Security Trends to Look Out For in 2019

Cyber Attack, Encryption, Hacking, Internet of things, Ransomware, Security, Security Threats, , , , , , ,
04
Dec 2018

2018 has been a year where malware, ransomware and data breaches have barely been out of the headlines, but what’s in store for cyber-security in 2019?

As long as there’s a digital landscape, hackers will continue to launch an array of attacks that take in numerous different techniques. And, most importantly, they will continue to evolve their methods to avoid detection and cause more damage to networks and the PCs on them. With this in mind, it’s perhaps the best time to take a look at the security trends which will be most important for your organizations defenses next year.

To help you get prepared for next year, we’re going take a look at some of the major security trends to look out for in 2019.

Backups will continue to be Crucial

With ransomware still remaining a prevalent and major threat to secure and essential data, backing up your data regularly and rigorously will be a vital task for all organizations. Backups may seem a costly affair in terms of budget and time, but it only takes one employee to fall victim to a ransomware scam for your entire network’s data to be compromised. And with new ransomware scams such as Zenis deleting backups, it’s essential that offsite and non-network backups are also held.

Coinminer Malware Remains a Threat

Cryptocurrency is still a lucrative business and mining for cryptocurrency continues to generate large amounts of cash. However, whilst this is perfectly legal and above board, the use of coinminer malware is far from legal or ethical. Due to the amount of processing power involved in mining for cryptocurrency, hackers are using malware to enslave PCs remotely and using their processor power to mine for cryptocurrencies. This form of malware has become harder to detect and more sophisticated throughout 2018, so expect it to evolve further in 2019.

The Hacking of IoT Devices will Increase

Close to 27 billion IoT devices will be connected in 2019 – an increase of nearly 3 billion compared to 2018 – so you can bet your bottom dollar that the number of attacks in this arena will increase accordingly. Unfortunately, many owners of IoT devices are still neglecting to change the default password to access these devices and this is giving hackers free rein to take control of them. Not only does the default password debacle remain an issue, but hackers are now designing malware to take advantage of vulnerabilities in IoT devices.

Security Training

Due to the threats already presented, security training will become paramount in 2019. As hackers evolve their methods of attack at a rapid pace, keeping your organization’s staff aware of these threats is one of the best forms of defense you can employ. Awareness training hammers home the basics of good security practices and you’ll find that these can also be used to combat the new threats which will no doubt go head to head with your security defenses.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

High Profile Organizations that Have Been Phished

Cyber Attack, Hacking, malware, Phishing, Phishing Email, Ransomware, Security, Security Threats, , , , , ,
02
Oct 2018

Phishing is now so prevalent and sophisticated that even the biggest organizations on the planet are likely to be duped by phishing scams.

Immunity from such attacks is a difficult privilege to secure, so any organization that wants to remain productive needs to understand the threats out there. While you would expect most phishing attacks to target smaller, less secure organizations, this couldn’t be further from the truth. Instead, many hackers are taking on high profile organizations due to the challenge on offer and the publicity that such attacks bring.

Understanding how these businesses have been phished is crucial as it helps you to understand exactly why you need good security. To provide you with a foundation of knowledge, we’re going to look at some high profile organizations that have been phished.

Facebook and Google

Two of the biggest names in business on the planet, Facebook and Google found themselves at the center of the same phishing scam a couple of years ago.

Evaldas Rimasauskas, from Lithuania, used a simple phishing campaign whereby he posed as the head of a Taiwanese parts manufacturer called Quanta. Key to this scam was that Facebook and Google both used the genuine Quanta company to conduct business with. Through a combination of compromised emails, forged invoices and a lack of suspicion on the two tech giants’ behalf, around $100 million was paid out to Rimasauskas between 2013 – 2015.

Anthem

Anthem is one of the largest health insurance companies in the US and, as you can imagine, they hold a substantial amount of private and confidential data. However, in 2014 they lost nearly 78.8 million consumer records due to a phishing attack.

It’s believed that a foreign government was behind the attack, but the method employed was still ridiculously straightforward. An employee at an Anthem subsidiary opened a phishing email which allowed malicious content to be downloaded to the employee’s PC. Once these files were executed, hackers were able to take control of the PC by remote access and start making their way deep into the Anthem network. One of the sections that were of most interest was Anthem’s data warehouse where the hackers had access to customers’ medical histories, social security numbers and address details.

