Signs That You Need To Boost Your Cyber Defence

What Is Cyber Defence?

Cyber defence and cyber security involves the practices, processes, and technologies created to protect data, programs, devices, and networks from unauthorised access, damage, and attack.

It is essential to protect data stored on computers and other devices, especially information collected by medical, financial, corporate, military, and government organisations. Many of these organisations collect, process, and store large amounts of data to deliver services to their clients.

Most data contains sensitive information, such as personal data, financial data, and intellectual property, leading to negative consequences if the information lands in the wrong hands. One method that cybercriminals use to obtain data illegally is phishing.

What Is Phishing?

Phishing is when someone tries to gather sensitive data or personal/financial information using deceptive emails and websites. A phishing attack is a social engineering attack mainly used to obtain credit card numbers and login details illegally.

The attacker masquerades as an authorised entity, tricks the victim into opening a text message, instant message or email and after that, they’re tricked into clicking on a malicious link that leads to freezing a system through a ransomware attack, installing malware, or publicising sensitive information. Such an attack has devastating results, including identity theft, loss of funds, and unauthorised purchases using your credit card details.

Furthermore, the attack can control governmental or corporate networks as precedence to a more severe attack. An example of this is an advanced persistent threat (APT) where employees are compromised to obtain privileged access to protected data, distribute malware in their work premises, or bypass security checks.

An organisation that suffers such an attack can incur severe financial losses and declined market share, consumer trust, and reputation. Depending on the severity of the attack, the situation can also escalate into a significant security concern where a business may not recover quickly. This makes the need for cyber defence and cyber security solutions even greater.

These forms of cyber threats are executed in different ways, as illustrated below.

Deception-phishing

This is the most common type of scam where criminals impersonate a genuine company to obtain people’s login credentials and personal data. It is carried out through threatening emails that portray a sense of urgency to make the user do what they’ve been asked to do.

An attack through deception is carried out through the following:

Genuine Links

Fraudsters try to avoid detection by email filters by using genuine links in deceptive emails. This can be done by including the legitimate contact details of an organisation they are trying to spoof.

Blend Of Benign And Malicious Code

Criminals who create the landing pages blend benign and malicious code to deceive Exchange Online Protection (EOP), which is a cloud-based filtering service that helps protect organisations from spam and malware. It can be done by duplicating JavaScript and CSS code of a company’s login page to steal users’ account details.

Shortened And Redirected Links

To not raise red flags, the attackers use shortened URLs to deceive Secure Email Gateways (SEGs) to redirect users to their preferred landing page. This happens after delivering the email and redirecting it to a legitimate web page after the user has surrendered their credentials.

Altered Brand Logos

Email filters detect a fake company logo when incorporated by fraudsters in their attacks or their landing pages. They see imitation by scanning the logo’s HTML attributes. To deceive the detection tools, criminals such as one feature of the logo, such as the colour.

PhIshing email example

Minimum Email Content

Another way to avoid detection is including very little content in the attack emails, for example, using an image in place of text.

Example Of A Deceptive Email

PayPal users have been scammed through an email instructing them to click on a link to rectify an inconsistency with their account. The link takes the user to a website impersonating PayPal’s login page. They use the site to collect login details from the user when they try to verify their accounts and send the data to unauthorised parties.

To prevent this type of attack, you should inspect all URLs to establish if they redirect you to a suspicious or unknown website. It would be best if you also taught your staff members to do the same as the emails also land in their company inboxes. Be on the lookout for spelling errors, grammatical errors, and generic salutations.

Spear-phishing

In this kind of attack, the fraudsters use the target’s name, phone number, position, and any other relevant information to make the victim believe that they know the sender.

The aim of spear-phishing attacks is similar to deceptive-phishing emails; to make the victim click on a malicious email attachment or URL to give the criminals access to their data. This attack is typical on social media sites where attackers use numerous data sources to create an email.

Spear attacks are made using the following techniques:

Storing Damaging Documents On Cloud Services

Digital attackers continue to keep their malicious records on Google Drive, Box, Dropbox and other cloud services. It is not typical for the IT department to flag these services so a company’s email filters won’t detect malicious documents.

Compromise Tokens

These criminals are also trying to compromise session or API tokens. By doing this, they steal login details to email accounts and other resources.

Exploring Social Media

Cybercriminals need information on who works at their targeted company. Social media is one way of investigating an organisation’s structure and determining its next target.

Example Of Spear-phishing

During a crisis, such as the COVID-19 pandemic, most people are on edge and looking for information and direction from the government, employers, and other relevant authorities.

If one receives an email that seems to originate from any of the entities and instructs recipients to perform a task, they will rush to complete the task without scrutinising the email. This will lead to the victim’s device being infected with malware or being locked out of their account.

A common strategy used by scammers during the pandemic is to obtain login details from employees’ OneDrive accounts. The fraudsters are aware that people are working from home, hence sharing documents through OneDrive, making the platform an ideal place to carry out their attack.

Whaling

Whaling or whale-phishing is a type of spear-phishing, targeting high-value persons in a company, such as CEOs. Most of these cyber threats are directed at a company’s board of directors as they are most vulnerable.

They have immense authority within an organisation, but they communicate through personal email addresses when sending or receiving business-related correspondence as they are not full-time employees. Personal email addresses do not have the protection provided by corporate emails.

It can take time to gather information to deceive a high-value target, but the wait has a high payoff in the end.

In 2008, corporate CEOs were the target of this type of attack where the emails had attachments perceived to be subpoenas from the FBI. Upon opening the attachments, the scammers downloaded keyloggers onto the executives’ computers, where almost 2,000 executives were affected. The attack had a 10% success rate.

Whaling Phishing example

Whaling attacks succeed because executives do not undergo security awareness training when other employees are doing so. They also tend to not have the time to properly think about content that they receive and whether it is malicious or not.

To prevent whaling threats, organisations should make it mandatory for all company personnel to take part in security awareness training continuously. Companies should also employ multi-factor authentication (MFA) measures into their authorisation processes to require users to authorise payments through various ways and not through email alone.

In Conclusion

Cybercrime and risks continue to climb, and whilst some companies can detect some attacks, they cannot see all, and attacks evolve, become more sophisticated, harder to detect and morph with each passing day.

Humans also remain a prime risk and target, because at the end of the day, we are only humans and don’t all have the time and skill to spot phishing attacks. This means that organisations need to put cyber defences in place and conduct security awareness training for both employees and executives to detect these attacks. There are also other ways to reduce cyber risks that can be done fairly quickly and easily.

We have a selection of free tools if you would like to test who in your organisation may respond to a phishing attack or contact us for more information about cyber defences and cyber security training.