Mortgage Broker 8Twelve Exposes Data of Canadian Residents

andreasc
-
0
Mortgage Broker 8Twelve Exposes Data of Canadian Residents
[ad_1]

GOOD: 8Twelve secured its server and was swift in restricting public access within hours of being alerted by the good folks at Website Planet.

Toronto-based 8Twelve Financial Technologies, a mortgage broker, was found to have a misconfigured database exposed to the public. The database contained the personal information of more than half a million individuals.

According to cybersecurity researchers at Website Planet, who identified the server, it was worse: the data was left exposed without any security authentication or password.

However, after researcher Jeremy Fowler and the Website Planet staff sent a responsible disclosure notice to the company, 8Twelve was swift in restricting public access within hours of the discovery.

The database contains 717,814 records of thousands of Canadian residents, with information related to mortgage loans, including

Full names

Phone numbers

Email addresses

Physical addresses and more.

Many of the records appeared to be mortgage leads of people who want to buy a house, refinance, obtain an equity line of credit, or purchase an investment property, the report states.

According to Website Planet, the database contained applicants’ names, emails, and phone numbers for work, home, and cell. Some records contained physical addresses, states, or provinces. As most of the data can relate to a specific individual, the data found in the records can be considered Personally Identifiable Information (PII).

Information submitted by the applicants about their financial standing, such as their credit scores, bankruptcies, savings, finances, and other data required to start the loan application process was also found on it.

Aside from applicant information, Website Planet reported that the records also included eight twelve employee names, email addresses, and internal notes about the prospective loan or customer, indicating whether an applicant was creditworthy or not. 

Mortgage Broker 8Twelve Exposes Data of Canadian Residents
Exposed data (Image provided by Website Planet)

Potential Dangers

A misconfigured database can be a major source of concern for organizations, as it can cause data breaches and other security issues. Not only can a malicious actor gain access to sensitive information stored in the database, but they may also be able to alter or delete existing data.

Furthermore, a misconfigured database can lead to an organization facing hefty compliance penalties due to its inability to protect customer data from unauthorized access.

The most common way for databases to become misconfigured is when their settings are not properly maintained or upgraded with the latest security protocols. This often leads to less secure authentication methods being used, as well as outdated encryption algorithms, which leaves them vulnerable to attack.

As businesses increasingly rely on databases for storing and managing their data, it’s essential that they ensure they’re properly configured and regularly monitored in order to protect against potential dangers.

  1. U.S. No Fly List Leaked on Hacker Forum
  2. Truck Brokerage Company Leaking 140GB of Data
  3. Servers Exposed 579 GB of Users’ Website Activity
  4. US & China Exposed Most misconfigured Databases
  5. US Military’s Social Media Spying Campaign Exposed

[ad_2]
Source link

Cyber attack against Royal Mail linked to Russia

andreasc
-
0
Cyber attack against Royal Mail linked to Russia
[ad_1]

A cyber attack against the UK postal service Royal Mail which saw the company request that customers stop sending mail abroad via its services has been linked to Russian hackers.

Royal Mail informed the public of the cyber attack on January 11, saying it had caused “severe disruption” to the computerized systems used to send mail abroad. The company “immediately launched an investigation into the [cyber] incident” and utilized the help of the UK’s National Cyber Security Centre, Information Commissioner’s Office and National Crime Agency to halt further attacks.

The system affected by the cyber attack has been used at six Royal Mail sites including at the company’s Heathrow Airport distribution center and has been used to track and trace items sent abroad, as well as to prepare mail to be dispatched overseas.  

In the wake of the “cyber incident”, as it was referred to by Royal Mail, the company asked customers to stop sending mail abroad due to severe delays, which included being temporarily unable to export or dispatch items. There were also minor delays to incoming mail to the UK from overseas, although domestic mail was not affected by the attack.

On January 12, it was reported by multiple news sites that the previously referred to “cyber incident” was in fact a cyber attack against Royal Mail by Russian ransomware-as-a-service (RaaS) gang LockBit.

Printers at Royal Mail distribution center in Belfast, Northern Ireland, began to print letters from the gang. The letters allegedly informed those in the office that LockBit black ransomware was responsible for the disruption and that “your [sic] are stolen and encrypted” and a threat to post it online if the ransom demands are not met.

Cyber security news site Bleeping Computer reported that it had seen an unredacted version of the ransom letter and confirmed that it did include “the Tor websites for the LockBit ransomware operation”. The site noted, however, that the decryption ID provided in the note that would allow Royal Mail to communicate with the malicious actors did not work. Bleeping Computer said it was unclear whether the ID was deleted after the ransom note was circulated or if negotiations were moved to a new ID to “avoid scrutiny from journalists and researchers”.

The Royal Mail has not publicly said that LockBit was responsible for the attack.

What is LockBit?

LockBit is a Russian RaaS organization that uses double extortion methods in its cyber attacks. In double extortion attacks, malicious actors both steal and encrypt sensitive data, which places additional pressure on the victim to pay the ransom.

The gang has been active since 2019 and has quickly become notorious. It was found by Digital Shadows that LockBit was responsible for 38 percent of ransomware attacks worldwide from January 2022 to March 2022. 
Using its malware tool Stealbit and encryption system Lockbit 2.0, the gang automates data exfiltration to extort its victims.

