There are many ways that hackers have attempted to subvert the advanced security precautions implemented by enterprises and small businesses alike, but some of the more recent and crafty ones include sending threats through seemingly legitimate sources, like social media. The latest in this string of attacks includes Google Docs, and it is problematic for a number of reasons.
Data breaches are a modern reality, and they’ll still be around in the new year. While it is obviously preferable for your business not to fall victim to one, that isn’t always something in your control. Therefore, it is better to have planned ahead, so that your operations can continue and you can more effectively keep your contacts apprised of the situation. Let’s discuss what you need to do.
While some threats don’t waste any time when they install themselves on your devices, like ransomware and malware, others tend to lurk in the background on your device and cause problems without being detected. A threat called MosaicLoader is one such threat, and it’s a pretty serious issue for businesses.
The past few years have been nothing if not tumultuous for businesses of all shapes and sizes, which has only exacerbated the shifting terrain we’d expect to see in a business’ cybersecurity needs and threats. Let’s take a few moments to examine what 2022’s cybersecurity landscape is likely to look like, considering what we’ve seen recently.
You’ve no doubt seen the concept of “streaming” online at some point or another, whether it’s consuming content on Netflix or Youtube. However, content creators with an established fan base can stream their content on Twitch to make a living. If you have ever wondered how much some of these creators make, well, a recent hack has exposed this information and created a whole kerfuffle that must be addressed by Amazon.
Yet another major vulnerability has been discovered, this time in Microsoft’s MSHTML browser engine. The vulnerability, discovered and tracked by Kaspersky, is currently being exploited all over the world. As such, it is critical that you know how to avoid vulnerabilities like this so that you do not inadvertently allow a hacker onto your network.
If we told you that it is possible for others to hire hackers to launch attacks against your business, would you believe it? Well, we hope so, because it is very possible and more common than you might think. Comparitech launched an investigation into the average prices of various hacking services on the Dark Web, and you might be surprised by how affordable and accessible they are. This is just more reason to take network security seriously.
Numbers are still coming in as far as how widespread this issue is. As of Monday, cybersecurity firm Kaspersky Lab said potentially thousands of Asus computers were infected, but on Tuesday that number has potentially broken a million. How Could My Asus Laptop Get Hacked? This type of attack is called a Supply-Chain Compromise and is one of the most frightening kinds of cybersecurity threats out there. Asus’s software update system was compromised by hackers, putting a backdoor into consumer devices. The scariest part is that this backdoor was distributed last year and it’s just being noticed now. The good news is this has given Asus plenty of time to plug up the security holes on their end, but if you own an Asus device there is still a chance that it is infected with malware from the initial attack. What Do I Do Now? First and foremost, no matter what brand of computer or laptop you have, you need to make sure you have antivirus, and that antivirus needs to be licensed and kept up-to-date. If you have an Asus device, Asus has released an update in the latest version of their Live Update Software. They’ve also patched their internal systems to help prevent similar attacks from happening in the future. You’ll want to make sure you have Live Update 3.6.9 installed. Asus has also released a security diagnostic tool that will check your system to see if it has been affected. Click here to download the tool. We HIGHLY encourage you to reach out to SRS Networks if you are running any Asus hardware. It’s better to be safe than sorry.
