How cyber criminals are targeting your staff
We often hear that ‘humans’ are the weakest link when it comes to Security. Whilst that may be true, it can be a little harsh to label us as such, when we are being actively targeted by cyber criminals at the same time as having day jobs/ targets to meet etc. etc….
The truth is, the bad guys are getting cleverer and cleverer in their schemes to try and persuade us to click on malicious links or attachments, without us spotting anything suspicious.
It’s akin to the way magicians work – they’re trying to get you to look in a certain direction, so you don’t notice the bunny was in the hat the whole time (sorry if I’ve ruined anyone’s childhood there…)
What we need is a greater understanding of the types of threats that involve human interaction in order for them to be successful. After all, how are you meant to spot something if you don’t know what to look out for?
Here are 5 campaigns that are currently very popular with cyber criminals:
What is it?
Phishing is a technique used by cyber criminals to lure you into providing valuable information like personal data, banking details or passwords.
They’ll likely use email, telephone or text message to contact you, usually pretending to be a person or company you trust.
Phishing rates continue to increase around the world and across most industries, and businesses consider it a significant problem. According to a recent survey of UK-based decision-makers, nearly 60 percent say they consider phishing emails the biggest cyber-threat to their businesses.
Watch out for:
- A sense of urgency. For example, if they urge you to act now to take advantage of something or prevent something.
- An overly generous offer.
- An email or attachment you weren’t expecting/ from someone you don’t know.
- Hover over links before you click on them. If it looks suspicious, it probably is!
- Do simulation exercises for assessing how your employees react to a staged phishing attack, and then educate them!
Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. They may be trying to act like someone you know. The thing about this scam is its simplicity. It doesn’t require access to your system, so there’s no need to hack past firewalls or guess passwords.
What to do:
- Check the sender’s address. Is there a slight misspelling?
- Put a policy in place; always verify wire transfers with a phone call (don’t just email back – the scammer can do that too!).
- Filter any messages that have an envelope sender (Mail-From) and “friendly from” (From) header that contain one of your own incoming domains in the email address.
A ransomware attack encrypts a victim’s data until the attacker is paid a predetermined ransom. Typically, the attacker demands payment in a form of cryptocurrency such as bitcoin. Only then will the attacker send a decryption key to release the victim’s data. 80% of ransomware attacks come in via email, but there’s an increasing usage of ransomware based network worms – which we say in last year’s Nyetya attack.
Watch out for:
- Suspicious emails or ads. This type of attack is usually done via email, where an unsuspecting user clicks on a link or opens a malicious attachment. It’s also done through “malvertising” – basically, an advertisement online that has been written with hidden malicious code and placed there by cyber criminals. The ad then takes you to a new website, which can contain malicious code that can attack your system or lock your files and send you a ransomware note.
What to do:
- Patch, patch, patch. Patching commonly exploited third-party software will foil many attacks. Keep your browser up to date.
- More and more ransomware attacks target the network. Limit the resources that an attacker can access. By dynamically controlling access at all times, you help ensure that your entire network is not compromised in a single attack.
- Never, ever pay the ransom. There’s no guarantee you’ll get your data back, and you’re only fueling the cybercriminals for more attacks.
- Back up regularly. You can afford to lose the files if you have a decent back up system in place.
Supply chain attacks
Supply chain attacks are an emerging and growing advanced persistent threat that can compromise the software update mechanisms of otherwise legitimate software packages. That then allows them to piggy-back on the distribution of legitimate software.
Here’s an example of one supply chain attack, alongside some advice from Cisco Talos expert Martin Lee.
What to do:
- If you have a place in a supply chain, ask your vendors/partners how they secure their supply chains. Ask them about their development practices and their internal security controls. How do they roll out patches and updates to their internal systems, and how often? How do they segment and secure their development, QA, and production environments? How do they vet their partners and vendors?
- Be sure to ask all of these questions of your own organization as well, or you could find that it’s your organisation that is the weakest link in the supply chain.
Using a mobile device off the corporate network
You could probably run a good chunk of your business from your mobile device. But what happens when you step outside the perimeter of your corporate firewall and log onto open Wi-Fi in a coffee shop or airport? The problem is that with most public Wi-Fi networks, information sent to and from a mobile device is unencrypted.
What to do:
- Choose a public network that uses a password, indicating that encryption is in use.
- A VPN connection will help, but when most employees are using cloud services to get their work done, consider a Secure Internet Gateway to stop threats at the DNS layer.
- Use secure websites (https)
- Keep software up to date. Yes, it’s annoying when that ‘Time to update your software’ message pops up – but most of the time they contain crucial security updates because a bug has been spotted.
- Disable sharing. Users’ Wi-Fi-enabled devices might be set automatically to allow sharing with or connecting to other devices. In a public network that means connecting to unknown and risky device.
- Don’t leave your mobile device unattended. No matter how safe you feel in your local coffee shop, never leave your laptop, smartphone or tablet unsupervised, and don’t stay logged in to any site you’re not actively using. Likewise, always remember to log off if you’re using a shared computer, such as at a hotel business centre.
See more cyber security tips on our European Cyber Security Awareness Month page