Everything you need to know about phishing

November 7, 2016 | 100 views

Cybercriminals masquerade as banks, social media platforms, and other official entities to capture your sensitive information and private data.With the increase of breaches, there is a common theme amongst many of the targets: the point of entry for the breach was caused by a phishing attack. So what exactly is phishing? Phishing is a type of social engineering that commonly uses email or websites to trick the user into revealing personal information or to install a virus that compromises the victim’s computer and allows the attacker to create a beachhead into their company’s network.

Spotlight

ContentKeeper Technologies

ContentKeeper Technologies is a global leader in innovative, scalable, fault-tolerant, enterprise Internet filtering and security solutions. ContentKeeper provides proven Web security solutions to secure today’s Web 2.0 and mobile centric business environments. Our solutions enable organizations to protect and control gateway Internet access and to embrace mobile technology, social media and cloud-based services without compromising security. Even in today’s evolving threat landscape, ContentKeeper’s advanced, multi-layered behavioral analysis technology with high speed SSL (decrypted) packet inspection ensures mission critical Internet resources and services are protected – regardless of the device being used or where employees are located. ContentKeeper’s Multi-Gig, layer 2 bridge design maximizes scalability, high performance and reliability. Real-time Web content and threat analysis engines are backed by our patented (Closed Loop Collaborative Filtering) shared intelligence network

OTHER ARTICLES
PLATFORM SECURITY

Top 5 Tactics for Improving Cloud Security Hygiene for Businesses

Article | August 12, 2022

In the past couple of years, the world has gone through a rapid digital transformation, which has led to a deeper penetration of modern technologies such as cloud computing, artificial intelligence, data analytics, and others. As a result, smart businesses are shifting their digital resources to the cloud to benefit from features such as streamlined operations, centralized data storage, increased operational flexibility, and hassle-free data transition. As per a study conducted in 2022, nearly 94% of businesses around the world are using at least one cloud service. Every enterprise possesses large volumes of sensitive data, including financial statements, business designs, employees’ identity information, and others. As organizations worldwide migrate from on-premises working to a remote working model, more data is being stored in the cloud than ever before, making cloud security one of the most crucial aspects for businesses today. 5 Proven Tips to Strengthen Cloud Security Hygiene for Businesses With the advent of cloudification and the increasing use of cloud-based applications, the prevalence of cybercrime has increased significantly. For instance, in the wake of the COVID-19 outbreak, there has been a significant spike in cybercrime, with reports of a 600% increase in malicious emails. Furthermore, a report from the United Nations says that cybercrime will cost the world economy $10.5 trillion every year by 2025. Even though cloud networks, such as Google Cloud, Microsoft Azure, and Amazon Web Services, have their own data protection measures for securing the cloud services they provide, it does not mean that businesses utilizing these services should rely solely on their security measures and not consider adopting additional measures. So what are the tactics modern businesses should adopt to improve cloud security hygiene? Let’s see: Deploy Multi-Factor Authentication (MFA) When it comes to keeping hackers out of user accounts and protecting sensitive data and applications used to run a business online, the traditional username and password combination is often not enough. Leverage MFA to prevent hackers from accessing your cloud data and ensure only authorized personnel can log in to your cloud applications and critical data in your on- or off-premise environment. MFA is one of the most affordable yet highly effective controls to strengthen your business's cloud security. Manage Your User Access It is crucial for your business to ensure adequate permissions are in place to protect sensitive data stored on cloud platforms. Not all employees need access to certain applications and documents. To improve your cloud security and prevent unauthorized access, you need to establish access rights. This not only helps prevent unauthorized employees from accidentally editing sensitive company data but also protects your company from hackers who have stolen an employee's credentials. Monitor End User Activities Real-time analysis and monitoring of end-user activity can help you detect anomalies that depart from usual usage patterns, such as logging in from a previously unknown IP address or device. Identifying these out-of-the-ordinary events can stop hackers and allow you to rectify security before they cause mayhem. Create a Comprehensive Off-boarding Process After an employee leaves your firm, they should no longer have access to any company resources, including cloud storage, systems, data, customers, or intellectual property. Unfortunately, completing this vital security duty is sometimes put off until several days or weeks after an employee has left. Since every employee is likely to have access to a variety of cloud platforms and applications, a systemized deprovisioning procedure can assist you in ensuring that all access permissions for each departing employee are revoked and prevent information leaks. Provide Regular Anti-Phishing Training to Employees Hackers can acquire access to protected information by stealing employees' login credentials using social engineering techniques such as phishing, internet spoofing, and social media spying. As a result, cybersecurity has now become a collective responsibility, making comprehensive anti-phishing training necessary to educate your employees about these threats. As unscrupulous hackers frequently come up with new phishing scams by the day, regular anti-phishing training is essential for developing formidable cloud security. Bottom Line Cloud security hygiene no longer consists solely of strong passwords and security checks. Instead, it is a series of innovative procedures that organizations use nowadays to leverage cloud networks. With more businesses moving towards the cloud and cyberattacks on the rise, it is the responsibility of your organization to remain vigilant and protect itself from cyberattacks.

