Tag: Security

Featured Article : New Reports Reveal Two Key Cyber Security Insights

Posted on by Paul Stradling

With phishing attacks being favoured for their effectiveness by attackers and most ransomware attacks now targeting backup storage, we look at what businesses can do to protect themselves.

Spear Phishing Accounted For Two-Thirds Of All Attacks Last Year 

A recent report from security provider Barracuda has revealed that although spear phishing attacks make up just 0.1 per cent of all email-based attacks in 2023, they were responsible for two-thirds of all breaches. The report showed that a massive 50 per cent of the 1,350 organisations surveyed had fallen victim to a spear-phishing attack in 2022, a quarter had had at least one email account compromised via an account takeover. The report also showed that of those who fell victim to a successful spear phishing attack, 55 per cent had machines infected with malware or viruses, and 49 per cent and 48 per cent respectively had sensitive data or login details stolen.

What Is Spear Phishing? 

Spear phishing is a targeted form of phishing that aims to deceive individuals or organisations by sending bogus, fraudulent emails or messages. While traditional phishing attempts are more generic and widespread, spear phishing campaigns are highly tailored and personalised to trick specific targets, such as employees of a particular company or members of an organisation.

Targets Are Researched 

The attackers behind spear phishing typically research their targets extensively to gather information that will make their messages appear legitimate and increase the chances of success. They may gather details from social media profiles, online directories, or leaked data from previous breaches. This information is then used to create highly convincing email messages that appear to be from a trusted source, such as a colleague, a client, or a supervisor.

Personalised Content To Make Them More Convincing 

Spear phishing emails often contain personalised content, such as the recipient’s name, job title, or other relevant details, which makes them appear more authentic. They may also exploit psychological manipulation techniques to evoke a sense of urgency, curiosity, or fear to compel the target to click on a malicious link or download a malicious attachment. Once the recipient interacts with the malicious content, the attacker may gain unauthorised access to sensitive information, such as login credentials, financial data, or proprietary information.

The Consequences 

Spear phishing attacks can have severe consequences for individuals and organisations, including data breaches, financial loss, reputational damage, and further exploitation of compromised accounts.

How To Protect Your Business From Spear Phishing 

To protect against spear phishing, it is important to exercise caution when opening emails, verify the legitimacy of unexpected or suspicious requests, and regularly educate and train employees on identifying and reporting phishing attempts. Also, account takeover protection solutions with artificial intelligence capabilities can be effective.

It is difficult, however, to stop attackers from gathering the information about a business and specific personnel within that business to help them target their attacks. For example, some information may have been gathered from information stolen in previous cyberattacks or data breaches and may have been gathered from social media. Businesses should, where possible, be careful about how much information is shared online about the business and staff members, e.g., ‘meet the team’ or ‘about us’ pages, as this could also be used by attackers.

A Launching Point For More Advanced Attacks 

Spear Phishing is widely recognised as one of the most successful and commonly used techniques in cybercriminal campaigns and is favoured by attackers because it capitalises on human vulnerabilities/human error, exploits the trust placed in familiar or authoritative sources, and can be easier than trying hack complicated and well-defended systems – cyber criminals always look for the maximum payoff from minimum effort and risk.

By carefully crafting personalised messages, attackers can significantly increase the chances of success in compromising targets compared to generic phishing attempts. The level of sophistication and customisation in spear phishing attacks makes them harder to detect and raises the probability of successful infiltration.

Moreover, spear phishing serves as a launching point for more advanced attacks, such as targeted malware infections, social engineering exploits, or business email compromise (BEC) schemes. Once an attacker gains a foothold through spear phishing, they can proceed with their malicious activities, including data exfiltration, network infiltration, or financial fraud.

Reasons For The New Figures 

The reasons why spear phishing makes up only 0.1 per cent of all email-based attacks but are responsible for two-thirds of all breaches (i.e they have disproportionately higher success rate compared to other types of email-based attacks) are, therefore, that:

– Spear-phishing attacks are highly targeted and tailored to specific individuals or organisations, and this customisation makes the attacks more convincing, increases the likelihood of victims falling for them and, therefore, increases their effectiveness.