The gang has attack a number of large organizations and corporations including the French Ministry of Justice, Bridgestone Americas, Thales Group and Bangkok Airways


[ad_2]
Source link

KillNet hits healthcare sector with DDoS attacks

andreasc
-
0
KillNet hits healthcare sector with DDoS attacks
[ad_1]

According to CISA, the pro-Russian KillNet group is actively targeting the US and European healthcare sectors with DDoS attacks.

At the end of January, the Health Sector Cybersecurity Coordination Center warned that the KillNet group is actively targeting the US healthcare sector with distributed denial-of-service (DDoS) attacks.

The Cybersecurity and Infrastructure Security Agency (CISA) says it helped dozens of hospitals respond to these DDoS incidents.

DDoS

A distributed denial-of-service attack uses numerous systems to send network communication requests to one specific target. Often the attackers use enslaved computers, “bots”, to send the requests. The result is that the receiving server is overloaded by nonsense requests that either crash the server or keep it so busy that normal users are unable to connect to it.

This type of attack has been popularized by numerous hacker groups, and has been used in state-sponsored attacks conducted by governments. Why? Because they are easy to pull off and hard to defend against.

KillNet

KillNet is a pro-Russian group that has been notably active since January 2022. Until the Russian invasion of Ukraine, KillNet was known as a DDoS-for-hire group. Now they are better known for the DDoS campaigns launched against countries supporting Ukraine. In previous campaigns the gang has targeted sites belonging to US airlines, the British royal family, Lithuanian government websites, and many others, but now their main focus has shifted to the healthcare sector. Not for the first time by the way—the group has targeted the US healthcare industry in the past too.

These attacks are not limited to the US. Recently, the University Medical Center Groningen (UMCG) in the Netherlands saw its website flooded with traffic. That attack was attributed to KillNet by the country’s healthcare computer emergency response team, Z-CERT.

The KillNet group runs a Telegram channel which allows pro-Russian sympathizers to volunteer their participation in cyberattacks against Western interests. This sometimes makes it hard to attribute the attacks to this particular group since the attacks will originate from different sources.

The attacks

KillNet’s DDoS attacks don’t usually cause major damage, but they can cause service outages lasting several hours or even days. For healthcare providers, long outages can result in appointment delays, electronic health records (EHRs) being unavailable, and ambulance diversions.

According to CISA, only half of the KillNet attacks have been able to knock websites offline. CISA says it worked with several tech companies to provide free resources to under-funded organizations that can help them reduce the impact of DDoS attacks. It also plans to continue working with the US Department of Health and Human Services (HHS) to communicate with hospitals about government assistance and third-party services.

Mitigation

Although it can be difficult to mitigate DDoS risks, the Health Sector Cybersecurity Coordination Center (HC3) is encouraging healthcare organizations to enable firewalls to mitigate application-level DDoS attacks and use content delivery networks (CDN).

Scrambling for a solution at the moment you find out that you are the target of a DDoS attack is not the best strategy, especially if your organization depends on Internet-facing servers. So, if you don’t have an “always-on” type of protection, make sure you at least have a plan or protocols in place that you can follow if an attack occurs.

Depending on the possible consequences that would do the most harm to your organization, the chosen solution should offer you one or more of these options:

  • Allow users to use the site as normally as possible.
  • Protect your network from breaches during an attack.
  • Offer an alternative system to work from.

The least you should do is make sure you’re aware of the fact that an attack is ongoing. The sooner you know what’s going on, the faster you can react in an appropriate manner. Ideally, you want to detect, identify, and mitigate DDoS attacks before they reach their target. You can do that through two types of defenses:

  • On-premise protection (e.g. identifying, filtering, detection, and network protection).
  • Cloud-based counteraction (e.g. deflection, absorption, rerouting, and scrubbing).

The best of both worlds is a hybrid solution that detects an attack on-premise early on and escalates to the cloud-based solution when it reaches a volume that the on-premise solution cannot handle. Some DDoS protection solutions use DNS redirection to persistently reroute all traffic through the protectors’ network, which is cloud-based and can be scaled up to match the attack. From there, the normal traffic can be rerouted to the target of the attack or their alternative architecture.

CISA encourages all network defenders and leaders to review these three documents:

Ransomware warning

Several security agencies and providers have warned that DDoS attacks are being used as cover for actual intrusions involving ransomware and data theft. In these attacks, the DDoS acts as a smokescreen, drawing attention from the far greater danger posed by the ransomware.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


[ad_2]
Source link

Malicious actors gain access to GitHub source code

andreasc
-
0
Malicious actors gain access to GitHub source code
[ad_1]

GitHub has reported that a malicious actor gained access to a set of repositories used in the planning and development of GitHub Desktop and text and source code editor Atom.

The source code repository said that it became aware of the data breach after “unauthorized access” was detected on its servers on December 7, 2022. A set of encrypted code-signing certificates were stolen during a breach. GitHub reported that the certificates were password-protected and there was “no evidence of malicious use”.

The hacker gained access to the source-code repositories on December 6, 2022, after using a compromised Personal Access Token (PAT) associated with a machine account to clone repositories from its Atom, desktop and “other deprecated GitHub-owned organizations”.

As a preventative measure, GitHub has said that it will “revoke the exposed certificates used for the GitHub Desktop and Atom applications” meaning users must update their applications before February 2, 2023, to continue using them.