Read More
SOFTWARE SECURITY

A Look at Cryptographic Use Case Trends Around the World

Article | July 8, 2022

Securing data, assets, and transactions is ever critical especially now with increased innovation, customer demand, and the need to navigate a complex regulatory landscape — not to mention staying ahead of evolving cyber threats. As a result, organizations of all sizes and in every country around the world require implementing cryptography solutions to help secure everyday business. This includes managing and securing transactions, managing encryption keys, authenticating identities, providing message integrity, and encrypting data and applications. From the largest global banks and payment processors that process thousands of transactions a second to the micro merchants that are newly accepting payments, cryptography works behind the scenes to ensure payments are secure and sensitive information is protected. Whenever and wherever cryptography is at work, organizations turn to either hardware or cloud options (or a combination of both) to ensure data and transactions are secure and compliant. Common cryptographic themes across industries and across countries: 1. Cloud adoption is happening across the board with payment processing taking the lead 2. Smaller FinTechs are innovating big time 3. Companies are continually seeking help to meet regulations, especially when it comes to data localization Since writing Cryptographic Management Trends Around the Globe, I talked again with Futurex team members from our offices around the world, including Ruchin Kumar, vice president, South Asia; Mark Howland, senior business development, EMEA; and Santos Campa, vice president, LAC, for more cryptographic insights and perspectives, including drilling down on cryptographic use cases to see what’s similar and what’s unique across regions. Let’s take a look at each region: South Asia, EMEA, and LAC. South Asia: Payment Ecosystem Thriving in South Asia Ruchin Kumar emphasized that the payment ecosystem in South Asia, particularly India, is thriving — indicating that financial services are the largest consumers of hardware security modules (HSMs) and cryptography in the entire region. HSMs play an important role in South Asia, securing the root of trust, keeping the private keys secure, managing Public Key Infrastructures (PKIs), and managing digital signing for non-repudiation and message integrity. In fact, he said, India represents almost 95% of HSM use cases in all of South Asia. Payment systems and securing payments go hand-in-hand with the standards and regulations required for payments/financial services. These include regulations set by Unique Identification of India (UIDAI), National Payments Corporation of India (NPCI), Payments Council of India (PCI), Information Technology Act of India, 2000 and its amendments 2008/2011/2016. Kumar sees organizations use general purpose HSMs for digital signing for non-repudiation and message integrity and payment HSMs used for acquiring, switching, card issuance, green PIN, and other payment application security needs (these types of HSMs are required by regulations). What’s on the horizon? From Kumar’s perspective, organizations are doing a lot of testing and evaluation for cryptography inclusion in their infrastructure and many organizations are looking into tokenization for security and agility, especially with Internet of Things (IoT), blockchain, and AI emerging. Additionally, remote key loading is becoming more sought after because every device in the field these days — ATMs, point-of-sale devices, handheld devices — requires key exchange with centralized servers. Companies in South Asia See Cryptography-as-a-Service and Local Data Centers Critical for Data Residency and Localization Over the past two years, most organizations in South Asia have adopted the cloud on a large scale, including using the cloud as a resource to host their critical applications. Security has played a big role in this cloud migration, with organizations wanting to retain ownership and control of their encryption keys. As a result, many organizations have turned to Futurex’s VirtuCrypt cloud HSM and key management service for both security and meeting regulatory compliance. Futurex’s data centers in India West and India Central help to power cryptographic automation, speed, latency, and data residency and data localization. “Local data centers provide customers a lot of assurance in terms of data residency, data localization, and key localization, which earlier was a barrier to move to the cloud. Now that Futurex’s cryptography services are hosted within Indian geography, we have seen a big difference in organizations migrating to HSM-as-a-service,” says Kumar. India is well-known as a FinTech hub for start-ups and innovation, with many unicorns emerging, according to Kumar. Progressive companies look to service-based, OpEx models for their applications as well as for cryptography. OpEx models offer flexibility, money savings, and serve as a resource for those needing help with cryptographic management. EMEA: Cloud and Payments Dominate HSM Use in Europe, Middle East, and Africa Cloud adoption is also rapidly increasing in EMEA, with many organizations looking to HSM virtualization technology, especially for payment applications. According to Mark Howland, “Customers are asking, ‘can we cut down our use of hardware, our reliance on hardware, and have the payment applications that we are heavily invested in, spun up and spun down seasonally?” Howland notes that smaller companies and VC-backed companies are more nimble and lean toward innovation by implementing such things as cryptography-as-a-service to meet PCI regulations. The early adopters are those organizations in the finance and payment industry, as consumer demand and pandemic adjustments have led to innovative payment processing including mobile payments and SoftPOS. Like South Asia, smaller companies including those in financial software and services, see the value of OpEx-based HSM cloud services, such as Futurex’s VirtuCrypt. Organizations across EMEA are deploying HSMs for POS key management, PIN management, and virtualization. What’s ahead? Howland sees that many organizations are, again, moving to a service-based model, looking at application encryption, encrypting data at rest, and the overall protection of data in all industry sectors, not just traditional high-security finance customers. LAC: Trends in Cryptography Use in Latin America and the Caribbean What’s trending in LAC? According to Santos Campa, he is seeing a mixture of both on-premises cryptographic architecture and cloud payment demands. Several banks already have a huge investment in their hardware infrastructure — their own data centers, racks, servers, etc. However, at least 35% of customers are converting from these on-premises architectures to cloud HSMs. Many are opening new branches or are creating new FinTechs inside their organizations. “We’re seeing the majority of organizations moving to the cloud, or at least moving part of their operations to the cloud,” says Campa. “It's very important for many organizations to keep control and management of the key lifecycle.” Again, much like other parts of the world, the financial sector is the big mover and shaker in terms of cryptographic implementations, using cryptography for PIN validation, key management, and tokenization. According to Campa, the cloud continues to be very important and beneficial, especially the ability to integrate cloud payment HSMs with the public cloud including AWS, Azure, and Google. As organizations are adding new models, such as transaction processing models, a must-have is a secure, compliant cryptographic solution — compliant with PCI and local and regional regulations throughout Latin America — that will allow them to scale. A nice-to-have is an OpEx option to give flexibility and cost savings. Pandemic trends have paved the way to make cryptographic management more streamlined — such as visualization and remote key management — and not needing to physically go to the data center. “Organizations are looking to a cryptographic platform that is future-proofed, one that is going to provide the best quality of service and support in the market,” says Campa. All around the globe, organizations are looking to innovate payments and embrace the cloud, keeping security, agility, and cryptography top of mind.

