Posts Tagged ‘phishing’

Are You Paranoid? Anatomy of a Successful Hack

Posted on: February 25th, 2019 by jiml | No Comments

Are you paranoid? If so, good! Studies have shown that users who are paranoid about data security are actually more secure! A recent study from Datto, also reported that only 36% of small to medium sized businesses feel ransomware is a significant threat. Compare this to those that work in the Information technology field where that number jumps to 89% who feel ransomware is a significant threat. This is a very large gap between the general public and those in the technology field. Perhaps technology professionals deal with data security on a daily basis and are more in-tune with the threats. Regardless, it is surprising that only 36% of small to medium sized businesses take ransomware seriously. It might pay to be a little more paranoid.

In addition to ransomware, there are other significant threats out there. As we mentioned in a previous blog post, the majority of successful hacks start out as phishing emails. Phishing emails are much more sophisticated than in years past and hackers identified where they are going to make their money. The tactic is to attack people working in finance and management. Executives and finance workers are the primary targets of Business Email Compromise attacks.

Anatomy of an Attack

The hacker will send phishing emails to attempt to trick the user into entering their email credentials. They accomplish this by simulating emails from various popular email platforms like Microsoft Office 365 or Google’s G Suite service. There is a good chance at least some of the people they are phishing will use one of these popular services. Once the user enters their credentials, the damage is done. The hackers will immediately download the users email and later scour it to see who they might be able to attack next to extract money, like a payroll company, or  a customer or vendor. They will use web mail services to gain access to the phished users account and be able to send out emails as that user. (Legitimately coming from their account!) They will set up email rules to deliver responses from targets to themselves and ensure that the unsuspecting hacking victim in finance never sees the correspondence. They will send emails to payroll providers saying, “Please set up a 1099 worker quickly and wire them a paycheck to this account” or email a customer saying, “Please pay this old invoice ASAP or services will be discontinued”. The receiver will see this email as legitimately coming from the hacked finance user, someone they know. The victim may even correspond with the hacker via email asking questions, thinking they are talking to their finance contact. The unsuspecting hacked finance user will never see these conversations.

These attacks are the fastest growing type of attack statistically. They are a real threat to your business. How can you protect your business? Here are a few of the top methods:

• Educate users about the threat
• Enable two-factor authentication for email
• Disallow forwarding to external domains
• Ensure quality spam filtering
• Set SPF records for your domain
• Perform phishing simulations

Are you paranoid? Perhaps the better question is “Are you paranoid enough?”. The threats are real and businesses suffer financial harm every day as a result.

If you would like to discuss how better protect your business, call us at 888-600-4560, email us, or visit us on Facebook or Twitter.

 



Not Your Father’s Phishing Scam

Posted on: July 30th, 2018 by jiml | No Comments

According to a recent FBI study, the weak link in security is us! (People) Specifically, people who click on things they should not or give out information they should not. Cyber Criminals have put a high emphasis on targeting the human element of businesses. The easy way to bypass technology security measures is to trick someone into letting you in! Once the hackers have valid credentials into a network, they will have the same access rights as the person they hacked and give themselves a platform to try and escalate those privileges even further.

Social engineering and phishing scams have evolved greatly in the last few years. Gone are the days when phishing emails were poorly spelled emails from a supposed Nigerian Prince looking to get your bank account information so he can deposit a million dollars in it. Today’s scams are much more difficult to detect and often specifically arranged to try and fool employees of your company. One technique is called email spoofing, where the hacker pretends to be an influential person in your organization. This is an incredibly easy hack to pull off as most businesses have information about their management teams on their web site. In addition to these phishing emails becoming more sophisticated and more common (one recent study by a prominent anti-phishing platform estimates 91% of data breaches come from phishing attacks), the damage done by hackers is also on the rise. Some strains of ransomware will infect your Master Boot Record and essentially turn your computer into a brick if the ransom is not paid. In cases like this, hackers are not after your information, they are purely going after your money. No ulterior motive in play here.

**Remember** : When your business get hacked it doesn’t just affect your business. Once a hackers compromises your email, as an example, they now can see who you communicate with and they will start attacking your customers, your vendors and your partners. A hack at your place of business can cost you business relationships!

Employee awareness is a key component to a comprehensive security plan. What can be done to combat the kinds of sophisticated phishing attacks that are on the rise? Colden Company has a service that will generate phishing emails (without the dangerous results if users click on them) so that you can identify who needs more training and awareness of these types of scams. Every business has them. You could send an email with skull and crossbones, with a note that says “Do Not Click” and someone in your organization will click it. After-all, somebody was falling for the Nigerian Prince scams or they would not have continued for so long. These are the people that put your business at risk! These are the people that specifically need targeted training. Our phishing tests will do just that by sending out sample emails and identifying who is clicking and providing training and feedback immediately.

Today’s cyber world calls for increased security and increased employee awareness. To find out who your “clickers” are, call us at 888-600-4560, email us, or visit us on Facebook or Twitter.







Phishing Scam Du Jour

Posted on: March 31st, 2015 by jiml | No Comments

Did you know that March 31 is World Backup Day? It is designed to bring awareness to the importance of backups, especially in today’s world. It is important that your backup processes keep up with the changing times. Click here for more details about “intelligent disaster recovery”.

Our recent survey responses indicated that security was a topic of interest to our customers. For this blog posting, we would like to share some information with you from one of our security partners, Proofpoint. Proofpoint is a leading information security organization that works with organizations of many sizes and industries including many of the Fortune 500. Proofpoint Engineers keep us apprised of the latest threats so that we can better protect your business. Here is a recent email from our partner with information on some of the latest threats that you should be aware of:

Credential phishing remains a popular technique by malware campaigners, with Outlook Web Access credentials joining other webmail accounts as a frequent target. As the use of cloud-based documents becomes more and more widespread, phishing campaigners have also been leveraging this behavior as a lure for their messages, with some benefits for their credibility and effectiveness.

