Phishing

Watch Out For Reply-chain Phishing Attacks

August 31, 2022

Phishing. It seems you can’t read an article on cybersecurity without it coming up. That’s because phishing is still the number one delivery vehicle for cyberattacks.

80% of surveyed security professionals say that phishing campaigns have significantly increased post-pandemic.

Phishing not only continues to work, but it’s also increasing in volume due to the move to remote teams.

Many employees are now working from home. They don’t have the same network protections they had when working at the office.

One of the newest tactics is particularly hard to detect. It is the reply-chain phishing attack.

What is a Reply-Chain Phishing Attack?

You don’t expect a phishing email tucked inside an ongoing email conversation between colleagues.

Most people are expecting phishing to come in as a new message, not a message included in an existing reply chain.

The reply-chain phishing attack is particularly insidious because it does exactly that. It inserts a convincing phishing email in the ongoing thread of an email reply chain.

How does a hacker gain access to the reply chain conversation? By hacking the email account of one of those people copied on the email chain. Often, the target isn’t even aware.

The hacker can email from an email address that the other recipients recognize and trust. The attacker also gains the benefit of reading down through the chain of replies. This enables them to craft a response that looks like it fits.

They may see that everyone has been weighing in on a new idea for a product called Superbug. So, they send a reply that says, “I’ve drafted up some thoughts on the new Superbug product, here’s a link to see them.”

The reply won’t seem like a phishing email at all. It will be convincing because:

It comes from an email address of a colleague. This address has already been participating in the email conversation.
It may sound natural and reference items in the discussion.
It may use personalization. The email can call others by the names the hacker has seen in the reply chain.

Business Email Compromise is Increasing

Business email compromise (BEC) is so common that it now has its own acronym. Weak and unsecured passwords lead to email breaches. So do data breaches that reveal databases full of user logins.

Tips for Addressing Reply-Chain Phishing

Here are some ways that you can lessen the risk of reply-chain phishing in your organization:

• Use a business password manager
• Put multi-factor controls on email accounts
• Teach employees to be aware

2021 Cyber Attacks – Lessons To Apply For A More Secure 2022

December 30, 2021

Hackers have hit a wide variety of industries this year, from computer manufacturers to insurance companies, schools to the NBA. A review of prominent 2021 cyber attacks reveals a few common themes. And organizations that apply the lessons learned from these attacks can look forward to a more secure 2022.

No one gets a free pass
It would be difficult to describe the profile of a typical data breach victim in 2021. Large corporations like Volkswagen and Experian got hit. At the same time, even small, low-profile businesses suffered in the Microsoft Exchange and Kaseya attacks. Ransomware crippled hospitals, manufacturers, municipalities, retail and more.

No matter how big or how small, any organization with Internet connections can become a target of attack. Hackers continually hone their skills and add to their toolsets. Consequently, businesses cannot afford to relax their security stance. Get started early on your New Year’s resolutions by committing to invest in cybersecurity.

Apply security patches quickly
When hackers exploited vulnerabilities in the Microsoft Exchange server, they disrupted 60,000 companies and government agencies in the US. Microsoft released security patches quickly. However, many organizations delayed applying the patches. The attack group Hafnium then ran Internet scans to find and exploit unpatched servers.

Take the time to apply software and firmware updates quickly. Take it a step further and turn on automatic updates where possible. This applies not just to servers but to all devices with access to the system.

Step up endpoint security
The rapid switch to remote work completely changed the security perimeter for many organizations, and hackers took advantage. For instance, when insurance giant CNA sustained a ransomware attack, 15,000 devices were encrypted, including those used by remote employees.

When remote work takes center stage, organizations need to strengthen endpoint security. Begin by creating and updating an inventory of all devices connecting to the system.

Enforce strong authentication policies and keep endpoints encrypted. Additionally, monitor the endpoints for unusual activity when connected to the network.

Monitor those business partners
In April, the REvil gang attacked Quanta, a supplier for Apple. REvil used the attack to pressure Apple, claiming to have obtained secret blueprints for yet-to-be-released Apple products. Similarly, parking app Park Mobile suffered a breach because of a vulnerability in a third-party software app.