CircleCI phishing attack against GitHub

On September 16, 2022, GitHub reported a phishing attack that involved a malicious actor posing as code integration and delivery platform CircleCI in order to harvest login credentials and authentication codes from employees and gain access to various user accounts.

The phishing site used by the hacker relayed time-based-one-time-passwords (TOTP) two-factor-authentication codes to the hacker in real time, allowing them to gain access to accounts protected by TOTP two-factor authentication. Accounts protected by hardware security keys were not vulnerable to this attack.

Throughout the attack, the malicious actor was able to gain access to and download multiple private code repositories and use techniques to preserve their access to the account even in the event that the compromised user or organization changed their password.

GitHub supply-chain attack affects 83 million developers

On August 3, 2022, a cyber attack against GitHub was discovered by software developer Stephen Lacy. During the attack, a bad actor cloned and added malicious code to more than 35,000 GitHub repositories while keeping the code’s original source code.  

Almost 40 percent (13,000) of the repositories affected originated from a single organization, referred to as “redhat-operator-ecosystem” on the site, a spoof of RedHat OpenShift Ecosystem.

The cloned projects attempted to trick users into clicking on them by spoofing genuine user accounts, using names very similar to the original projects they were clones of and using legitimate-sounding organization names. 

The malicious code allowed the repositories to collect information on the environment they were executed in, for example information on the device that executed it and its user. It also had the potential to collect other sensitive data.

The code could also download additional malware from a third-party site allowing it to further exploit any application or environment that was using the malicious cloned code originally introduced to the GitHub repositories.

The weaponized code could lead to developers accidentally downloading cloned code repositories which contain the malicious code. If used in their applications, this would then lead them to exposing their users to code which includes malware. With an 83-million-strong developer audience, the ramifications could prove devastating.

The attack was reported to GitHub by Lacy, who claimed to have “cleaned up” the attack and stopped it spreading further by removing the affected projects and organizations. 


[ad_2]
Source link

Apple Executive Explains the HomePod’s Return to Market

andreasc
-
0
Apple Executive Explains the HomePod’s Return to Market
[ad_1]

HomePod

In a recent discussion, Apple’s VP of hardware engineering Matthew Costello explains why the tech giant rereleased the full-sized HomePod. 

In March 2021, Apple announced that it was discontinuing the original full-sized HomePod after four years on the market. Instead, the company would now focus on the HomePod mini introduced the previous year, says the press release. 

However, Apple has changed its perspective on the full-sized HomePod. 

A few days ago, the Cupertino-based tech giant released a video to announce a second-generation full-sized HomePod with the same design as the original. Furthermore, the new smart speaker will start shipping to buyers tomorrow. 

So why did Apple bring back the OG HomePod? 

Well, Apple’s VP of hardware engineering, Matthew Costello, answers the question in an interview with TechCrunch. The Apple executive also offers fascinating insights into the second-ten HomePod’s limitations. 

Let’s dive right in. 

Why Apple Reintroduced the Full-Sized HomePod and its Wi-Fi 4 Limitation

Costello suggested that Apple had analyzed specific data from the HomePod mini and original HomePod. Then it repurposed that information into creating a new smart speaker that can attain several experience goals. 

“We deeply studied the learnings from the first HomePod and HomePod mini,” says the VP of hardware engineering. “And we introduced the new HomePod when it was able to achieve our broad range of experience goals.”

While the first-generation HomePod supports Wi-Fi 5, the newly-announced version uses Wi-Fi 4 connectivity. Unfortunately, Costello was unable to explain the reason for the step back. He noted that it should not affect performance. 

“HomePod features Wi-Fi 4 connectivity that allows us to target exactly what works best in the entire system,” Costello tells TechCrunch. “Making sure Siri requests are responsive, and ensuring a consistent experience for all you are listening to, controlling your smart home accessories and more — all while being energy efficient.”

The Apple executive also explains why it’s impossible to pair the new HomePod with an original model. Costello says:  

“When creating a stereo pair, it’s important that the audio characteristics match for an optimal, balanced experience. The new HomePod delivers immersive, room-filling sound users love — with even more detail, clarity, and layers than the original HomePod — so we wanted the acoustical imaging to be as pure and consistent as possible from generation to generation.”

The second-generation HomePod launches on Friday in the United States, Canada, Germany, Spain, Italy, U.K. Japan, and Australia. It’s currently available to pre-order for $299.


[ad_2]
Source link

Previously banned accounts are making Twitter millions of dollars

andreasc
-
0
Previously banned accounts are making Twitter millions of dollars
[ad_1]

Elon Much made some major changes to Twitter, bringing forth a new age for the bird app. This included bringing back accounts that were once exiled from the platform. Well, it turns out that Twitter is going to make millions of dollars from previously banned accounts.

So, Twitter has gone through several changes over the past couple of months, and that involved bringing back people who were kicked off of the platform. This includes people like Gateway Pundit, Robert Malone, and Andrew Tate. Of all the changes the billionaire brought, this one has definitely caused some backlash.

Twitter will make millions from previously banned accounts

So, this definitely isn’t a good look for Twitter, as the company will make a lot of money off of the back of previously banned accounts. As you know, the company makes money from ad revenue. The more traction that an account gets, the more money that Twitter makes from ad interactions.

