Top 5 Social Engineering Scams That Employees Fall For!

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 13 March 2017

After countless employee security awareness programs, presentations, videos, posters and weekly newsletters, are there still successful social engineering scams running riot in your company?

Last year 30% of phishing emails were opened and 12% of employees clicked and downloaded the malicious attachment. In 2015, only 23% of emails were opened. Does that mean that employees are getting worse at identifying phishing scams? No.

Attackers are becoming evermore creative in how to attract users and sadly, in the end, outsmarting your employees. They prey on people’s curiosity, courtesy, gullibility, greed, thoughtlessness, shyness and apathy; dubbed the seven deadly social engineering sins.

Below are the top social engineering scams that employees are falling for at the moment. So lets make everyone aware to stop this from ruining 2017 for your business.

Offering something for free be it food, devices, concert tickets, it is guaranteed to awaken the greed inside us. Some people will click on just about anything for free pizza. If the email is suggesting free software, it may already be free. Check out the vendors’ websites instead. In general, do not succumb to emails giving away anything for free.

2. Social Media Cramming At Work
Social media has aided hackers in spreading scams into businesses as many employees use their work machine or network to view their Facebook feed or send a daily tweet via Twitter. Messages from friends that contain malicious links is a popular way for an attacker to try to gain your trust. So don’t click anything you are not expecting. Verify with your friend that it is from them so you don’t fall into this trap. For businesses, it is also a new area to introduce in security awareness training. Although, many companies are not aware of the dangers themselves and it is estimated that 76% of businesses allow their employees to use social media on their work machine.

3. Work-Related Email Scams
Official looking emails from hackers can sometimes be one of the reasons employees’ thoughtlessness clicking results in the installation of dangerous malware. Popular email subjects that trick users are “Invoice Attached”, “Urgent Password Change Request” and “Here’s that file you need”. Spying that email subject, it seems important and something you may have requested from a colleague, and within seconds, malware is installed. Another thing to be on the look out for, is if the file you are downloading asks to “Enable macros”; this can lead to a system takeover. If in doubt about a received email, hover over the sender’s email to see if it is legitimate or not.

4. Fake LinkedIn Accounts
The company executive has added you on LinkedIn, and you are excited but nervous about why or what they are going to ask. You add them and he asks you company specific questions and you both begin discussing private information that should not be spoke of outside the company walls. Turns out, the person you are actually divulging all this sensitive information to is not the executive but actually an impostor, a hacker disguising as the executive to accumulate as much of the company’s secrets as possible. It has recently been a popular way used by attackers for information gathering. Always verify colleagues and higher management LinkedIn accounts by email.

5. Missed Voicemails
This is a rather crafty creative idea which is very hard for users to distinguish as a scam. Hackers hide malware in email messages modified to appear like a missed voicemail. The same with other phishing schemes, if the user clicks and downloads the attachment (voicemail) then the malware will be installed.

Relax. Your security is Intact.

Author: Intact Security


BEWARE: Small Businesses Become A Growing Target

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 27 February 2017

Small businesses believe that due to their size, they are an unlikely target for cyber attackers. But they could not be more wrong.

Perhaps ten years ago, when the chance of attack was much less than present day, it would be acceptable for businesses to think in that way.  Just because your company does not have a huge revenue does not mean it is obscured to attackers’ sight.  It is because of this reason that hackers have latched on to targeting smaller businesses; they are easier to penetrate due to the lack of security. Around 43% of cyber attacks target small businesses. This number has only been increasing in the past years and will continue to do so if nothing is done to stop it.

I can not emphasise more that the reason for an attack is not solely money. Loss of information and disruption can damage businesses and are also massive reasons for attack. Hackers want to destroy businesses and their reputations no matter if they have 2 employees or 20,000. It is estimated that over half of small businesses have not put any budget towards aiding their security and mitigating risks as they do not think that their business holds any valuable data. Even holding customers billing address, email address and phone numbers are classed as sensitive information and if you have promised your customers that this information will not be shared then it must be protected from theft.

