Your System is Under Attack

Written By Larry Quinn

Phishing attempts, malware, Trojan horses, and ransomware are all threats to private information.  While many rightly believe we as a nation are actively involved in cyberwarfare, not enough private businesses treat these threats seriously.  Tellingly, billionaire businessman Warren Buffet calls cybercrime one of the top problems with mankind; and cyberattacks as big a threat to humanity as nuclear weapons.

 What most people consider “the internet” is only a small fraction of the total web.  The rest of that material, referred to as the Deep Web, cannot be accessed by search engines.  This deep area of the Internet is characterized by the unknown—unknown breadth, depth, content, and users. This can be databases, academic journals, publications that are not linked to other resources, VPN’s, and the Dark Web. The deepest part of the Deep Web, the Dark Web, is intentionally hidden.  It is used, among other things, to conceal and promote criminal activities. Cyber-criminals can buy and sell malicious software (malware), Ransomware as a Service (RaaS), and cyberattack services. They use these tools to strike victims — including businesses, governments, utilities, and essential service providers anywhere in the world.

PHISHING

Most, if not all, of us have experienced phishing.  Phishing is “the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details or other sensitive details, by impersonating oneself as a trustworthy entity in a digital communication.” Threat actors use phishing to convince us to provide personal information at a fake website. There are several forms of phishing including:

  • Spear phishing Attackers often gather and use personal information about their target to increase their probability of a successful attack. Within organizations, spear phishing usually targets executives or those that work in financial departments that have access to the organization's sensitive financial data and services.

    • Whaling refers to spear phishing attacks directed specifically at senior executives and other high-profile targets. The attackers will target an upper manager and the person's role in the company with an executive issue, such as a subpoena or customer complaint.

    • Social phishing, a form of spear phishing, leverages friendship information from social networks. Similarly, catphishing is a type of online deception that involves getting to know someone closely to gain access to information or resources of the target.

  • Clone phishing legitimate and previously delivered email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a resend of the original or an updated version to the original. Typically, this requires either the sender or recipient to have been previously hacked for the malicious third party to obtain the legitimate email.

  • Tabnabbing takes advantage of the victim with multiple open tabs. This method redirects the user to the affected site. This technique operates in reverse to most phishing techniques in that it does not directly take the user to the fraudulent site, but instead loads the fake page in one of the browser's open tabs.

Most types of phishing involve social engineering, when users are psychologically manipulated into performing an action such as clicking a link, opening an attachment, or divulging confidential information. Users can be encouraged to click on different kinds of unexpected content for a variety of reasons.

If phishing is the action, spoofing is the means. Spoofing is the misuse of someone’s email address to disguise the true sender’s identity. The sender information shown in e-mails can be spoofed easily to hide the origin of the email.

Misspelled URLs or the use of subdomains are common tricks used by phishers. They can even create web addresses visually identical to a legitimate site. Phishers have sometimes used images instead of text to make it harder for anti-phishing filters to detect commonly used text in phishing emails. To avoid anti-phishing techniques that scan websites for phishing-related text, phishers sometimes use Adobe Flash (a technique known as phlashing). These look very similar the real website but hide the text in a multimedia object.

Covert redirect performs phishing attacks that make links appear legitimate but redirect a victim to an attacker's website.

For example, suppose a victim clicks a malicious phishing link beginning with Facebook. A popup window from Facebook will ask whether the victim would like to authorize the app. If the victim chooses to authorize the app, the victim's personal sensitive information could be exposed. This information may include the email address, birth date, contacts, and work history. The attacker could possibly obtain more sensitive information including the mailbox, online presence, and friends list. Worse still, the attacker may possibly control and operate the user's account. Even if the victim does not choose to authorize the app, he or she will still get redirected to a website controlled by the attacker. This could potentially further compromise the victim.

DID YOU KNOW one of the most effective tools to prevent successful phishing attempts is employee training?

CoffeeTree Group can help develop a training plan for your company. Call us now at 248-526-3315 and setup a FREE 30-minute meeting with a trusted advisor. 

RANSOMWARE

Ransomware is a type of malware that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return, often threatening permanent data destruction unless the ransom is paid. It has been predicted there will be a ransomware attack on businesses every 11 seconds this year, up from every 40 seconds in 2016.

Ransomware has reached epidemic proportions globally and is the most common method of attack for cybercriminals. The FBI is particularly concerned with ransomware hitting healthcare providers, hospitals, 911 and first responders. Because these cyberattacks can impact the physical safety of American citizens, FBI cyber division is focused on this frontline.

Cybercrime has become so profitable over the last 5 years that Ransomware as a Service (RaaS) has become a valuable commodity. Threat actors have designed “plug and play” ransomware to be purchased and used by cybercriminals.  This allows someone who does not have the skills to design ransomware themselves to enter the cybercrime world.  In those cases, the original seller of the RaaS receives a percentage of the ransom.  Simple images sent to cellular or tablet devices can hold encrypted malware within them,

DID YOU KNOW regular backups to offsite storage can minimize data loss in event of a successful ransomware attack?

CoffeeTree Group can implement a backup protocol and provide offsite storage for your data. Contact us now to see how we can help your business sales@coffeetreeegroup.com

TROJAN HORSE

A Trojan horse is not a virus. It is considered malware. Unlike a computer virus, a Trojan Horse doesn’t replicate itself by infecting other files or computers. It may end up downloading viruses onto your machine, but it is not itself a virus. Today Trojans represent one of the most successful and common malware attacks.

Once a Trojan horse is installed, it can accomplish a variety of attacks. Below are some of the more common attacks Trojans can perpetrate once installed on a computer system:

  • Create a backdoor   A Trojan horse can create an unauthorized access point for the attacker to access your machine. The Trojan itself can also send information back to a server controlled by the attacker.

  • Steal your information Many Trojans are designed to hunt for and funnel your personal and financial information. This works in conjunction with a backdoor.

  • Download more malware & viruses     Some Trojans will target your already infected computer and download additional malware and viruses.

  • Take control of your computer     This is often done to perpetrate Distributed Denial of Service attacks (DDoS), for example. In a DDoS attack, the attacker(s) uses your machine (and others) to take a server offline by flooding it with traffic from the machines under their control.

  • Send costly messages    

  • Ransomware Trojans     Some Trojans are ransomware or a gateway to ransomware.

DID YOU KNOW CoffeeTree Group partners with some of the best cyber defense platforms available to provide continuous security monitoring?  Click Here to setup a quick meeting      

CoffeeTree Group (CTG) has critical program experience in developing, sourcing, delivering and supporting cyber security solutions for clients.  Leverage AI to fight ransomware – we can help you get there.  Let us help you drive innovation, lower risks and get results. 

Need assistance?  Let’s discuss your challenges:  Call today at 248-526-3315 or email us value@coffeetreegroup.com for an immediate consultation.

Larry Quinn
Previous

CTG: C-Store/QSR IT Service Disrupter
Next

IT’s Importance to the Internal Customer UX