So, larger accounts keep Twitter fed. Now, a new report from the Center for Countering Digital Hate (CCDH) (via Engadget) suggests that a handful of previously banned accounts is wracking up a pretty penny for the site. The CCDH looked into 10 of the top banned accounts and discovered that the company will make about $19 million each year from those accounts.

That’s a lot of money, but it’s unfortunate that these accounts were banned for “publishing hateful content and dangerous conspiracies.” Again, that’s a bad look on the company, as accounts like these caused such an uproar on the platform.

We know that Elon Musk is a big supporter of freedom of speech, so that’s the prime reason that he brought them back. However, the added money could possibly be the icing on the cake. Musk is on a mad dash to make Twitter more profitable as a company. This included cutting a ton of jobs, making Twitter Blue more expensive, and other extreme measures.

We’ll just have to see how this change affects Twitter’s culture as a whole. Only time will tell.


[ad_2]
Source link

All you need to know to watch the Biggest Game of the Year

andreasc
-
0
All you need to know to watch the Biggest Game of the Year
[ad_1]

The biggest sporting event of the year, is set to take place on February 12, 2023. That would be Super Bowl LVII or Super Bowl 57.

This year, we have two teams that have won Super Bowls in the last five years, which doesn’t happen often. But we have the AFC Champion Kansas City Chiefs, taking on the NFC Champion Philadelphia Eagles. And it’ll be taking place at State Farm Stadium in Glendale, Arizona. This stadium has been home to a number of Super Bowls in the past.

It’s also the first year that we have two African-American Quarterbacks playing each other in the Super Bowl in the Chief’s Patrick Mahomes and the Eagles’ Jalen Hurts. We also have the Kelce brothers playing each other in the Super Bowl. Which means their parents are rooting for both teams, of course.

Who’s playing in the Super Bowl?

This year, the two teams in the Super Bowl match up really well. Both finished the season at 14-3, and have won their two playoff games for a record of 16-3 this year. Both teams have also scored 546 points, which is pretty incredible. And as mentioned before, both teams have a Kelce brother playing. So this could be one of the more competitive Super Bowls we’ve seen in recent memory.

Currently, Philadelphia is a 1.5-point favorite over Kansas City. So it’s essentially a toss-up, according to Las Vegas. This is going to be a game you won’t want to leave after halftime. As it could come down to the last play of the game. Just like it did for Kansas City when it played Cincinnati two weeks ago to get to the Super Bowl.

What time does the Super Bowl start?

The Super Bowl will take place on February 12. Kick-off is set for 6:30PM EST. This is the same time that it kicks off every single year.

However, since this is the biggest sporting event of the year, there will be many hours of pre-game coverage starting earlier in the day. And even some the day before the Super Bowl.

This year, the Super Bowl will be on FOX. The three major networks that carry NFL games (CBS, FOX, and NBC) rotate who hosts the Super Bowl. And this year, it’s FOX’s turn to host the Super Bowl (last year, it was NBC, and next year will be CBS).

How To Watch Super Bowl 2023

There are many, many ways to watch the Super Bowl this year. Any streaming service that has FOX available, will be a good option. You can also watch via an OTA antenna, Peacock, or even on NBCSports’ website for free. Which for cordcutters, that might be the best bet.

OTA Antenna

FOX is a “local” channel, meaning that it is free. And all you need to do is get an antenna and put it in your window to get it and a few other channels. Since you aren’t going to be paying monthly for this antenna, it’s the cheapest way to get NBC for the Super Bowl and beyond. It will also include channels like ABC, FOX, and NBC, as well as a few others, depending on your market.

Amazon has a few great options for OTA Antennas that won’t cost a fortune. Like this one here, that is priced at $25.99. It offers 120-mile range too. Which is going to be good for those that are in the sticks and might be far away from a particular market.

Fubo TV

Fubo TV is not cheap necessarily, but it does have a ton of channels available, which makes its $59.99 per month price, pretty good.

super bowl 2020

For that $59.99 price tag, you are getting 103 channels included, as well as 500 hours of cloud DVR space. And in that 103 channels, you are getting all of your locals and that does include NBC. There is of course, a free trial available. So if you were looking to try it out before you purchase, you can do that too.

YouTube TV

This is going to be the most popular option, simply because of the features and its price. YouTube TV has all of the local channels in all (but a handful of) markets around the country. So it most likely has your local FOX affiliate.

YouTube TV also offers 70+ channels for $49.99 per month, making it cheaper than Fubo TV. But where it really shines is in its cloud DVR. You see, YouTube TV allows you to record everything, since it offers unlimited cloud DVR. Which you can access from anywhere, and all content stays in your DVR for nine months. That’s a feature that you will not find anywhere else.

Watch on FOX Sports

Typically, Fox will also show you the game for free on FOX Sports. So you can watch it on your smartphone, laptop or on the big screen with the FOX Sports app. Since the Super Bowl is always on a “free” channel, it’s typically available to stream for free, which is definitely nice to see.

Wrap Up

Whether you watch football or not, you’re going to want to watch Super Bowl 2022. There won’t be any other content on, as other networks know not to even try to compete with the Super Bowl. And there are plenty of other reasons to watch. A lot of people watch the ads, which the ads during the Super Bowl are some of the best of the year and most expensive. It’s reported that a 30-second ad during the Super Bowl this year is running $7 million.

