Phishing attacks against business is escalating. You cannot afford to be complacent where computer / network security is concerned.
In Q2 of 2015, phishing attacks have increased by 38 percent. This is the result of sophisticated types of phishing attacks that is ever-growing. These phishing attacks are specifically designed to access corporate information.
Security analysts have examined a vast variety of phishing attacks campaigns that target financial gains or specific intelligence from businesses rather than consumers. As we reported earlier, the attackers are out to leverage the most effective method to generate a high profit yield at your expense.
From the findings, the security analysts found that the more sophisticated attacks are grouped into two categories:
Indirect phishing attacks - What constitutes a successful phishing campaign? It is a series of attacks that combines with organizational information from other sources such as LinkedIn. An example would be an employee using his / her own Apple device is tricked into giving away iTunes credentials as part of the attack, which can give access to contact or calendar information. Another vector (see Definition) that could prove vulnerable to attacks is cloud-based company email (such as from Office 365 or Gmail accounts) that an employee uses. Such emails could be easily phished, allowing attackers to send malicious emails that in all appearance look safe.
Direct phishing attacks – Cybercriminals are interested in login credentials for business systems. In the Q2 2015, security analyst found multiple examples of phishing attempts on Outlook credentials. It is not just email access that is interest to the cybercriminals, as email credentials are also used for domain logins. If that isn’t enough, other cloud-based services such as Dropbox or Google drive, are attractive target for attacks as they provide an attacker with valuable company data.
"We are seeing a shift in emphasis by the cybercriminals away from the mass-distribution 'nickel and dime' campaigns looking for quick-hit revenue that have been the staple of the cybercrime industry for the last 10 years or more, and toward using that same mass-distribution infrastructure for the dissemination of more highly targeted and powerful threats,” said the CTO of CYREN, a leader in internet security solutions.
If this trend continues, security experts will have real course of concern. This means that their enterprises will be exposed to an increase in volume of threats, with each having the ability of severely impacting their organization. In such a situation, security powered by “offline” technology models, such as periodic updates to local static databases, can no longer provide meaningful protection.
Definition
Vector – a platform used in a particular approach in order to penetrate a computer system’s security or propagate malicious software.
Source
1. Help Net Security.
2. Computer World (image 1).
3. USA Today (image 2).
The Week That Was
1. Facebook ‘Security Checkup’ tool for desktops. To further enhance you safety on Facebook, the company has started to roll out a new “Security Checkup” tool. It will be rolled over the coming weeks. Three areas are covered by this tool: log out or delete unused apps; receive warning to attempted account hijacks; choose a strong password. Security Checkup for mobile is expected to roll out soon.
2. Firmware can permanently compromised Macs. A couple of security researchers have discovered several flaws in the firmware installed on Apple computers, and have created a worm that can silently infect them. It’s has been dubbed Thunderstrike 2 (an improved version of Thunderstrike). The worm can be easily delivered by phishing emails or a malicious website. On top of that, this is a malware that can’t be easily detected as AV software and other security solutions don’t have the ability to check a system’s firmware.
3. Android vulnerability raps devices in ‘endless reboot’. Here we go again. Android users are facing another vulnerability that annoy them no end. Recently, we reported about Stagefright vulnerability in Android. Now researchers have discovered a dangerous security bug in the Android operating system that make you phone unresponsive and completely useless. The new vulnerability can be exploited by potential hackers and cause your phone to reboot endlessly. This vulnerability affects nearly 90 percent of Android devices running versions 4.0.1 Jelly Bean to 5.1.1 Lollipop.
4. Android users rejoice! On a happy note, Google has announced that Google will be pushing out and update to fix Stagefright vulnerability and the one mentioned in 3 above. The good news is that phone manufacturers will also be pushing out the fix soon.
5. Update Firefox to version 39.0.3. A new vulnerability found in Firefox is lurking in an advertisement that could steal your files and upload them to a Ukrainian server without your knowledge. All you need to do is load the page with the exploit and it will silently steal files in the background. Enterprise users can patch to 38.1.1.