While strengthening inhouse security, organizations cannot forget about their business partners. Be sure to vet third parties, building security policies into vendor contracts. Then continue to monitor those relationships, including performing regular audits.

Automate the backup process
Fortunately, the list of 2021 cyber attacks includes some positive notes. Attackers hit Polish video game development firm CD Projekt, encrypting devices and accessing source code. However, because the company had quality backups in place, they were able to restore the lost data without paying the ransom.

For decades, security experts have emphasized the importance of performing regular backups. Automating the process takes the burden off IT and delivers peace of mind.

Strengthen authentication and identity management
In April, attackers used a compromised password to access the networks of Colonial Pipeline, disrupting gas supplies and causing panic.

As government officials investigated, they concluded that stronger protections, such as multi-factor authentication, could have prevented the attack.

Identity and access management form a critical component of securing valuable digital assets. Companies should assess and strengthen authentication methods and tighten access controls.

Take protective steps against phishing
According to a recent report on cybersecurity breaches, phishing remains the most common type of cyber attack. For instance, in an attack on Nebraska Medicine, hackers gained entrance to the system and planted malware, eventually exposing over 200,000 patient records.

To protect against phishing and other social engineering attacks, organizations should implement email filtering and continuous network monitoring.

But the most important safety measure remains addressing the human factor with regular, targeted security awareness training.

Treat 2021 cyber attacks as a wakeup call
Reflecting on the high-profile cyber attacks of the past year can provide both the motivation and a blueprint for addressing cybersecurity. And the cybersecurity experts at Tech Experts bring the expertise and tools you need to keep your data and networks safe.

Lessons Learned From The Colonial Oil Pipeline Attack

September 28, 2021

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

May 6, 2021 will be a day that goes down in history. This is the day the Colonial Oil Pipeline went down, causing a nationwide disruption. Even though the pipeline only services a portion of the east coast, the effects of the shutdown was felt across the country.

Gas prices skyrocketed, lines at gas stations were so long it took hours to get through, and gas stations were pumped dry as people bought gas and put it in whatever container they could gather just to assure themselves they would have enough to get through the closure.

If you think about it, this type of ripple effect is not confined to energy and utility providers. While the scale of the effect would not be at the level of the pipeline, the devastation it could leave in its wake for your business and your customers is just as likely. [Read more…] about Lessons Learned From The Colonial Oil Pipeline Attack

Don’t Let Working From Home Lower Your Guard

September 28, 2021

Wyatt Funchion is a help desk technician at Tech Experts.

When working from home or taking online classes for school, it is very easy for us to get caught up in our work and forget about the potential risks of using the Internet.

Whether you are using Zoom, assisting clients, writing assignments, or even just sending a simple email, cybercriminals have figured out ways to exploit our everyday tasks.

Email is one of the most vulnerable territories for users, and cybercriminals love it because it works. Phishing emails, which are emails that try to trick you out of your sensitive information, are one of the most common Internet threats and are easy to overlook if you’re overworked or in a hurry. Some can be extremely convincing, especially at a glance.

One of the best ways to keep your personal information and your work information protected is to avoid clicking links, opening attachments, and replying to emails when you don’t know where or who the email came from. Don’t provide them with extra information like a password, log-in, or anything else sensitive.

Cyberattacks are another common threat while working from home, and your computer and network are targeted just for existing. An easy way to prevent these attacks would be to use an antivirus suite.

These run in the background of your computer and automatically update themselves. They can protect against zero-day attacks (viruses taking advantage of security flaws before they are patched), malware, spyware, viruses, trojans, worms, and more. Some can alert you of phishing scams, including those sent via email, and alert you when a download is suspicious.

Something else that could put both your work and personal information at risk is your web camera. Cameras are used frequently for Zoom calls or Google Meets for both schools and employers and can be a huge risk if you have any documentation like passwords written in your workspace.