On top of that, we have the Apple Music Halftime show, headlined by Rihanna. Who is a nine-time Grammy winner, she has had 14 number-ones and 31 top-10 singles in the US. Now the real question is who will Rihanna bring with her to her halftime show? Last year, in LA we had Eminem, 50 Cent, Snoop Dogg and Dr Dre. Which made for a pretty epic halftime show. Though this year, the sponsor is no longer Pepsi, it’s now Apple Music. So things might change.


[ad_2]
Source link

Dark Web Hitman Paid with BTC to Murder Teen Victim

andreasc
-
0
Dark Web Hitman Paid with BTC to Murder Teen Victim
[ad_1]

The 31-year-old man paid $20,000 to a supposed murder-for-hire website on the dark web, which turned out to be a scam.

A resident of Haddonfield, New Jersey, John Michael Musbach pleaded guilty before U.S. District Judge Joseph H. Rodriguez for hiring a hitman to murder a 14-year-old, the Department of Justice said on Tuesday.

The 31-year-old exchanged sexually explicit photographs and videos with the then-13-year-old victim during the summer of 2015. After the victim’s parents found out about the inappropriate contact, they informed law enforcement, who identified Musbach in the case, the Department of Justice revealed.

Musbach intended to have the victim killed so that the victim would be unable to testify against him in the pending criminal case.

Dark Web Hitman Paid with BTC to Murder Teen Victim
John Michael Musbach (Image credit: The DoJ)

According to the DoJ’s press release, from May 7, 2016, to May 20, 2016, Musbach remained in contact with the administrator of a murder-for-hire website on the dark web.

“Musbach asked if a 14-year-old was too young to target, and upon hearing that the age was not a problem, paid approximately 40 bitcoin (approximately $20,000 at the time) for the hit,” prosecutors said. 

Upon making the payment, Musbach maintained contact with the administrator, inquiring about when the murder would take place. When the website manager attempted to charge him an additional $5,000 for carrying out the attack, Musbach decided to cancel the hit and asked for a refund.

The website’s administrator then admitted that the website was a scam and threatened to turn him over to law enforcement.

Musbach faces a maximum penalty of 10 years in prison and a fine “of the greater of $250,000, twice the gross profits to Musbach or twice the gross losses of the victim of his offence”  for his attempts to have the teen murdered.

He is scheduled to be sentenced on June 13th, 2023.

More Dark Web News

  1. 8 Online Best Dark Web Search Engines for Tor Browser
  2. Student Running Germany’s Largest Dark Web Market DiDW
  3. What Are Dark Web Search Engines and How to Find Them?
  4. Dark Web search engine Kilos lets users find hidden markets
  5. Largest Dark Web Webinjects Marketplace “In The Box” Found

[ad_2]
Source link

The vulnerabilities caused by weak email security

andreasc
-
0
The vulnerabilities caused by weak email security
[ad_1]

Why email security

Threats to email security are on the rise. Research conducted for Cyber Security Hub’s Mid-Year Market Report 2022 found that 75 percent of cyber security practitioners think that email-based attacks such as phishing and social engineering are the ‘most dangerous’ cyber security threat to their organizations. Companies must protect this vulnerable asset without compromising its efficiency in communication.

Email security is integral to protecting companies from external threats but also essential to protecting a brand’s customers from outbound threats such as phishing, data breaches and business email compromise (BEC). Without sufficient email security strategies, companies open themselves, their clients, and their customers to the consequences of cyber security incidents.

Threats to email security not only encompass attacks from bad actors but the internal function of the company. Research from Stanford University found that 88 percent of all data breaches are due to an employee mistake, meaning companies must be hypervigilant when training their employees. This training should take place in an easily accessible format so that information is easily retained by employees and future mistakes are avoided.

This threat to the internal workings of a company can also led to further damage to its brand if not dealt with swiftly and effectively. Even long-time customers may lose faith in organizations if they feel they are unable to trust in their cyber security strategy, especially when their personal data is on the line.

In this article, Cyber Security Hub provides guidance on how to implement excellent email security and make sure your employees understand its importance.

Also read: Report on cyber security challenges and spends

The vulnerabilities caused by weak email security

Overlooking email as a security risk is a dangerous oversight for any organization. In 2020, professional services network Deloitte reported that 91 percent of all cyber-attacks began with a phishing email.

There are a number of threats poor email security present, ranging from social engineering attacks, phishing and account compromise to takeover and data theft. Phishing attacks can target users’ passwords and accounts that could contain sensitive and valuable customer information. Credential theft is also a risk as employees may reuse passwords for multiple different platforms across their business and personal life, weakening a business’s security if any of these accounts are compromised or exposed during a data breach.

Djon Ly, digital marketing manager at money service operator Statrys, says that there is no reliable way for businesses to manage passwords or ensure that employees regularly change their passwords. Social engineering and sophisticated hacking techniques can make it difficult for employees to correctly identify fraudulent emails, Ly notes, even if an organization has email protection or holds regular security training.

“Frequently, phishing emails will ask recipients to reset passwords or log in to a fraudulent account website in order to harvest credentials. Even if an organization has email protection and regular security training, it can be very difficult for users to determine whether or not an email is fraudulent,” she explains.

Muhammad Babamia, IT internal audit specialist for cyber security and data and analytics at South African investment holding company Transaction Capital, agrees, stating: “The greatest risk to email security are careless employees.