After an attack, small companies can expect to lose an average of $1,150,000 and also expect an additional loss of an average of $1,250,000 due to disruptions within the business.

Do not wait to be hit by an attack to take action, by then the damage could be done. You can not just hope that you will not be a target, as now in 2017, no one is safe from the threats of cyber crime. Fortunately, Intact is here to help. Be prepared.

Relax. Your security is Intact.

Author: Intact Security


You Have Been Breached, Now What?

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 20 February 2017

So you have identified that you are under attack or have already been breached. What should you do now? First of all, breathe. Do not panic. There is a chance it will happen to everyone; it is how severe the attack is that will come into play.

Identify what type of attack it is. There are various types of attacks; such as DDoS attack, malware has been installed, you do not have control of your machine; someone is accessing a port that is not normally accessed, to list a few.

Identify where it is coming from. Is the threat coming from an inside host that has been compromised or from an outside source.

Stop the attack. If a specific machine is slow, you notice phishing attempts within your emails, random programs have been installed, your anti-virus has stopped running or anything else suspicious, report the problem to your security team or equivalent as soon as possible. Henceforth, let them handle everything.

Remember to never turn off any machine until the scenario has been checked out and any evidence existing is gathered, as turning it off may erase some important information needed. Remove the affected machine from the network until the situation is dealt with. You can also place it in sleep mode. This will remove the attacker’s ability to remotely access your machine. It may be worthwhile to look for other compromised machines within the work place as it may be the case that more than one machine has been attacked.

After gathering any evidence needed, back up all files and logs. Remember to take notes about what has happened throughout the day, what you found and the actions you took. Run a couple of anti-virus and anti-malware software to find and remove any malware that may be causing the problem and restart the machine to fully remove the malware. Reboot in safe mode, so that only the minimum amount of programs needed are ran. If the machine is still not functioning properly, do a complete system restore and update the computer.

Call your incident response team as soon as possible, either in-house or external company to initiate the incident response plan you should have in place. The first seven days could be tedious, depending on when the attack happened. You may only notice it in June but in fact the breach could have been in October. Log entries will need to be filtered through to find the source of the attack.

After the source of the attack is found and how the attackers were able to infiltrate into your network is uncovered, steps can then be constructed in order to fix and prevent this from happening again.

Revisit your security plan: Make any changes to your plan that will stop that type of attack from happening again. If your security is not strong enough, add another layer of security and make sure it is implemented properly. It is important to have an incident response plan in place for reacting to a breach within the company.

Other Tips

  • Change all work related passwords.
  • Seek professional help (US! – The Intact Security Team)
  • Ensure your IDS is up to date.
  • Ensure your OS and other software used is patched regularly.

Relax. Your security is Intact.

Author: Intact Security


How To Tell If You Are Under Attack!

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 13 February 2017

35% of all cyber attacks are never detected and 54% of attacks go unnoticed for months, even years, leaving the bad guy to continually access your systems to steal more and more information every day. Not sure if you have been breached? Don’t know how to identify an attack within your systems? Below is a list of advice to help discover if your company is under attack.

  • There has been a sudden rise in your network traffic. It could be one of two things; your new blog post is extremely interesting or you are under attack.
  • An escalation of malformed data packets has been sent through your network and a large amount have been caught by your firewall.
  • An increase in failed log in attempts have been logged. An attacker may be trying to brute force into your network or application.
  • After monitoring your network for some time, day-to-day trends appear. However, lately the patterns in your traffic have been inaccurate. You should investigate further into this matter.
  • Alerts have been picked up by your Intrusion Detection System (IDS), but IT have not had the time to examine them all. Ensure that all priority alerts are handled first.
  • There has been unusual activity within accounts including administrative, such as the time they authenticated, actions that were carried out, what information they were accessing/editing.
  • Everything within System32 has a Microsoft signature. If something is running from System32 without the signature then it is malware.