– These attacks take advantage of human psychology and behavioural traits, such as trust, curiosity, and urgency and, by leveraging these vulnerabilities, attackers can trick individuals into divulging sensitive information or performing actions that compromise security.

– Spear Phishing bypasses technical security measures, e.g. firewalls, antivirus software, and spam filters, enabling attackers to circumvent traditional security controls and directly target individuals.

– While spear-phishing attacks may target a specific individual initially, their success can lead to broader repercussions. For example, compromising one employee’s credentials through a spear-phishing attack could provide the attacker with access to sensitive systems or information, potentially leading to a significant breach affecting an entire organisation.

Most Ransomware Attacks Target Backups 

The 2023 Ransomware Trends Report from software company Veeam has revealed that 93 per cent of cyber-attacks target backup storage to force the ransom payment because it removes the option of recovery. The report found that these attacks are successful in debilitating their victims’ ability to recover in three-quarters of events and that more than one-third (39 per cent) of backup repositories are completely lost in these backup-targeted attacks.

Ransomware? 

As the name suggests, ransomware is a type of malicious software designed to encrypt files on a victim’s computer or network, rendering them inaccessible until a ransom is paid to the attacker (usually to a crypto account like bitcoin to avoid detection). It is a form of cyber extortion that aims to extort money from individuals, businesses, or organisations by holding their valuable data hostage.

Paying The Ransom? 

It is widely known that paying the ransom often doesn’t work and even if the ransom is paid, data can still be destroyed and/or, the attackers don’t provide the decryption key and simply make off with the money.

That said, according to the Veeam report, for the second year in a row, most of the organisations surveyed (80 per cent) said they had paid the ransom to end an attack and recover data, despite 41 per cent of organisations actually having a “Do-Not-Pay” policy on ransomware. Still, while 59 per cent paid the ransom and were able to recover data, 21 per cent paid the ransom yet still didn’t get their data back from the cyber criminals. Additionally, only 16 per cent of organisations avoided paying ransom because they were able to recover from backups. Sadly, the global statistic of organisations able to recover data themselves without paying ransom is down from 19 per cent in last year’s survey.

Protecting Your Business Against Ransomware Attacks

Typically, preventing ransomware attacks involves a combination of proactive measures such as regularly updating software and systems, implementing robust security practices, training employees on recognising and avoiding suspicious emails or websites, maintaining secure backups of important data, and deploying reliable antivirus and anti-malware solutions.

Veeam notes in its comments about the report’s findings that while best practices like securing backup credentials, automating cyber detection scans of backups, and auto verifying that backups are restorable can help protect against attacks, “the key tactic is to ensure that the backup repositories cannot be deleted or corrupted. To do so, organisations must focus on immutability.”  

Immutability 

Veeam reports that those who have fallen victim to ransomware have learned lessons and 82 per cent use immutable clouds, i.e. a cloud computing environment where the data stored within the cloud infrastructure is maintained in an immutable or unchangeable state. Also, 64 per cent now use immutable disks, and only 2 per cent of organisations don’t have immutability in at least one tier of their backup solution.

Being Careful About Re-Infection During Recovery 

In Veeam’s study, respondents were asked how they ensure that data is ‘clean’ during restoration. 44 per cent of respondents said they complete some form of “isolated-staging” to re-scan data from backup repositories prior to reintroduction into the production environment. Whilst this is positive news, the flip side of this statistic is that more than half (56 per cent) organisations risk re-infecting the production environment by not having a means to ensure clean data during recovery. The point is, therefore, that it’s important to thoroughly scan data during the recovery process.

What Does This Mean For Your Business? 

The obvious effectiveness of spear phishing attacks and the fact that most ransomware attacks are now targeting backups presents significant challenges for businesses, requiring proactive measures to protect themselves.