While these potential threats are frustrating to look out for, that is exactly what needs to be done to prevent their success. Here are five tips to help you spot a phishing attack before it is too late. Extreme Urgency When somebody is trying to phish you, they often rely on you panicking and not fully thinking through the message. That’s why, whenever you receive an email labelled “urgent” and written in an intimidating tone, you need to take a few breaths and consider it a little more. There is no questioning that email is an extremely valuable communication tool, but at the same time, would it really be how you sent someone an urgent, time-sensitive message over something like a phone call? Even if it does come in via a phone call, any message you receive should be carefully considered before you act. Attachments Email gives business users so much utility, but that also lumps in those who make cybercrime their business as well. Email makes it much easier for a cybercriminal to send along a malware payload, hidden inside an attachment. Therefore, you should never click into an email attachment that you didn’t anticipate receiving, and even think twice about the ones you did expect. Many organizations—like financial institutions and the like—are favorite ruses of cybercriminals, despite the fact that these organizations will either use a dedicated solution to reach out to you or call you directly before sending along an attachment. Unless you know with confidence what an attachment contains, it is best not to click on it at all. Spelling and Grammar Errors Let me ask you a question: if you were to receive any kind of written correspondence from a business, whether it was an email, a letter, what have you, would you take that business seriously if it was riddled with mistakes and misspellings? Unlikely. Businesses are generally very aware of this, and usually put forth the effort to ensure that the materials and messages they send out are carefully edited before they distribute them for this very reason. Would you trust this blog if every other sentence featured a misspelled word or misused punctuation mark? In a phishing message, however, the individual writing it is actively banking that their reader won’t be paying too close attention, making such errors less important. While this isn’t a hard and fast rule, it is a good way to keep your business safe. Requests for Personal Information In a similar vein, does it make sense that a business that presumably already has your sensitive information would reach out and ask for it again via email? No, it doesn’t, and that’s why legitimate businesses tend not to do this. While this is also a generalization and there will be exceptions, a scammer will generally be the only party to request sensitive and personal information over email. A legitimate business will have a different tool they use to collect this data if they need it, as they need to abide by the compliance and security requirements that are likely imposed on them by some regulatory body. Suspicious Links Finally, we need to discuss links, particularly those that come included in a surprise email. Links are remarkably easy to manipulate, so while you may think you’re visiting another business’ website […]
Advance-Fee Fraud and Its Origins Believe it or not, those emails have their roots in the 18th and 19th centuries, where scammers wrote letters to their targets begging for some small financial assistance in exchange for a significant reward. Rather than a Nigerian prince seeking escape from political turmoil, one such attempt featured a wealthy Spanish prisoner that needed to be smuggled out of Spain and required some investment to bribe the guards. These scams continued over the years, appearing in French investigator Vidocq’s memoirs and reports of other transnational scams exist from 1922. Today, these advance-fee scams are most recognizable in the form of the Nigerian Prince scam, as referenced above… and thanks to the Internet, they are far more prevalent, as there aren’t even postal costs to prevent scammers from using them on a widespread basis. Why These Scams are Notoriously Obvious One would think that, as a scam that has become the go-to example of a scam, cybercriminals would have abandoned it long ago—or at least worked to make them more convincing. So, why are these scams still around, and still so transparent? In 2012, a researcher for Microsoft named Cormac Herley asked the same question and conducted a project to find the answer. His conclusion was brilliantly simple: these scams allowed hackers to weed through potential victims to find the ones most susceptible to their efforts. Cyberattacks aren’t free for cybercriminals to carry out. So, just as anyone who invests in something would want, they want to see the greatest return for that investment. In a cybercriminal’s terms, this translates to the highest number of successfully scammed people who comply with their demands. Just like in any business, a cybercriminal will want to minimize the number of false positives (in this case, targets that never send over any money). Looking at it from an economic perspective, the higher the number of false positives the cybercriminal invests in, the lower the net payout for them. After compiling statistics and going through the numbers, it became apparent to Herley that cybercriminals use the now-infamous word “Nigeria” in their scams to eliminate these false positives more effectively. Essentially, by using that word early on in their interaction with a potential victim, cybercriminals were able to shrink their target pool to only the most gullible or naïve people they had found. By cutting out the false positives early in the game, scammers could minimize their investment without sacrificing any payoff. All the grammatical errors, misspelled words, and far-fetched tales just serve to eliminate the people who ultimately wouldn’t be fooled anyway. For more detail, you can find documentation of Herley’s process here. How to Keep Your Business Safe Of course, not all scams operate this way, so it is still important for you and your team to know what to keep an eye out for. The Federal Bureau of Investigation provides the following list of rules to follow to avoid scams: If something sounds too good to be true, it is safe to assume it is. If you receive correspondence from someone asking for money or information, go through the proper steps to confirm the message’s legitimacy through other means, like a phone call. Have a professional go over any agreement you’re about to enter so that you can fully […]