Other behaviour all employees should be aware of:

  • Your work machine has got extremely slow at even completing the simplest of tasks.
  • New programs that you did not install are now present.
  • Your anti-virus has stopped running. To avoid detection, an attacker may disable your anti-virus so they can continue being undetected.
  • Fake emails from co-workers that contain attachments. These attachments could contain malicious software such as ransomware.
  • Random acts happening on your screen that are not in your control; e.g movement of your cursor which is landing correctly and performing actions.
  • Passwords for accounts have been changed.
  • Your web camera light comes on when you are not using it.

Even if your computer is functioning, does not mean that you have not been breached. It is important to report any peculiar signs to your IT team.

In 2017, cyber attacks are becoming as common as breathing. There is no way to completely obliterate the risk of being hacked but if you are smart about your security and vigilant of the pit falls, you will certainly decrease your chance of attack greatly. What do you do if you have been breached? Read next week’s issue to find out.

Still not convinced that you will get breached? Fortinet track real-time threats across the world that our caught by their customers’ FortiGate firewalls. To see the live global threat map, click here!

Relax. Your security is Intact.

Author: Intact Security


Top Security Threats In 2017

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 9 January 2017

2016 seen the rise of cyber security attacks, resulting in nearly a third of all computer users experiencing some sort of attack. However, 2017 has been described to be the year of creative malicious hacks. Cyber security is no longer classed as only the IT departments problem, with the increase of smart hacks and evolving threats, every employee should be informed of cyber security and ways to prevent a breach. The more your business anticipates an attack, the better you can be prepared. Below are the most predicted threats of 2017.

Ransomware is growing.
Even though it has been around for years, ransomware rose to be -come a real threat during 2016. It has resulted in hospitals and organisations paying larges ransoms to regain control of their systems, with no other choice for them to make. With the continuing success of these attacks, hackers are only improving and willing to invest more time and money into better and more complicated attacks.

At the end of the year ransomware variants started developing worm-like qualities, where they are able to spread independently, resulting in hundreds of computers being infected in a short space of time. This type of attack will more than likely become more common in the months ahead and with the bitcoin value reaching its highest value this week since 2013, this can only be bad news for businesses. Not only will computer machine’s be vulnerable to ransomware, it is predicted that there will be a large increase on mobile device attacks.

With attackers improving their abilities to design and create new and unique variants, ransomware can only get more dangerous in the coming months.

Increased IoT Attacks.
With the increase of IoT devices in our homes and offices, the global digital attack surface will begin to grow exponentially over the next few years. New devices that have never been connected to the Internet before are collecting information about us and accessing information over our networks; these need to be designed with security in mind. Many small to large organisations are creating new IoT devices at low cost and not taking into account of what information the device will be accessing, what risk arises if someone could obtain this information or what security flaws exist with this device connected to the network.

As the goal is to get these devices created and on the market, the risk and security of them is an after thought. This leaves no time or money for security testing or patch management as with computers and mobile phones, resulting in vulnerable devices that attackers may easily hack into and gain your information. As this is a new area of technology and is known for its lack of security, it is an attractive invitation for hackers this year.

Attacks on Company’s Reputation and Trust
2017 brings around a new attacker’s perspective. In the past, customer details and identity theft were targeted. Attacks on corporate information, top level secrets and critical infrastructure are now trending amongst cyber criminals. With attacks becoming more intelligent, there is a growing risk to businesses. Both the reputation of a business and the trust their clients have can be damaged through a single attack.

Employees can be a strong or a weak link in the chain. If they are ill-prepared for an attack,  it can result in disastrous consequences such as social engineering attacks and data loss. By educating staff on good security practices and behaviours, understanding how they themselves may be used to carrying out an attack and also keeping an eye out for anything unusual on their computer, can all be steps on building better security for your business.

Relax. Your security is Intact.

Author: Intact Security