“People are the weakest link from a cyber security perspective,” he adds. “This is especially true in terms of email security. While email configuration and security layers aid in reducing email-related breaches, they remain in place in some form of reliance on diligence of humans.”

When it comes to email security, while the best software measure may be put in place, true email security also hinges on employees’ abilities to understand why and how the company may be attacked via email, and what to do in the case of a compromise.

“People are the weakest link from a cyber security perspective – this is especially true in terms of email security.”

Muhammad Babamia, IT internal audit specialist at Transaction Capital

The consequences of phishing campaigns can be devastating for businesses. In 2014, Sony Pictures’ employees, including system engineering and network administrators, were targeted with fake emails that looked like legitimate communications from Apple, asking them to verify their Apple ID credentials.

By clicking on the link provided, employees were taken to a legitimate-seeming webpage that required them to input their login details. As these emails were targeted at those who would most likely have access to Sony’s network, these details were then used to hack into its network.

The spear phishing campaign led to multiple gigabytes of data being stolen including business-related content, financial records, customer-facing projects, and digital copies of recently released films. The hack cost Sony an estimated US$15mn.

Kym Welsby, regional director for APAC at Clearswift, a HelpSystems company, notes that one of the main issues with ensuring email security is that email was designed with no security functionality from its outset.

“[Email having no security] was the secret of its success. This was fine when relatively fewer people were using it to contact people they knew only, but with its expansion people no longer know who is contacting them,” Welsby explains.

As employees within a business will be used to people from outside the company contacting them, as well as speaking to people they do not know in a business capacity, this can make them less wary of potentially dangerous or fraudulent emails. There are a number of threats when it comes to email security, from direct attacks on employees through phishing campaigns or social engineering to a lack of security functionality in email.

In the next section of this report, we will explore how to combat these threats.

“[Email having no security] was the secret of its success. This was fine when relatively fewer people were using it to contact people they knew only, but with its expansion people no longer know who is contacting them,”

Kym Welsby, Regional director for APAC at Clearswift, a HelpSystems company

Ensuring email security within your business

Email-based attacks like phishing and social engineering that directly target employees within a business can have devastating consequences for businesses, with three in four cyber security professionals surveyed for Cyber Security Hub’s Mid-Year Market Report 2022 stating these attacks are the ‘most dangerous’ threat to cyber security.

These attacks directly target employees inside a business, placing the responsibility for ensuring the attack does not progress in their hands. Additionally, these attacks often rely on psychologically manipulating employees. They can be very effective in convincing employees to act in ways they would not usually, even if they have had security training.

The effectiveness of phishing attacks may rely on how effectively employees can evaluate whether an email is safe. This can be an issue if employees do not pay attention to cyber security training. Clearswift’s Welsby explains that this complacency in this task may be due to a misconception from those within a business that their antivirus or antimalware software is sufficient to block any and all threats. As antivirus software can only stop and prevent known threats such as malware or ransomware, however, if a breach attempt involves a new, unknown file or URL, it may not be able to block an attack.

Ensuring good cyber security within businesses requires employees to be engaged with their training so they are better able to retain the information and use it at a later date when they do come across cyber security threats.

How to engage employees with email security

In a discussion between Cyber Security Hub’s Advisory Board, one member suggested that linking email security to a company’s universal goals was very beneficial. This involves conducting multiple phishing tests throughout the year, with the score of said tests affecting a businesses’ bottom line. This is because phishing attacks have an indirect influence on a company’s bottom line. Cyber-attacks cost a lot of money, meaning if a cyber-attack occurs, companies will lose money in operations costs. Additionally, cyber-attacks may lead customers to lose trust in a company and take their business elsewhere, leading to an overall drop in revenue. With bonuses directly linked to profit, financially motivated employees should be more diligent in not clicking on potentially dangerous links, as their good behavior is reinforced and rewarded.

Also read: Strenghthen email security & protection against ransomware attacks

Jorel Van Os, chief information security officer at insurance company Acrisure, suggests companies can better engage their employees by employing the use of short-form video content using real-life case studies as examples.

“[The videos are] a testimonial, with an actor reenacting real case studies,” Van Os remarks. “I think that’s a good, compelling way to [train employees].

“They are one to two minutes each, he explains. “We did a micro-survey on the videos in terms of length of content, effectiveness of content and delivery of content, and we got 4.8 out of five stars out on across hundreds or thousands of people that rated it.”

One such example is a testimonial from an actor posted on LinkedIn entitled ‘My LinkedIn post cost my company a fortune’. In the testimonial, the actor explains that someone posing as a recruiter enticed him into communicating with them first through comments on his LinkedIn posts, then via messages with a lucrative job offer.

The faux recruiter built a relationship with him, and finally sent him a PDF which, supposedly, contained the job offer. Instead, it contained only a cover letter and two blank pages. When the actor reached out to the supposed recruiter, they explained that it was a secure file, and prompted him to download and install a secure PDF reader. When this still did not work, the actor contacted the recruiter again, but the recruiter did not respond to any of his messages. He dismissed this, but weeks later there was a data breach at his company that cost the company millions of dollars. The breach was traced back to him, as the PDF reader had actually contained malware that was used to level an attack against the company.

The actor explains that job scam attacks are becoming more prevalent as people are expected to communicate with strangers, and download the attachments sent to them.