As highlighted by Barracuda’ report, spear phishing attacks have proven to be highly successful, accounting for two-thirds of all breaches despite constituting a small percentage of email-based attacks. The targeted and personalised nature of spear phishing makes it difficult to detect, as attackers extensively research their targets to create convincing messages. To protect against spear phishing, businesses should, therefore, exercise caution when opening emails, verify the legitimacy of requests, and provide regular training to employees on identifying and reporting phishing attempts. Account takeover protection solutions with artificial intelligence capabilities can also be effective.

As highlighted by Veeam’s report, ransomware attacks, on the other hand, have increasingly targeted backup storage, rendering organisations unable to recover their data even if they pay the ransom. While some organisations have paid the ransom and recovered their data, many have not been as fortunate. For businesses, the key to protecting against ransomware attacks lies in proactive measures such as regularly updating software, implementing robust security practices, training employees, maintaining secure backups, and deploying reliable antivirus and anti-malware solutions. Additionally, businesses should focus on immutability, ensuring that backup repositories cannot be deleted or corrupted.

To combat the risks associated with spear phishing and ransomware attacks, businesses should favour a multi-layered approach to security. This includes investing in employee education and training, implementing strong technical security measures, and regularly evaluating and updating security protocols. Businesses can also help protect themselves by staying informed about emerging threats and best practices in cybersecurity to enable them to adapt their defences accordingly.

Security Stop-Press : Mic-Snooping Malware Added To Legit Google Play App

Posted on by Paul Stradling

ESET researchers have reported finding mic-snooping hidden malware in the legitimate Android iRecorder – Screen Recorder (screen-and-audio recorder) app while it was still available in the Google Play Store. The malware was added as an update, and it’s thought that tens of thousands of people may have downloaded the app before Google was alerted and the app was removed from its online store.

Security Stop-Press : Phishing-as-a-Service Warning

Posted on by Paul Stradling

Cisco Talos researcher, Tiago Pereira, has warned of the dangers of a new phishing-as-a-service (PaaS) tool called “Greatness.” The Greatness tool has been designed to compromise Microsoft 365 users and can make phishing pages especially convincing and effective against businesses. Greatness incorporates many advanced features including multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots.

Since the attack starts with a malicious email, the advice is to implement robust email security solutions that include spam filters, antivirus software, firewalls plus keep antivirus and other software updates and patches up to date, not to open any unsolicited and/or suspicious emails, and to make sure there is employee education and awareness regarding spotting, reporting, and dealing with phishing attacks.

Security Stop-Press : 10 Ways To Keep Your Screen Or Passwords Hidden When In A Public Place (e.g. a train)

Posted on by Paul Stradling

1-Use a screen privacy filter. Use a privacy filter that fits over your screen, limiting the viewing angle and making it difficult for others to see your screen from the side.

2-Position your device strategically. Sit or stand in a corner or against a wall to minimize the chance of someone looking over your shoulder.

3-Adjust screen brightness and contrast. Lower your screen brightness and increase contrast to make it harder for others to view your screen from a distance.

4-Use a virtual keyboard. Use an on-screen virtual keyboard for entering passwords and sensitive information to prevent keyloggers from capturing your keystrokes.

5-Use a password manager with auto-fill. Use a trusted password manager that can auto-fill your login credentials, reducing the need to type passwords in public.

6-Be aware of your surroundings. Stay vigilant and keep an eye on people around you, ensuring that no one is attempting to view your screen or passwords.

7-Tilt your screen. Adjust the angle of your device’s screen to make it harder for others to see, especially when entering passwords or sensitive information.

8-Use a physical barrier. Place a bag, coat, or another object around your device to create a physical barrier, making it more difficult for others to see your screen.

9-Sit with your back against a wall. If possible, choose a seat with your back against a wall, which will minimise the chances of someone walking up behind you and viewing your screen.

10-Password masking. Enable password masking on your device, which will show asterisks or dots instead of actual characters when entering passwords, making it harder for onlookers to guess your password.