It’s also a big risk to your privacy in general, so make sure there isn’t anything else confidential in frame, such as personal phone numbers on a whiteboard.

A simple way to get rid of the potential risks would be to either unplug your webcam or cover it when it’s not being used. Sliding webcam covers are a good way to cover them and are fairly easy to install. They can be found in all shapes, sizes, and colors.

If your workspace is easily accessed by your family or you also use your personal computer for work, it can create threats for your company. Make sure to not leave your computer unlocked or open on any sensitive information that could be accessed by someone other than you. Another risk can be using your work account for personal use because you may not be as careful about what you access during your personal time versus work hours.

In the end, it is important to keep your work life or school life separate from your personal life.

Taking a few extra steps to make sure everything is secure can be the difference between a stolen identity or encrypted computer.

What’s Your Pocket-Sized Security Threat?

August 27, 2021

You guessed it. I’m talking about phones.

How many people in your business have a company-issued phone, or use their own to access company data like emails, client information, or documents? It’s probably a high number, right?

And your phone is a big risk to your data security. Smishing attacks (that’s the text message equivalent of a phishing email) increased 328% in 2020 and will probably significantly rise again this year.

That’s because it’s a goldmine for cyber criminals. 98% of text messages are read and 45% are responded to. So a smishing text is likely to yield good results for criminals.

Once your phone is infected, malware can monitor your calls and messages, download and delete your data, and if a phone is connected to your business network, the infection might even spread. [Read more…] about What’s Your Pocket-Sized Security Threat?

Companies Must Address Employees’ Lax Cybersecurity Habits

August 27, 2021

A third of employees picked up bad cyber security behaviors while working from home, according to Tessian’s Back to Work Security Behaviors report.

Despite the remote workers’ bad security practices, 9 out of 10 organizations prefer the hybrid workplace as COVID-19 restrictions eased. Similarly, 89% of employees want to work remotely during the week.

The firm advises business owners to consider the bad employee behaviors as organizations transition to hybrid workplace models.

As employees go back to the office, businesses need to address changes to employees’ security behaviors since they have been working remotely.

Most employers are wary that the post-pandemic hybrid workforce would bring bad cybersecurity behaviors.

More than half (56%) of employers believed that employees had picked bad security practices while working remotely.

Similarly, nearly two-fifths (39%) of employees also admitted that their employee behaviors differed significantly while working from home compared to the office.

Additionally, nearly a third (36%) admitted discovering ‘workarounds’ since they started working remotely.

Close to half of workers adopted the risky behavior because they felt that they weren’t being watched by IT departments. Nearly a third (30%) said they felt that they could get away with the risky employee behaviors while working away from the office.

However, small businesses placed more confidence in their employees while transitioning to the hybrid workplace.

Over two-thirds of business owners believed that their staff would observe their company’s cybersecurity policies.

Many employees are unlikely to admit cutting corners

The fear or failure to report cybersecurity mistakes was a huge cybersecurity risk for organizations. A quarter of employees refused to report such mistakes believing that nobody would ever discover them.

Similarly, more than a quarter feared reporting cybersecurity mistakes to avoid potential disciplinary actions or being forced to take additional security training.

However, younger employees are more likely to admit cutting corners, according to the Tessian report.

More than half (51%) of employees between 16-24 years old and 46% of those between 25-34 years old were more likely to admit circumventing the company’s security protocols.

“Create a security culture that encourages people to come forward about their mistakes, and support them when they do,” the authors suggested.

Personal devices will undermine the network perimeter in the hybrid workplace

Some of the security threats and challenges experienced when people work fully remotely would be imported into the new hybrid workplace.

While many employees used infected devices for remote access during the pandemic, some would bring them to the hybrid office. Company leaders now have to shift to a new security architecture for good – one that involves zero-trust network access, endpoint security, and multi-factor authentication.

Phishing and ransomware attacks are major challenges in the hybrid workplace

Ransomware attacks were also a major concern for more than two-thirds (69%) of companies who believed that the hybrid work environment would be a target for ransomware attacks. These attacks posed a business continuity threat to targeted companies.

