Christmas is a busy time for cyber criminals, as they look to take advantage of understaffed IT departments and employees who are distracted by tight deadlines, Christmas parties and the upcoming break. Follow our guidance and you’ll mitigate the risk of falling victim to an attack.
According to Verizon’s 2017 Data Breach Investigations Report, 43% of all data breaches begin with social engineering attacks. The most common method is phishing, which includes any form of malicious communication that appears to come from a legitimate source.
Cyber criminals use phishing scams to trick people into giving away personal information, such as usernames, passwords or payment card details, or to download malware. They do this by sending links to bogus websites or including malicious attachments.
Most phishing scams are delivered by email, but cyber criminals also use social media, text messages (smishing) or telephone calls (vishing).
Attacks can come in a number of guises, often exploiting current events, which makes them hard to spot, but there are common clues that point to their malicious nature. The sender’s address will typically be different from the organisation that it is imitating (for example, instead of “@organisation.com”, it might be firstname.lastname@example.org), the message might use a generic greeting, such as “Dear customer”, and it will probably be poorly phrased or full of spelling mistakes.
Although it can be easy to spot a phishing attack in hindsight, it’s hard to be careful every time you receive an email, text, social media message or phone call. However, it’s a major threat, and organisations and staff must remain vigilant.
Our social engineering penetration testing service combines a simulated phishing attack and a phishing staff awareness course to find out how many employees in your organisation are susceptible to phishing attacks and help them learn from their mistakes.
Forbes and (ISC)2 have both written on the benefits of simulated phishing attacks. Wesley Simpson, chief operating officer of (ISC)2, said: “Management usually reacts to money and results. These phishing exercises are inexpensive, and can be done with existing staff. Once you start running them, the numbers speak for themselves.”
Our staff awareness e-learning course helps staff understand how phishing attacks work, the tactics that cyber criminals use, and how to spot and respond to a phishing attack.
A bot is a tool that runs automatic and often repetitive tasks over the Internet. This might not necessarily be for criminal purposes (Twitterbots, for example, perform the relatively mundane task of tweeting, following or messaging other accounts), but plenty of bots are malicious.
Bots drain the resources of the infected person’s systems, and they might cause the computer to be part of a criminal enterprise. Bots are also commonly used for spambots (which spam computers with ads) and botnets (which are used for distributed denial-of-service (DDoS) attacks).
It can be difficult to know whether there are bots on your computer, as they are designed to operate without users’ knowledge. However, there are some common symptoms that you can look out for:
- Unusual Internet Relay Chat traffic.
- Attempts to connect with known command-and-control servers.
- Multiple machines on a network making identical DNS requests.
- High CPU usage.
Botnets usually spread via malware, so the best way to prevent an infection is to protect against malware attacks. You can do this by keeping all software up to date and monitoring network performance and activity. Firewalls and antivirus software typically include basic tools for botnet detection, and anti-botnet tools can find and block attacks.
3. Denial-of-service attacks
A denial-of-service (DoS) attack involves an attacker inundating a network with traffic, overloading its server and causing it to slow down or go offline.
In a DDoS attack, the incoming traffic comes from many different sources. Typically, these sources are computers controlled by a botnet.
Most DoS attacks target high-profile web servers such as banks or credit card payments and gateways. However, cyber criminals may target lesser-known organisations if their motive is revenge, blackmail or hacktivism.
As such, all organisations are vulnerable to DoS attacks. To reduce the likelihood that an attacker will affect your organisation, you should:
- Familiarise yourself with your typical inbound traffic;
- Set aside an emergency block of IP addresses for critical servers; and
- Install dedicated hardware and software to analyse and filter out malicious traffic.
If these steps are unsuccessful and you’re hit hard, you should call your Internet service provider (or hosting provider if you don’t host your own web server) and ask for assistance.
Get secure with penetration testing
It’s easy for vulnerabilities to sit on an organisation’s systems for months or years unnoticed. To prevent this, you need to regularly check any areas that could be vulnerable to data breaches or cyber attacks.
This is where penetration testing comes in. It’s essentially a controlled form of hacking in which a professional tester, working on behalf of an organisation, uses the same techniques as a criminal hacker to search for vulnerabilities in the company’s networks or applications.
A level 1 penetration test provides adequate protection for organisations that want to identify exploitable weaknesses, such as those in the OWASP Top Ten. These tests replicate the kinds of low-budget attack that an opportunistic criminal hacker would attempt, and are ideal for SMEs or those with no experience of security testing.
Book a penetration test before 22 December 2017 to get a 10% discount.