Read More
ENTERPRISE SECURITY

Security by Sector: Improving Quality of Data and Decision-Making a Priority for Credit Industry

Article | July 20, 2022

The subject of how information security impacts different industry sectors is an intriguing one. For example, how does the finance industry fare in terms of information security compared to the health sector, or the entertainment business? Are there some sectors that face greater cyber-threats and risks than others? Do some do a better job of keeping data secure, and if so, how and why?A new study of credit management professionals has revealed that improving the quality of data and decision-making will be a top priority for the credit industry in the next three years. The research, from Equifax Ingnite in collaboration with Coleman Parkes, takes a deep dive into the views of credit management pros across retail, banking, finance and debt management/recovery sectors.

Read More

3 Trends in Data Privacy Breach Laws That Will Carry Over to 2020

Article | February 12, 2020

During 2019, new privacy laws were introduced, and many current laws evolved in the United States and across the global landscape. With the General Data Protection Regulation (GDPR) in full effect, we saw expensive fines levied upon companies that fell victim to data privacy breaches. As we move into a new year, probably the biggest takeaway from 2019 is that being proactive and having a data privacy strategy in place is important to help mitigate the risk of a data privacy breach. The regulatory landscape continues to evolve as states and countries actively pass new expanded requirements for privacy and cybersecurity regulations. While laws in the U.S., like the California Consumer Privacy Act (CCPA), are getting significant attention, many other states and countries are actively amending their breach notification laws to include tighter restrictions.

Read More

Spotlight

ContentKeeper Technologies

ContentKeeper Technologies is a global leader in innovative, scalable, fault-tolerant, enterprise Internet filtering and security solutions. ContentKeeper provides proven Web security solutions to secure today’s Web 2.0 and mobile centric business environments. Our solutions enable organizations to protect and control gateway Internet access and to embrace mobile technology, social media and cloud-based services without compromising security. Even in today’s evolving threat landscape, ContentKeeper’s advanced, multi-layered behavioral analysis technology with high speed SSL (decrypted) packet inspection ensures mission critical Internet resources and services are protected – regardless of the device being used or where employees are located. ContentKeeper’s Multi-Gig, layer 2 bridge design maximizes scalability, high performance and reliability. Real-time Web content and threat analysis engines are backed by our patented (Closed Loop Collaborative Filtering) shared intelligence network