Similarly, phishing attacks concerned over three-quarters of IT decision-makers who believed that credential phishing would only exacerbate in a hybrid workplace.

They believed that employees were more likely to expose company data in public or fall for phishing scams impersonating airlines, booking companies, hotels, or senior executives on a business trip. In fact, “back to work” phishing emails were a concern for 67% of IT leaders.

Phishing was the gateway to ransomware attacks. Consequently, successfully blocking phishing exploits reduces the chances of a ransomware attack.

“Stop phishing, business email compromise, account takeover attacks, and social engineering scams, and you significantly reduce the risk of ransomware,” the report authors noted.

However, bad employee behaviors, such as failing to report clicking phishing links, made it harder to stop these attacks.

Human Error: The Reason Why Cybercriminals Love Email

June 22, 2021

Mark Funchion is a network technician at Tech Experts.

Defending your data network against viruses, malware, ransomware, and other threats is a never-ending battle. Some attacks can be very sophisticated, using extremely complex techniques to try and exploit even the most secure networks. However, the vast majority of threats to your network – over 80% – are delivered through a very basic method: email.

Email is a common tool that many of us use constantly at work. Oftentimes, we use it without giving much thought to what we’re doing or what we’re opening.

It’s normal for co-workers, clients, or new prospects to communicate and share files with us via email. The file can be a document, spreadsheet, PDF, etc., but the fact is that it’s common and repetitive to us.

Like anything we do frequently, we can develop muscle memory. Think about the program guide on your TV – you probably navigate the menus without thinking. After an update or a provider switch, those menus can change and you might click the wrong buttons out of habit. No harm there.

But consider making the same mistake when a document is sent to you. The message arrives, and you briefly glance at who it’s from. Maybe you recognize them, maybe you don’t. You see an attachment, and you open it out of habit. The file is infected, and in less than a second, the damage has begun.

Like it or not, the people who are attacking your systems are running a business. Like any business, they are concerned with the return on their investment. Developing high-end, sophisticated attacks takes time and skill, which is expensive to do.

However, minimal skill is required to send an email – and that process can be replicated to hundreds of thousands of users with a simple click of a button. And almost everyone working today might accidentally open an email with little to no thought.

For small businesses, having a firewall, an email filter, and anti-virus software is a must. We can help install and maintain that infrastructure. Unfortunately, the methods that attackers use to slip under your defenses are always changing.

It is important that you and your staff – the end users who do the clicking – still do your part and remain vigilant. Attackers send such a high percentage of attacks through email because of that human element. It works.

It’s essential that you fight your muscle memory and treat email like physical mail. Look at what is being sent, who it is from, and if there is anything attached. If anything seems off, do not open it. Always err on the side of caution.

Also, if you do open something you shouldn’t, it’s better to notify your IT department or provider of a potential issue so they can look at what you were sent.

Often, I have observed someone get a suspicious message, open it, notice something is not right, then forward it to a co-worker for help. By sending the message on, there is a potential to increase the scope of damage done.

Those looking to do harm and steal information will always try the path of least resistance. All the security in the world can’t stop an intruder if you open the door for them.

The same caution you take at home when an unexpected knock is heard should be how you handle all email. Consider the source and content, and if you have doubts, don’t open the message. Delete it.

Malware will never be fully eradicated – cybercriminals will make sure of that – but you can do your part to make sure you do not infect your PC or business.

Over $1 Trillion Lost To Cyber-crime Every Year

April 21, 2021

$1 trillion! That’s a lot of money. And it’s a figure that’s increased by more than 50% since 2018.

In 2019, two-thirds of all organizations reported some type of incident relating to cyber-crime.

You could make a sure bet this figure rose significantly last year, thanks to criminals taking advantage of the pandemic.

It’s easy to look at big figures like these and not relate them back to your own business. But here’s the thing. The average cost of a data breach to a business is estimated to be around $500,000.