Snapchat

The popular social media app Snapchat found one of its employees being targeted by a spear phishing scam in 2016 which compromised confidential data.

A seemingly innocuous email was sent to Snapchat’s payroll department in February 2016 which claimed to have been written by the company’s CEO. The email requested that employee payroll information was forwarded on for internal reference. Unfortunately, one of the payroll employees did not realize this was a less than genuine request. A significant amount of personal information about former and current employees was then emailed to an external party. Due to the nature of the data obtained, hackers then had the potential to use it to engineer identity theft.

RSA Security

Even IT security companies aren’t safe from the threat of phishing emails as RSA security discovered back in 2011.

Hackers designed two separate emails which were sent to four employees at RSA’s parent company EMC. The emails, which appeared to be from a recruitment website, contained an attachment referred to as ‘2011 Recruitment plan.xls” in the email’s subject line. However, this was a malicious attachment and, upon clicking it, a zero-day vulnerability in Adobe Flash would be exploited and lead to the download of a backdoor virus onto the user’s PC. The hackers were then able to access RSA’s network where they had access to 44 million employee records.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

4 Ways to Tell If You’re Being Phished

Cyber Attack, Hacking, malware, Password Security, Phishing, Phishing Email, Ransomware, Security, Security Threats, , , , ,
25
Sep 2018

Phishing is big business for hackers and you can rest assured that it’s a niche they’re keen to exploit, but how do you know when you’re being phished?

Kaspersky Lab reported around 246 million phishing attempts being executed in 2017, so it’s fairly clear that phishing is taking place on a monumental scale. And, to provide a little perspective, those 246 million phishing attempts are only the ones that were picked up by Kaspersky’s software. If you factor in all the other security providers’ data then you’re left with a staggering amount.

Phishing, therefore, is something that you’re likely to encounter and, the truth is, your organization is likely to receive a significant number of phishing emails every day. Thankfully, protecting your business from the dangers of phishing emails is relatively easy. And, to help boost your defenses, we’re going to show you four ways to tell if you’re being phished.

1.  Analyze the Email Address

While it’s straightforward to mask an email address with a false one, many hackers simply don’t bother. And that’s why you’re likely to find that most phishing emails are sent from unusual email addresses. Say, for example, you receive an email from your bank asking you to provide sensitive information regarding your account, it’s not going to come from a Hotmail address, is it? However, many people fail to check the sender’s email address and, instead, become distracted by the seemingly genuine contents.

2.  How’s the Grammar?

A tell-tale sign of a phishing email is poor grammar and even worse spelling. Hackers, after all, aren’t too bothered about honing their command of the written word. All they want to do is hack and hack big. Accordingly, their emails will fail to contain the type of language you would expect to receive from a work colleague or another organization. So, remember: if they can’t spell your name in their opening introduction then you should be highly suspicious.

3.  Did You Ask For Those Attachments?

Hackers love to catch their victims out with attachments that contain a nasty payload, so any attachments should always be treated with caution. Sometimes these attachments can be easily identified as malicious, but it’s not always simple. First of all, ask yourself whether the attachment is relevant to your job. If you work in the service department and you’ve been sent a spreadsheet relating to company finances then there’s no need for you to open it. Secondly, keep an eye out for file extensions you don’t recognize as opening these could easily lead to executing malware.

4.  Deceptive Links

One of the main objectives of a phishing email is to take the recipient away from the security of their PC and onto dangerous websites which are riddled with malware. And the best way they can do this is through the use of a deceptive link. While a link may look genuine on the surface, it can easily direct you somewhere else altogether. The best way to verify a link’s true destination is by hovering your mouse cursor over the link to reveal the true URL address.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

How Did the DNC Get Hacked by Phishing Emails in 2016?

Cyber Attack, email links, Hacking, malware, Password Security, Phishing, Phishing Email, Security, , ,
18
Sep 2018

You may think that political parties understand the need for good security, but back in 2016 the DNC suffered a major hack due to phishing emails.

Thanks to a sustained attack, Russian hackers were able to infiltrate email accounts of those involved within Hilary Clinton’s campaign to become president of the United States. And, as you know, the rest is history. However, not many people are aware of exactly how the DNC got hacked so extensively that highly sensitive information was obtained and then leaked to the public.