Van Os says that by doing this companies can help employees realize that they are involved with the email security of a business, as well as offering them a framework of what to do during a cyber security incident. It can also provide them with tips of what to look for in potentially malicious communications.

Companies can employ other tactics to keep employees engaged, says Transaction Capital’s Babamia.

“Traditional ‘death by PowerPoint’ presentation styles often lead to bored and inattentive learners,” Babamia remarks. “Organizations need to ensure that participants are engaged through various means of learning such as gamified learning and the use of incentives to promulgate better learning.

“Simulated phishing attacks are a great way to pick out unaware employees. With scare tactics in mind, employees should be more focused to ensure that the consequences of their actions do not lead to a severe breach of the organization’s information security,” he notes.

Ensuring email security beyond employees

In terms of ensuring email security beyond training, Clearswift’s Welsby notes that a layered solution is best, as there will need to be different controls to respond to different threats. He recommends combining content protection like structural sanitization – removal of active content within the email body and attachments and removal or rewriting URLs to go through a different web browser. Identity protection is particularly important, as social engineering and phishing attacks often rely on posing as someone with authority within the business. By looking for the good senders rather than preventing the bad, this allows software to identify and block bad actors post-delivery, preventing the spread.

Kemas Ohale, head of global information security operations at manufacturer of pneumatic control devices SMC Corporation, notes that using an email security solution that combines the power of threat detection artificial intelligence (AI) or machine learning (ML) with the power of the human to form a complete solution can be “highly effective” in keeping organizations safe.

“AI or ML cannot do it alone and neither can humans,” Ohale remarks. “Combining the two into a single solution and reducing the load on our security team through extensive automation is the optimal way to ensure inboxes are as secure as they can be.”

Email security can be ensured by engaging with employees and showing them how cyber security is inherently tied into their job. Beyond this, companies must engage defense strategies including email authentication protocols such as DMARC, structural sanitization and the use of AI or ML to help detect and neutralize threats to protect the email system. In the next section, this report will discuss the importance of email security in protecting your brand.

How email security can protect your brand

Email security is not just important for internal data safety, but for a company’s external brand. Bad email security can affect customers in multiple ways, from exposing their personal information to causing them to see a brand as less secure or trustworthy.

Clearswift’s Welsby notes that while most people think email security is about protecting their organization from threats, companies also need to protect their outbound emails and tell customers and clients to reject messages that are not from the company.

Welsby explains that while using DMARC authentication to detect and prevent email spoofing techniques used in phishing, business email compromise (BEC) and other email-based attacks seems easy in principle, it can be complicated – especially for large organizations.

Also read: 5 steps guide to build email security strategy

“We have had clients use applications to allow others to send emails on their behalf and had one organization that found it was using 200 more email applications than it realized it was using,” says Welsby. “As it was a big retail brand with many custom-built applications and service providers sending emails on its behalf, it took two years to establish the use cases [for email applications to send emails on their behalf].

“Brand protection makes it easier for brands to establish who they are and what services they use,” he adds.

Transaction Capital’s Babamia notes that as largerscale attacks may lead to high-sensitivity email disclosure, should attackers leak highly confidential information to the public, which can affect trust in a company. If this trust is broken, customers may leave the company and use a competitor instead, leading to a potential drop in revenue.

Customers can lose trust in brands when they believe they are not appropriately securing their data, leading to concerned customers to switch to different brands. By ensuring that both employees are fully engaged with and retain information from training, and that there is a robust email security solution in place, companies can put themselves in a better place to identify and mitigate cyber security incidents.

“Brand protection makes it easier for brands to establish who they are and what services they use.”

Muhammad Babamia, IT internal audit specialist at Transaction Capital

Final remarks

There are a number of threats to email security that employees must face. The most dangerous of these are social engineering and phishing attacks, as they directly target employees and can have potentially devastating consequences for their company.

Email security is fundamentally reliant on employees being vigilant against potential inbound attacks. In order to ensure all employees are in the best place to recognize and not engage with malicious emails, companies must take into consideration the way they are educating their employees in regard to cyber security. Using more engaging techniques like shorter videos, relating the content to themselves as employees or using a rewards-based system can help engage employees better, meaning they are in a better position to ensure email security.

Additionally, companies should ensure that they have robust security in place, including the use of structural sensitization and identity protection like DMARC. By using these methods, companies can ensure that phishing attacks are less successful, as URLs can be deemed as safe before they are clicked on, and malicious actors who attempt to pose as higher-ups in the company during social engineering or phishing attacks will be less likely to succeed.

By doing this, companies can protect their employees and the business itself from cyber criminals and in bound threats, while protecting clients and customers from outbound threats. By communicating these efforts with clients and customers, they can build trust in their cyber security, and prevent a loss of trust if a cyber security incident happens as if customers feel their data is not adequately protected, they may leave a business and take their custom elsewhere.

Read a PDF of the Report Here

How do you maintain good email security to strengthen your business model? Please let us know in the comments section below.


[ad_2]
Source link

What is business email compromise?

andreasc
-
0
What is business email compromise?
[ad_1]

In this article, Cyber Security Hub explores how cyber attackers use threat vectors like phishing, social engineering and ransomware to enact business email compromise (BEC).

Cybercrime is an ever-growing issue across virtually every industry. Expected to have a global cost as much as US$10trn by 2025, companies must fight to combat malicious actors seeking to gain from cyber attacks against them.

