Posts

Phishing and Spear Phishing

This post is part of our Cyber Threat Series.

The Challenge:

Cyber criminals prefer Phishing attacks. Phishing and Spear Phishing remain the primary vector for Malware attacks. Hackers evenly distribute attacks between two variants: Malicious Email Attachment (39.9%)  and Malicious Link (37.4%).

Leveraging human nature, phishing attacks look and feel like legitimate emails. Recipient often miss the cues that the email is fraudulent. We respond by clicking links to malicious websites, opening pictures or videos with hidden downloads, or opening infected attachments.

Advanced phishing attacks correlate public information from social media and pirated information from compromised systems to further personalize the attacks. These advanced attacks do a better job of hiding the malicious intent. As such, even savvy users fall prey.

What to Do:

The best protection is multi-level and multi-vector:

  • Teach your users about the risks and how they can help prevent attacks. User awareness leads to smart decisions on when to trust and when it’s safe to click.
  • Protect your devices with “Next Gen” endpoint protection. This includes your desktops, laptops, and mobile devices. Phishing attacks are usually platform independent and, therefore, trigger from most any email client or application.
  • Protect your email with an independent advanced threat protection (ATP) service. ATP covers inbound and outbound traffic.  ATP uses pre-analysis and testing of links and attachments for mismatched domains, copycat content, and malicious behavior. This “sandboxing” lets the ATP service block attacks from reaching your inbox.
  • Add a DNS and Web Protection solution to your environment.  Web protection blocks infected or fraudulent web sites, including blocking malware on infected sites we trust. DNS protection prevents hackers from corrupting and using your domain identities.
  • Deploy backup/recovery and continuity services that protect your on-premise and cloud data. Should an attack make it through your protections, you should be able to keep your business running while you clean up the damage.

Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

5 Security Threats SMBs Should Not Overlook: Malicious Web Sites

Security Puzzle
As more services move into the cloud, users bring their own apps to their work environment, and we see more integration and interconnect between systems, the nature security risks and threats are changing.  

This blog series looks at some of these threats, why the should be of concern to SMBs, and how SMBs can mitigate the risks.


Many small and mid-size business owners look past security threats in the belief that their businesses do not have trade secrets or other information coveted by hackers.  This view is naive.  Small businesses are ripe for attack because they often have personal, credit, or medical information about their customers and their employees.

Your business may at risk even if you are not a deliberate target. Hackers and thieves cast wide nets to capture personal information for identity theft. For identity theft, your business IT is no different than home computers.

Many businesses respond that they have security in place.  A well managed firewall, a big name malware suite that updates periodically, and spam/virus protection for their email service.

Unfortunately, users are 20 times more likely to suffer a malware attack from a corrupted web site or a phishing attempt then through the “traditional” means of email and file transfers. While traditional malware tools may catch these types of attacks, web-based malware often behaves more like acceptable code.  The recent outbreak of “crypto locker” malware, which encrypts your data and holds it for ransom, is an example of just how ineffective traditional malware prevention alone can be.

The overlooked solution to closing the web-enabled malware threat is known and simple: web filtering.  Web filters not only track sites known to be risky, insecure, or containing malware, they analyze web traffic and behavior in real-time, identifying sites that may be compromised, including those hacked without the site owner’s knowledge.

For most SMBs, adding web filtering to the ecosystem is an affordable increase in IT spending, typically less than $3.00 per employee per month.   Given that a single malware event can take 20 to 60 hours to mitigate at a cost of thousands of dollars, web filtering is a value-add component for most IT ecosystems.


Cumulus Global can assist in selecting a web filtering solution for your business.  Please contact us, or complete the form below, for more information.

How to Spot Phishing Emails

Secure Cloud
“Phishing” is the process through which criminals attempt to steal you from you by getting you to respond to an email that appears to be legitimate.  Here is what to look for to avoid the trap.

URL Mismatch: Hover the mouse over any URLs in the email message and see if the destination URL matches what is in the message.  If not, you have a mismatch and you won’t land where you expect.

Misleading Domain Name:  If the link has an awkward domain name that does not end in a domain you know and trust, be afraid.  Scam artists will use domains like apple.otherdomain.com, hoping you think the link is related to Apple.

Poor Spelling or Grammar:  Companies that send emails to customers proofread them for proper English.  While mistakes happen, if the message reads “we please to lower your car payment”, it is likely trash.

Asks for Personal Information:  If any message — from your bank or your best friend — is asking for personal information like account numbers, credit card numbers, or the answers to your security questions, you are being phished.  Banks and companies you deal with already have this information, there is no need to ask.

Seems Too Good to Be True:  If it seems to good to be true, it probably is.  Enough said.

You Did Not Initiate the Action:  If the email tells you won a contest that you did not enter, or is responding to a call that you did not make, hit the delete button.  Most of these scams will ask for money to pay for award fees or taxes on a prize you did not win.

Wild Threats:  Banks, and even companies trying to collect past due accounts, will not make threats with unrealistic or wild consequences if you do not respond in a certain way. Legitimate collection notices will ask for payment or for you to contact them, they will not ask for account or personal information and threaten to seize assets or contact the police if you fail to respond to the email.  Legitimate companies will also provide a means to call.

Email from The Government:  In the US, the IRS, FBI, and other agencies do not initiate communications via email, they will send you a letter (or a subpoena if it’s really serious).  Be extra suspicious if the message contains a threat or dire consequence.

Not Quite Right:  If the message does not look right — if your gut is suspicious — you are probably right.  Delete the message.

 

When it Comes to Phishing, is Honesty the Best Policy?

Those of us in the anti-spam business have been scratching our heads recently as the number of messages getting through some of the best spam filters has jumped in recent weeks.  Many of these messages are phishing attempts with something in common.

The phishing messages do not attempt to hide their motive.

Huh?

That’s right.  The majority of the message is classic phishing.  Realistic sounding text (often without the grammatical issues) about account validation requirements and legitimate links to a real institution’s web sites.  The “action” link, however, is not hidden.  Recipients see that the link is to some weird URL that in no way looks like the organization supposedly sending the message.

Since spam filters are on the lookout for obfuscated URLs, having the URLs in the open seems to let the phishing messages fly just under the radar.

And clearly, those behind the phishing attack believe the enough recipients will click on the bad URL even though it doesn’t even look safe.  And, the sad fact is, they are probably right.

Recipient Beware.