal botnet capable of transmitting 1.2 trillion (that’s 12 zeros!) bits worth of data at Dyn Inc every second. Understandably, these huge amounts of data soon brought severe data outages and this is why sites like Twitter suddenly disappeared from the web.

Fortunately, this huge influx of data eventually stopped, but it was an attack of such magnitude that it’s left the security industry very concerned.

Why Are Attacks Getting More Prolific?

DDoS attacks have steadily been ramping up their power in recent months, so it seems as though there’s a concerted effort amongst hackers to outdo each other. This is a dangerous scenario and is leading us down a path towards a world of super powerful hackers.

These hackers are also being helped in the upsurge in popularity of the ‘internet of things’. Thanks to the huge proliferation of internet ready devices (smart TVs, security cameras and even heating systems) there are now more entry points to your core network than ever before.

In fact, a recent mock-up of a wireless toaster demonstrated just how quickly hackers can find access points to networks. In this example, everything was securely set up to prevent any damage occurring, but not all Wi-Fi ready devices are this secure. It’s predicted that any device which can be accessed by the public is potentially vulnerable.

And it’s in sharp contrast to, for example, a decade ago when hackers only had the limited choice of attacking PCs, but the playing field is now becoming wider and wider with the internet of things. Matters aren’t helped by the increase in popularity of ‘cyber-crime as a service’ which allows anyone to buy hacking tools or services from the dark web and carry out crude cyber-attacks.

Protecting Yourself

 

ddos-diagram

Hackers are becoming more and more sophisticated, so it’s crucial that you conduct a thorough analysis of your security precautions on an ongoing basis. It’s paramount, in particular, to keep a close eye on any devices which connect to the internet as they may need specialist attention to make secure.

When it comes to preventing DDoS attacks, it’s a little harder as they’re difficult to prevent. Sure, you can have ‘bad traffic’ routed elsewhere, but this is a very costly service. And this is why the future for cyber-security is a little uncertain and means hackers are increasing their chances of successfully completing a hack.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More