Although not every single detail has been revealed, we know enough that the hack was, in relative terms, a fairly simple execution. Naturally, you’re unlikely to be targeted by the same people who are involved in political attacks, but their methods are likely to be similar. Therefore, we’re going to take a look at how the DNC was hacked by phishing emails, so you can understand how to avoid it.

Phishing for DNC Secrets

The hack began on March 10th, 2016 and involved a batch of heavily disguised emails, which appeared to be sent by Google, being sent to key members of Hilary Clinton’s campaign team. These emails purported to be advising the recipients that their passwords needed changing in order to strengthen their security. However, the links contained within these emails sent users to a malicious website where strengthening security was the last thing on their mind. With these email accounts compromised, the hackers were then able to access private contact lists held within them.

Within a day, the hackers had access to confidential email addresses for key targets within the DNC campaign. And, almost immediately, the hackers began to send phishing emails to these email addresses in order to work their way higher up the chain of command. Despite the presence of two-factor authentication, the hackers’ persistence paid off as they eventually managed to breach the defenses of John Podesta, chairman of the DNC’s campaign. This email account, alone, provided access to 50,000 confidential emails.

This assault is believed to have been organized and orchestrated by the Russian cyber-espionage organization known as Fancy Bear. Despite accessing such a huge amount of emails from Podestra, Fancy Bear intensified their hacking campaign and this led to security experts becoming suspicious of methods being employed to dupe Google’s spam filter into accepting malicious emails into the inboxes of DNC targets. The clean-up operation, however, was too late and Podestra’s breached emails were soon published on Wikileaks.

Be Clever, Don’t Get Phished

The 2016 attack on the DNC is probably the most famous, and damaging, phishing attack in cyber-history. Simply due to a few members of staff clicking malicious links, an entire election campaign was brought to its knees. Reinforcing good email security, therefore, remains a crucial practice for any organization in modern business. Even with millions of dollars of security in place, the DNC fell victim to a simple phishing scam and, next time, it could easily be your organization.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

What Should You Do When You Receive a Phishing Email?

Hacking, malware, Phishing, Phishing Email, Security, Security Threats, , , ,
11
Sep 2018

Phishing emails are the scourge of our inboxes and there seem to be more and more each week, so what should you do when you receive a phishing email?

The aim of phishing emails is for the sender of said emails to obtain sensitive information from the recipient. This goal is realized by cleverly disguising the email to make it look as genuine as possible and, therefore, gain the recipient’s trust. Data targeted by phishing emails usually relates to sensitive details including login details and passwords. And this data leakage can cause serious harm to businesses with the average cost of a phishing attack on a medium sized business costing around $1.6 million.

No organization that wants to remain productive and competitive wants to deal with the chaos of a phishing attack, so we’re going to take a look at what you should do when you receive a phishing email.

Do Not Open Phishing Emails

The best way to avoid the dangers of phishing emails is very simple: Don’t open them! This, of course, is easier said than done as phishing emails have become incredibly sophisticated over the years e.g. spoofing email addresses. However, if for any reason whatsoever you do not recognize an email address or there’s something unusual about the email subject then it’s always best to err on the side of the caution. Instead, move the cursor away and get your IT team to investigate it before going any further.

Leave Links Well Alone

Opening a phishing email isn’t enough, on its own, to activate the malicious payload, but it’s very simple to do so. Phishing emails often contain links which, once clicked, send the user to malicious websites where malware is automatically downloaded to the user’s PC. This malware is usually very discreet and is able to run silently in the background where it is able to log keystrokes or even take control of the user’s PC. So, remember: if you don’t recognize the sender of an email, it’s crucial that you never click their links.

Don’t Respond

Phishing emails will often try to gain your trust by establishing a connection, so you need to be mindful of these deceptive tactics. By hitting the reply button, for example, you’re demonstrating to the hacker that not only is your email account active, but that you’re willing to engage. And, if a phone number is provided, never ever ring it as it will involve further social engineering and potentially a very high phone charge to a premium member. It may be tempting to respond, but always say no and move away from engaging.

Report the Email

Any form of hacking represents a serious threat to the security of your organization, so it should be every employee’s duty to report a phishing email as soon as possible. This allows your IT team to analyze the email and its contents before taking action. This could be as simple as deleting it securely or telling you that, actually, it’s safe to open. Ultimately, shared knowledge allows your entire organization to stay on top of phishing emails, so, even if you’ve clicked something you shouldn’t have, report it immediately.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 18 19 20 21 22 29