A recent example examined by Proofpoint researchers demonstrates the key ingredients of this kind of attack, as well as a clever innovation attackers have recently added. Google Apps credential phish are among the most common email-borne threats Proofpoint currently detects, and organizations that have adopted Google Apps for regular internal use are particularly susceptible to clicking.

In this example, rather than taking a potential victim straight to a (fake) login page, clicking the link brings up very realistic Google docs shared document landing page.

blog

The page is a perfect replica of an authentic Google page, with the exception that it is delivered via HTTP, rather than HTTPS. Failing to notice this warning sign, the recipient clicks the Download button and then sees the Google login page, again almost identical to the authentic equivalent.

blog2

For added flexibility, the malicious document also supports logins for other webmail services, such as Yahoo, Hotmail, AOL, and even an “other” option in which the victim can enter any corporate credentials. This enables the attackers to extend their reach by pulling in and leveraging a wider range of credentials.
Credential phish normally drop their ruse after the victim has submitted their credentials, but in this case the attackers follow through with the ‘login’ by displaying an actual document.

blog3

This technique reduces the risk that a user will realize right away that something was amiss and giving the attackers more time to make use of the stolen credentials. Buying even a few hours gives the attackers more than enough time to leverage the victim’s stolen credentials to deliver the next round of messages.

Another advantage of launching credential phishing campaigns from compromised Google accounts is that a relatively minor effort delivers highly believable, targeted phish thanks to the ability to scrape the victim’s Contacts list and use it to populate the list of recipients for the next step of the campaign.

A similar attack technique employs a fake Dropbox document to capture credentials for the cloud-based document-sharing service. Like the Google Apps credential phish, the login page shown to the recipient is perfectly credible:

blog4

This example was taken from the cloud-document phishing campaign of an actor that tends to prefer campaigns with more limited scope, often distributing less than three URLs across 30-50 messages per week, often targeting on 10 organizations, but in some cases as many as thirty organizations. Initially targeting organizations in the advertising and hospitality sectors then leveraging these to target businesses in the financial sector, the attacker seems to be shifting strategy of late to be less targeted and much more opportunistic. As if to underscore the relative value of this technique, scraping email addresses from the advertising and hospitality services executive accounts led – intentionally or not – to targeting executives in the financial sector in successive rounds of phishing emails.

Hacking via cloud-based document services and application accounts adds still more options to the value of a hacked email account by creating more opportunities to create campaigns that are at once more targeted, more effective, and more lucrative. Credential phishing with cloud-based documents will continue to grow in popularity as attackers leverage its advantages to stay ahead of defenses that are often still focused on well-known and easily defeated techniques.







Security on the Web

Posted on: July 25th, 2014 by jiml | No Comments

Where does a majority of spam originate? My guess is most readers would put China or Russia at the top of your list. Here is a ranking compiled by Proofpoint, one of the largest security firms in the US that provides spam filtering for many of the Fortune 500 companies as well as Colden Company customers.

Spam Countries List

Who had Argentina on their list ahead of China and Russia? I, for one, did not. Proofpoint goes on to break down the spam senders by percentage and as you can see from the graph below, The European Union is – by a wide margin – the leading spammer.

Spam2

The full article from Proofpoint can be read at http://www.proofpoint.com/threatinsight/pdf/threat-report/Proofpoint-Threat-Report-May2014.pdf.

The point of the above statistics is not to diminish the threat from countries like China and Russia. On the contrary, it is to point out that the threats can come from anywhere and there are far more threats out there than you may realize.

There have been many recent high profile cases of exposure, such as eBay and Target being compromised, and of course the dreaded Crytpolocker virus which comes via spam email. This virus is still a serious threat and we recommend taking a proactive approach to educating users to the threats that exist.

Another recent threat exposed by Proofpoint was something called an Advanced Persistent Threat (APT) attack that utilized a vulnerability in Internet Explorer (even up to the most current version, version 11). Phishing emails, designed to get the receiver to click on links to malicious sites to infect computers were sent out in bulk. This threat purportedly came from China.

While educating users is a necessary step in combating these attacks, what else can be done? Often anti-virus software is not enough to stop advanced viruses like Cryptolocker. Remember that anti-virus runs on your computer and searches for threats that are already there! Colden Company is offering two new services that can help protect your business from security threats like the ones listed above. The first is Web Protection which will be the subject of this post. The second is our Security Service offering which is a comprehensive security program for your business. More to come on that topic in subsequent posts.

Web Protection is essentially content filtering which allows your business to set guidelines for what is acceptable web content for your users to visit with some added security benefits. Our Web Protection package allows for the blocking of groups of sites like gambling sites or social media, while allowing for exceptions if you want to be able to update the company LinkedIn page, for example. Web Protection also allows for schedule setting so that you can, for example, block social media sites during working hours but allow them during lunch hour, giving you the flexibility to protect against productivity drain while allowing some leniency for employee satisfaction.

From a security standpoint, Web Protection does something else to safeguard your business. It has a continuously updated list of known bad sites that harbor malware and viruses and prevents your users from accidentally or purposefully accessing those bad sites. Often times, users contract malware innocently while attempting to perform very valid work. In those accidental cases or in the case of the phishing email in the example mentioned above, Web Protection steps in and prevent your user from going to the malicious site and contracting the virus or malware. Web Protection saves your business from those mistakes!

Ask us more about this service and we believe you will be shocked at how inexpensive it is to deploy and provide your business with an additional layer of much needed security protection. We can be reached at (888) 600-4560, at info@coldencompany.com, or see us on Facebook or Twitter (@coldenco) as well.