Related News

113 NHS Email Accounts Compromised as Part of a Phishing Campaign

NHS | June 17, 2020

The NHS has confirmed that 113 internal email accounts were compromised and used to send malicious spam outside . They working closely with the National Cyber Security Centre (NCSC), who are investigating a widespread phishing campaign against a broad range of organizations. All those affected by the latest NHS-based attacks will have been notified by today, NHS Digital claimed it argued that since implementing a “new password approach. The NHS has confirmed that 113 internal email accounts were compromised and used to send malicious spam outside the health service around two weeks ago. A brief NHS Digital statement issued on Friday revealed that the incident occurred between Saturday May 30 and Monday June 1 2020. It claimed the security snafu affected a “very small proportion” of NHS email accounts, around 0.008% of the 1.4 million total, and was linked to a wider campaign designed to steal victims’ log-ins. There is currently no evidence to suggest that patient records have been accessed. We are working closely with the National Cyber Security Centre (NCSC), who are investigating a widespread phishing campaign against a broad range of organizations across the UK,” it added. In fact, the NCSC first raised the alarm about the campaign back in October last year, claiming that automated attacks designed to harvest credentials had been active since at least July 2018 and were spreading “indiscriminately” across multiple verticals. Read more: CISA RELEASES FIRST OF ITS SERIES OF SIX CYBERSECURITY ESSENTIALS TOOLKITS There is currently no evidence to suggest that patient records have been accessed. We are working closely with the National Cyber Security Centre (NCSC), who are investigating a widespread phishing campaign against a broad range of organizations across the UK. ~ NCSC said In this campaign, the user receives a phishing email from a legitimate and known email account which has been compromised. Phishing emails were previously sent from contacts in recent email communications with the recipient, and the subject lines often mirrored the most recent email exchange. This created an initial plausibility for the user to trust the email,” it explained. “More recently, the subject lines include the compromised user’s address-book entry for the recipient of the phishing email. This could be in the recipient’s name, the email address or may just be blank.” Clicking on a link in the email would take the user to a fake log-in page featuring their organization’s logo and their email, the NCSC said. All those affected by the latest NHS-based attacks will have been notified by today, NHS Digital claimed. It argued that since implementing a “new password approach” there has actually been a 94% decrease in phishing emails sent to NHSmail accounts over the past year. More recently, the subject lines include the compromised user’s address-book entry for the recipient of the phishing email. This could be in the recipient’s name, the email address or may just be blank . We are investigating this issue and have taken the precaution of asking all mailboxes that have a similar configuration to the compromised accounts to change their passwords with immediate effect,” NHS Digital concluded. “We have worked with the organizations involved to isolate affected accounts, supported them to make any necessary changes and have advised affected individuals. The sensitive data that the NHS has access to is of real value not just to hackers, but also to commercial or state actors. To mitigate the risk to its patients and employees the NHS has worked with the NCSC to implement new security guidelines across the NHS. The NHS stands for the National Health Service. It refers to the Government-funded medical and health care services that everyone living in the UK can use without being asked to pay the full cost of the service. The publicly funded health care service in Northern Ireland isn’t officially called the NHS, it’s actually called Health and Social Care Services (HSC). Each NHS organisation and the HSC provide health care services free at the point of delivery. But there are slight differences in what is fully funded by government and what services are available across the different UK countries. Read more: GOOGLE TOP CHOICE FOR CYBERCRIMINALS FOR BRAND-IMPERSONATION SPEAR-PHISHING CAMPAIGNS

Read More

65% of Phishing Threats Facing Remote Workers Impersonate Google-branded Websites