Threat actors increasingly use multiple threat vectors during attacks to overwhelm companies and make it easier for them to gain access to their network. This is makes it more important than ever to safeguard the most common vehicle for an initial breach point – email.  

The majority of hacking groups (65 percent) utilize email-based spear phishing campaigns as their primary attack vector. This cyber attack method targets specific individuals within an organization with the goal of compromising their credentials and using their privileged access to gain further control of a business’ network or steal information that only certain employees have access too.

These campaigns can have a devastating impact, not least from a financial perspective; in May 2022, the US Federal Bureau of Investigation (FBI) reported that BEC had led to a total loss of $43.3bn between June 2016 and December 2021.

In this Cyber Security Hub article will highlight the key vulnerabilities for those without sufficient email security and explain how to block threat actors from carrying out successful attacks while mitigating data loss and fraud.

Read also: Prevent advanced ransomware attacks with good email security

Email security must not be ignored

As the ransomware-as-a-service (RaaS) economy matures, ransomware gangs are demonstrating supreme confidence in their debilitating actions.

In January of this year, the UK’s Royal Mail had to completely halt all dispatch of items overseas after it became the victim of an alleged LockBit ransomware attack. The ransomware caused “severe disruption” to the computerized systems used to send mail abroad and resulted in Royal Mail requesting that customers stop sending mail abroad in the wake of the ransomware attack.

Verizon also noted a 13 percent increase in ransomware breaches in 2022. As ransomware can be spread via BEC, this statistic is especially worrying.

During email-focused cyber attacks, malicious actors may target low-level data within the attack’s early phases. This low-level data can then be used to gain access to and steal more sensitive data. With Microsoft reporting that it takes hackers just 24-48 hours to gain control of a network via a privileged account, even the compromise of low-level accounts can be serious.

For example, a hacker could pose as a job seeker to target those in human resources (HR). Hackers rely on the fact that HR professionals are used to receiving and opening attachments from unknown senders to allow their ransomware to spread across a network. Additionally, if attackers do compromise HR emails, this gives them access to confidential and sensitive company information. 

Read also: The dangerous vulnerabilities caused by weak email security

Best practices for alert organizations

Understanding the human element

Comprehensive email security strategies like the use of strong passwords and email encryption can provide a higher level of protection against BEC. This, however, relies on employees following the rules and with 65 percent of people reusing passwords for multiple or all of their accounts and 73 percent of people using the same passwords for both work and personal accounts, this is easier said than done.

Likewise, research by the Harvard Business Review has found that 67 percent of employees admit that they fail to adhere to cyber security policies, with a failure-to-comply rate at an average of once every 20 tasks. In 85 percent of all cases where employees knowingly broke procedure they cited work-related reasons for doing so, including “to better accomplish tasks for my job”, “to get something I needed” and “to help others get their work done”.

So, companies must recognize that their cyber security policies need to both protect the company while also not preventing their employees from doing their jobs efficiently. Likewise, employees should be made aware of their role as those on the front line against email-based cyber attacks. Not doing so can cause employees to cut corners in the name of efficiency without understanding the ramifications, ultimately endangering the company. 

Read also: Top tips for cyber security training 

Introduce a robust backup strategy 

As cyber attackers may delete or poison uploads as they make their way through a company’s network, it is important that companies have safeguards in place to make sure they are still able to access important documents even in the case that they need to shut down the network. 

Cyber security researcher Alex Vakulov explains that having a ‘3-2-1′ backup strategy can help ensure the safety of critical data: “[Using the 3-2-1 method] two copies are stored locally on the same site but on different media. The third copy is separated from the previous two, for example it is kept in the cloud. Accordingly, if something happens to the first storage, then the data still remains in another storage in the [on premises] data center. If access to the entire data center is lost, a backup copy remains in the cloud.” 

By using multiple backups, companies can mitigate the risk and impact of business email compromise, allowing them to continue to function while also being able to shut down the network to stop malicious actors from gaining further access to it and/or poisoning or stealing data. 

Increase endpoint security 

In today’s digital climate, the number of devices in use across an organization has risen exponentially, as most employees need access to multiple devices in order to do their jobs. When paired with the emergence of hybrid or completely remote working and the move away from a secured on-premises network, this means that businesses must be constantly vigilant about endpoint security. 

This need is already being recognized in the cyber security space, with Cyber Security Hub’s own research finding that 44 percent of cyber security professionals say their company is currently investing in endpoint security

As well as protecting the devices on its network, companies need to protect the network itself. To do this, companies should increase their detection and response capabilities. This need has similarly been recognized by businesses, with the same research finding more than two fifths (42 percent) of companies are investing in threat detection and response.  

Conclusion: combine a human-centric approach with key software investments 

An employee-centric approach to ransomware and BEC threat prevention allows all employees to understand the risk of these threats. By shifting a security strategy approach to understanding the human element of these attacks, companies can help prevent these attacks by stopping them before they infiltrate the network.  

Additionally, companies should identify the areas in which they can invest to better strengthen their ability to protect against and respond to cyber attacks, including endpoint security, cloud storage and backup facilities, and detection and response software. 

This means companies have a double-layered threat prevention approach and are not solely reliant on endpoints and other technology to stop ransomware after it is activated. 


[ad_2]
Source link
1...1,4461,4471,448...1,452Page 1,447 of 1,452