Google | June 11, 2020

The phishing attacks applied a method known as spear phishing to tricks users into disclosing login credentials by impersonating legitimate websites. Google-branded sites accounted for 65% of the attacks experienced during the study, while Microsoft-branded impersonation attacks accounted for just 13%. The form-based phishing attacks applied various methods such as using legitimate sites as intermediaries, using online forms for phishing, and getting access to accounts. Remote workers faced a barrage of over 100,000 phishing attacks within four months, mostly involving Google-branded websites, according to a report by Barracuda Networks. The phishing attacks applied a method known as spear phishing to tricks users into disclosing login credentials by impersonating legitimate websites. Google-branded sites accounted for about 65,000 of the attacks making up for 65% of the attacks experienced during the study, while Microsoft-branded impersonation attacks accounted for just 13% of the attacks registered between January 1, 2020, and April 30, 2020. The form-based phishing attacks applied various methods such as using legitimate sites as intermediaries, using online forms for phishing, and getting access to accounts without the use of passwords. Google file-sharing and storage websites accounted for 65% of phishing attacks targeting remote workers within the first four months of the year. These phishing attacks involved the use of Google’s domains, such as storage.googleapis.com (25%), docs.google.com (23%), storage. cloud.google.com (13%), and drive.google.com (4%). Microsoft brands were used in 13% of the attacks, including onedrive.live.com (6%), sway.office.com (4%), and forms.office.com (3%). Read more: GOOGLE'S ADVANCED PROTECTION CYBERSECURITY NOW AVAILABLE TO NEST USERS Organizations should also educate their employees on online security to help them navigate the complex attack landscape that keeps changing. This training would come in handy, especially for remote workers who are more prone to phishing attacks . ~ Google Other brands used to target remote workers included sendgrid.net, which contributed to 10% of the phishing attacks. Mailchimp.com and formcrafts.com accounted for 4% and 2%, respectively. Barracuda Networks senior product marketing manager for email, Olseia Klevchuk, said cybercriminals prefer to use Google’s services because they are more accessible and are free to use, thus allowing them to create multiple accounts. She added that the methods that criminals use, such as sending a phishing email with a link to a legitimate site, make it harder to detect these forms of phishing attacks. Steve Peake, the UK systems engineer for Barracuda Networks, says brand-impersonation spear phishing attacks formed a popular and successful method of harvesting a user’s login credentials. With more people than ever working from home, cybercriminals found an opportunity to flood people’s inboxes with phishing emails. With the advancement of the attacks in recent times, now hackers can even create an online phishing form or page using the guise of legitimate services to trick unsuspecting users. Criminals impersonate legitimate sites by creating emails that appear to have been generated automatically by file-sharing sites such as Google Drive or OneDrive. Many attackers know that if they want to attack someone specific, it’s more likely to succeed if their initial attacks lands in a target’s email box late at night or early in the morning when they’re not as focused, and when the attacker can most convincingly pretend to be someone else. The criminals then redirect the remote workers to a phishing site through a file stored on the file-sharing site. These phishing sites then request the users to provide login details to access the content. To create data forms resembling login pages, criminals are using online forms services provided by companies such as forms.office.com, and send these forms to unsuspecting users. These services trick many users because they reside on the official companies’ domain and hence appear trustworthy. Most users do not realize that companies do not use these domains for login or password recovery. For example, Google does not ask users to log in through docs.google.com but instead uses account.google.com for authentication. For an ordinary user, the difference is too subtle to raise any suspicions. Hackers have also applied non-password methods to access user accounts. Users are requested to accept app permission for rogue apps after logging in through legitimate sites. By granting these permissions, the users give the hackers their accounts’ access token, thus allowing them to log in at will. These attacks cannot be prevented by enabling two-factor authentication because the apps are given long-term access to the account. They also remain unnoticed for a long time because users forget which apps they have granted permissions to access their accounts. Users should be vigilant in detecting suspicious activities on their accounts. Most accounts provide an account history that allows users to view the time and location their accounts were accessed from. Read more: SECURITYSCORECARD REVAMPS ITS CYBERSECURITY RISK MANAGEMENT PRODUCT AMIDST GLOBAL SHIFT TO REMOTE WORK

Read More

Google Top Choice for Cybercriminals for Brand-Impersonation Spear-Phishing Campaigns

Google | May 28, 2020

Phishing campaigns are now regarded as among the most prevalent cybersecurity threats as COVID-19 strands people at home, but after months of isolation, official data has confirmed it. A new report from Barracuda released today shows 100,000 attacks impersonating reputable brands, including Google and Microsoft, have targeted remote workers. More generally, 4% of all spear-phishing attacks in the period between January and April were made up by Google-brand impersonations, with that number expected to climb. It’s no secret that phishing campaigns are now regarded as among the most prevalent cybersecurity threats as COVID-19 strands people at home, but after months of isolation, official data has confirmed it. A new report from Barracuda released today shows 100,000 attacks impersonating reputable brands, including Google and Microsoft, have targeted remote workers between January 1 and April 30 2020. 65% of this figure impersonated Google, mostly via file-sharing and storage websites – including storage.googleapis.com (25%) docs.google.com (23%), storage.cloud.google.com (13%), and drive.google.com (4%). More generally, 4% of all spear-phishing attacks in the period between January and April were made up by Google-brand impersonations, with that number expected to climb. Brand-impersonation spear-phishing attacks have always been a popular and successful method of harvesting a user’s login credentials, and with more people than ever working from home, it’s no surprise that cyber criminals are taking the opportunity to flood people’s inboxes with these scams,” says Barracuda Networks UK systems engineer manager Steve Peake. “The sophistication of these attacks has accelerated in recent times: now, hackers can even create an online phishing form or page using the guise of legitimate services, such as forms.office.com, to trick unsuspecting users." Barracuda reported that Microsoft brands were targeted in 13% of attacks: onedrive.live.com (6%), sway.office.com (4%), and forms.office.com (3%). Learn more: GOOGLE AND KPMG SECURITY EXPERTS SHARE THEIR INSIGHTS ON COVID-19 RELATED CYBER SCAMS . “Brand-impersonation spear-phishing attacks have always been a popular and successful method of harvesting a user’s login credentials, and with more people than ever working from home, it’s no surprise that cyber criminals are taking the opportunity to flood people’s inboxes with these scams,” ~ Steve Peake Barracuda Networks UK systems This comes as Microsoft warned its userbase this week of a new widespread COVID-19 themed phishing campaign that installs the NetSupport Manager remote administration tool to completely take over a user's system and execute commands on it remotely. Microsoft’s Security Intelligence team claimed the campaign involved the usage of malicious Excel attachments to infect user's devices with a remote access trojan (RAT), with the initial attack beginning with an email impersonating the Johns Hopkins Center, a major source of credible COVID-19 news. Spear-phishing campaigns like this, which trick victims into sharing login credentials, have enjoyed massive success during the pandemic. “The sophistication of these attacks has accelerated in recent times: now, hackers can even create an online phishing form or page using the guise of legitimate services, such as forms.office.com, to trick unsuspecting users." Fortunately, there are ways to protect oneself against these cyber, such as implementing multi-factor authentication steps on all log-in pages so that hackers will require more than just a password to gain access to your data,”says Peake. “Other, more sophisticated methods of cyber protection include using email security software, such as API based inbox defence, which uses artificial intelligence to detect and block attacks.” Attackers use many tricks, including by leveraging enterprise brand assets, such as company names and logos, to develop phishing websites that appear authentic and lure internet users to enter valuable information such as user names and passwords. Phishing Protection helps prevent users from accessing phishing sites by identifying various signals associated with malicious content, including the use of your brand assets, classifying malicious content that uses your brand and reporting the unsafe URLs to Google Safe Browsing. This is through a combination of factors, including heightened fears over a globally penetrating issue and the worldwide trend of remote working, which increases risk landscapes generally. Google's Threat Analysis Group (TAG) works to counter targeted and government-backed hacking against Google and our users. This is an area we have invested in deeply for over a decade. Our daily work involves detecting and defeating threats, and warning targeted users and customers about the world’s most sophisticated adversaries, spanning the full range of Google products including Gmail, Drive and YouTube .In the past, we’ve posted on issues like phishing campaigns vulnerabilities and disinformation. Going forward, we’ll share more technical details and data about the threats we detect and how we counter them to advance the broader digital security discussion. Learn more: NEW CYBER THREAT INDEX SHOWS INDUSTRIES ARE UNDER ATTACK IN UNCERTAIN TIMES .

Read More

113 NHS Email Accounts Compromised as Part of a Phishing Campaign

NHS | June 17, 2020

The NHS has confirmed that 113 internal email accounts were compromised and used to send malicious spam outside . They working closely with the National Cyber Security Centre (NCSC), who are investigating a widespread phishing campaign against a broad range of organizations. All those affected by the latest NHS-based attacks will have been notified by today, NHS Digital claimed it argued that since implementing a “new password approach. The NHS has confirmed that 113 internal email accounts were compromised and used to send malicious spam outside the health service around two weeks ago. A brief NHS Digital statement issued on Friday revealed that the incident occurred between Saturday May 30 and Monday June 1 2020. It claimed the security snafu affected a “very small proportion” of NHS email accounts, around 0.008% of the 1.4 million total, and was linked to a wider campaign designed to steal victims’ log-ins. There is currently no evidence to suggest that patient records have been accessed. We are working closely with the National Cyber Security Centre (NCSC), who are investigating a widespread phishing campaign against a broad range of organizations across the UK,” it added. In fact, the NCSC first raised the alarm about the campaign back in October last year, claiming that automated attacks designed to harvest credentials had been active since at least July 2018 and were spreading “indiscriminately” across multiple verticals. Read more: CISA RELEASES FIRST OF ITS SERIES OF SIX CYBERSECURITY ESSENTIALS TOOLKITS There is currently no evidence to suggest that patient records have been accessed. We are working closely with the National Cyber Security Centre (NCSC), who are investigating a widespread phishing campaign against a broad range of organizations across the UK. ~ NCSC said In this campaign, the user receives a phishing email from a legitimate and known email account which has been compromised. Phishing emails were previously sent from contacts in recent email communications with the recipient, and the subject lines often mirrored the most recent email exchange. This created an initial plausibility for the user to trust the email,” it explained. “More recently, the subject lines include the compromised user’s address-book entry for the recipient of the phishing email. This could be in the recipient’s name, the email address or may just be blank.” Clicking on a link in the email would take the user to a fake log-in page featuring their organization’s logo and their email, the NCSC said. All those affected by the latest NHS-based attacks will have been notified by today, NHS Digital claimed. It argued that since implementing a “new password approach” there has actually been a 94% decrease in phishing emails sent to NHSmail accounts over the past year. More recently, the subject lines include the compromised user’s address-book entry for the recipient of the phishing email. This could be in the recipient’s name, the email address or may just be blank . We are investigating this issue and have taken the precaution of asking all mailboxes that have a similar configuration to the compromised accounts to change their passwords with immediate effect,” NHS Digital concluded. “We have worked with the organizations involved to isolate affected accounts, supported them to make any necessary changes and have advised affected individuals. The sensitive data that the NHS has access to is of real value not just to hackers, but also to commercial or state actors. To mitigate the risk to its patients and employees the NHS has worked with the NCSC to implement new security guidelines across the NHS. The NHS stands for the National Health Service. It refers to the Government-funded medical and health care services that everyone living in the UK can use without being asked to pay the full cost of the service. The publicly funded health care service in Northern Ireland isn’t officially called the NHS, it’s actually called Health and Social Care Services (HSC). Each NHS organisation and the HSC provide health care services free at the point of delivery. But there are slight differences in what is fully funded by government and what services are available across the different UK countries. Read more: GOOGLE TOP CHOICE FOR CYBERCRIMINALS FOR BRAND-IMPERSONATION SPEAR-PHISHING CAMPAIGNS

Read More

65% of Phishing Threats Facing Remote Workers Impersonate Google-branded Websites

Google | June 11, 2020

The phishing attacks applied a method known as spear phishing to tricks users into disclosing login credentials by impersonating legitimate websites. Google-branded sites accounted for 65% of the attacks experienced during the study, while Microsoft-branded impersonation attacks accounted for just 13%. The form-based phishing attacks applied various methods such as using legitimate sites as intermediaries, using online forms for phishing, and getting access to accounts. Remote workers faced a barrage of over 100,000 phishing attacks within four months, mostly involving Google-branded websites, according to a report by Barracuda Networks. The phishing attacks applied a method known as spear phishing to tricks users into disclosing login credentials by impersonating legitimate websites. Google-branded sites accounted for about 65,000 of the attacks making up for 65% of the attacks experienced during the study, while Microsoft-branded impersonation attacks accounted for just 13% of the attacks registered between January 1, 2020, and April 30, 2020. The form-based phishing attacks applied various methods such as using legitimate sites as intermediaries, using online forms for phishing, and getting access to accounts without the use of passwords. Google file-sharing and storage websites accounted for 65% of phishing attacks targeting remote workers within the first four months of the year. These phishing attacks involved the use of Google’s domains, such as storage.googleapis.com (25%), docs.google.com (23%), storage. cloud.google.com (13%), and drive.google.com (4%). Microsoft brands were used in 13% of the attacks, including onedrive.live.com (6%), sway.office.com (4%), and forms.office.com (3%). Read more: GOOGLE'S ADVANCED PROTECTION CYBERSECURITY NOW AVAILABLE TO NEST USERS Organizations should also educate their employees on online security to help them navigate the complex attack landscape that keeps changing. This training would come in handy, especially for remote workers who are more prone to phishing attacks . ~ Google Other brands used to target remote workers included sendgrid.net, which contributed to 10% of the phishing attacks. Mailchimp.com and formcrafts.com accounted for 4% and 2%, respectively. Barracuda Networks senior product marketing manager for email, Olseia Klevchuk, said cybercriminals prefer to use Google’s services because they are more accessible and are free to use, thus allowing them to create multiple accounts. She added that the methods that criminals use, such as sending a phishing email with a link to a legitimate site, make it harder to detect these forms of phishing attacks. Steve Peake, the UK systems engineer for Barracuda Networks, says brand-impersonation spear phishing attacks formed a popular and successful method of harvesting a user’s login credentials. With more people than ever working from home, cybercriminals found an opportunity to flood people’s inboxes with phishing emails. With the advancement of the attacks in recent times, now hackers can even create an online phishing form or page using the guise of legitimate services to trick unsuspecting users. Criminals impersonate legitimate sites by creating emails that appear to have been generated automatically by file-sharing sites such as Google Drive or OneDrive. Many attackers know that if they want to attack someone specific, it’s more likely to succeed if their initial attacks lands in a target’s email box late at night or early in the morning when they’re not as focused, and when the attacker can most convincingly pretend to be someone else. The criminals then redirect the remote workers to a phishing site through a file stored on the file-sharing site. These phishing sites then request the users to provide login details to access the content. To create data forms resembling login pages, criminals are using online forms services provided by companies such as forms.office.com, and send these forms to unsuspecting users. These services trick many users because they reside on the official companies’ domain and hence appear trustworthy. Most users do not realize that companies do not use these domains for login or password recovery. For example, Google does not ask users to log in through docs.google.com but instead uses account.google.com for authentication. For an ordinary user, the difference is too subtle to raise any suspicions. Hackers have also applied non-password methods to access user accounts. Users are requested to accept app permission for rogue apps after logging in through legitimate sites. By granting these permissions, the users give the hackers their accounts’ access token, thus allowing them to log in at will. These attacks cannot be prevented by enabling two-factor authentication because the apps are given long-term access to the account. They also remain unnoticed for a long time because users forget which apps they have granted permissions to access their accounts. Users should be vigilant in detecting suspicious activities on their accounts. Most accounts provide an account history that allows users to view the time and location their accounts were accessed from. Read more: SECURITYSCORECARD REVAMPS ITS CYBERSECURITY RISK MANAGEMENT PRODUCT AMIDST GLOBAL SHIFT TO REMOTE WORK

Read More

Google Top Choice for Cybercriminals for Brand-Impersonation Spear-Phishing Campaigns

Google | May 28, 2020

Phishing campaigns are now regarded as among the most prevalent cybersecurity threats as COVID-19 strands people at home, but after months of isolation, official data has confirmed it. A new report from Barracuda released today shows 100,000 attacks impersonating reputable brands, including Google and Microsoft, have targeted remote workers. More generally, 4% of all spear-phishing attacks in the period between January and April were made up by Google-brand impersonations, with that number expected to climb. It’s no secret that phishing campaigns are now regarded as among the most prevalent cybersecurity threats as COVID-19 strands people at home, but after months of isolation, official data has confirmed it. A new report from Barracuda released today shows 100,000 attacks impersonating reputable brands, including Google and Microsoft, have targeted remote workers between January 1 and April 30 2020. 65% of this figure impersonated Google, mostly via file-sharing and storage websites – including storage.googleapis.com (25%) docs.google.com (23%), storage.cloud.google.com (13%), and drive.google.com (4%). More generally, 4% of all spear-phishing attacks in the period between January and April were made up by Google-brand impersonations, with that number expected to climb. Brand-impersonation spear-phishing attacks have always been a popular and successful method of harvesting a user’s login credentials, and with more people than ever working from home, it’s no surprise that cyber criminals are taking the opportunity to flood people’s inboxes with these scams,” says Barracuda Networks UK systems engineer manager Steve Peake. “The sophistication of these attacks has accelerated in recent times: now, hackers can even create an online phishing form or page using the guise of legitimate services, such as forms.office.com, to trick unsuspecting users." Barracuda reported that Microsoft brands were targeted in 13% of attacks: onedrive.live.com (6%), sway.office.com (4%), and forms.office.com (3%). Learn more: GOOGLE AND KPMG SECURITY EXPERTS SHARE THEIR INSIGHTS ON COVID-19 RELATED CYBER SCAMS . “Brand-impersonation spear-phishing attacks have always been a popular and successful method of harvesting a user’s login credentials, and with more people than ever working from home, it’s no surprise that cyber criminals are taking the opportunity to flood people’s inboxes with these scams,” ~ Steve Peake Barracuda Networks UK systems This comes as Microsoft warned its userbase this week of a new widespread COVID-19 themed phishing campaign that installs the NetSupport Manager remote administration tool to completely take over a user's system and execute commands on it remotely. Microsoft’s Security Intelligence team claimed the campaign involved the usage of malicious Excel attachments to infect user's devices with a remote access trojan (RAT), with the initial attack beginning with an email impersonating the Johns Hopkins Center, a major source of credible COVID-19 news. Spear-phishing campaigns like this, which trick victims into sharing login credentials, have enjoyed massive success during the pandemic. “The sophistication of these attacks has accelerated in recent times: now, hackers can even create an online phishing form or page using the guise of legitimate services, such as forms.office.com, to trick unsuspecting users." Fortunately, there are ways to protect oneself against these cyber, such as implementing multi-factor authentication steps on all log-in pages so that hackers will require more than just a password to gain access to your data,”says Peake. “Other, more sophisticated methods of cyber protection include using email security software, such as API based inbox defence, which uses artificial intelligence to detect and block attacks.” Attackers use many tricks, including by leveraging enterprise brand assets, such as company names and logos, to develop phishing websites that appear authentic and lure internet users to enter valuable information such as user names and passwords. Phishing Protection helps prevent users from accessing phishing sites by identifying various signals associated with malicious content, including the use of your brand assets, classifying malicious content that uses your brand and reporting the unsafe URLs to Google Safe Browsing. This is through a combination of factors, including heightened fears over a globally penetrating issue and the worldwide trend of remote working, which increases risk landscapes generally. Google's Threat Analysis Group (TAG) works to counter targeted and government-backed hacking against Google and our users. This is an area we have invested in deeply for over a decade. Our daily work involves detecting and defeating threats, and warning targeted users and customers about the world’s most sophisticated adversaries, spanning the full range of Google products including Gmail, Drive and YouTube .In the past, we’ve posted on issues like phishing campaigns vulnerabilities and disinformation. Going forward, we’ll share more technical details and data about the threats we detect and how we counter them to advance the broader digital security discussion. Learn more: NEW CYBER THREAT INDEX SHOWS INDUSTRIES ARE UNDER ATTACK IN UNCERTAIN TIMES .

Read More

Events