Phishers Lure Targets In With COVID-19 Schemes

April 21, 2021

Mark Funchion is a network technician at Tech Experts.

You may have noticed that we talk about phishing a lot. Unfortunately, phishing is an issue that will never go away and the tactics change constantly. That constant change makes it difficult, if not impossible, to eliminate as a threat.

Fortunately, there are red flags that end users can keep an eye out for.

If you get an email that answers a common demand, treat it with a high level of skepticism.

For example, a few years ago when the Nintendo Wii was hard to find and a lot of people wanted them, a lot of “Click here to buy a Wii now!” emails went out. I think you can guess how many people actually got a Wii through those schemes.

Well, it’s not Christmas, but the ongoing hot topic in the world is COVID-19 and its vaccine.

As we strive to return to normalcy, there are people who want the vaccine who do not qualify yet, are on a waiting list, or want to get it in a quick and easy way.

Attackers know this. In fact, they count on it. Phishers rely on human nature, and that is what makes it hard for the end user: you have to go against your basic human emotions.

All emails should be evaluated as if they are a phishing email. Look for the standard warning signs such as an offer that’s too good to be true, misspelled words, or if the wording of the message is a little off. Some are very obvious. Some are more subtle.

The attackers may also appear as though they are from a reputable company like a national pharmacy chain, a local doctor, or a large hospital system.

However, the typical format legitimate providers follow is that they’ll send you information on the vaccine and remind you to contact your health care professional to schedule an appointment.

Another example of the phishers’ methods is that they’ll send a link asking you to verify your information to determine eligibility (or even a link to buy the vaccine from a supplier).

Again, red flags. Take a moment to ask yourself why – when the vaccine distribution is so controlled – would a random person have a surplus of product?

These are all pretty basic ideas, but it is easy to get lax in proceeding with caution. It’s even more of a challenge to stay alert when the attacks are using current events to their advantage.

The days of free money from a “Nigerian Prince” are mostly over, but almost everything we do right now is influenced by COVID.

If and when you get the message asking you to “click here to verify your vaccine eligibility,” don’t do it. Next month, when you are hit with messages for updates on your taxes or missing money, don’t click on those either. Later this year at Christmas, don’t click on the link for the discounted, hot item everyone wants. And in 2022… rinse and repeat.

Phishing will always find a way to be relevant, and you can never let your guard down.

Handle Your Email With Care (Even With A SPAM Filter)

March 31, 2021

Mark Funchion is a network technician at Tech Experts.

A lot of the communication we do today is by email. Naturally, that makes it a favorite avenue for malicious individuals to attack your system. A SPAM filter can help considerably, however nothing is 100% effective – and there is a fine line between “too aggressive” and “not aggressive enough.”

Turning up the aggressiveness of the filter may stop the bad mail while at the same time improperly labeling legitimate messages as SPAM. Even with a SPAM filter, you should handle your email with care.

Here are a few tips to potentially save you from opening a message or attachment that is nefarious in nature.

The first rule is “just don’t do it.” It is tempting to just click that link or open that attachment.

You may even do it without a second thought. Scam emails can be very sophisticated, and they will often look like they are real.

Before you do anything, take a moment and consider a few things. If you are sent an attachment from someone you don’t know, never open it. If the fishy attachment or email is from someone you do know but it was not expected, reach out the sender to make sure they actually sent it.

Next, don’t jump the gun on clicking links that are sent to you. Links are easy to manipulate; they can be made to look legitimate, but they’ll actually take you to a different site or start downloading a program or virus.

With links, there are two things you can do.

First, you can open a browser and go directly to the site to bypass all links. This is the safest option, especially when you get an “urgent alert” about your account that “requires immediate action.”

If you can’t go to the page directly through the website, you can hover your cursor over the link. A box will pop up previewing the destination you’re actually being sent to.

If a link looks strange and doesn’t match the company website, don’t click on it. Also, look closely at the link as it may look just like a real one at first glance. Unless you are 100% sure the link is legitimate, do not click on it.

Another giveaway is that the message is poorly written with a lot of grammatical errors. If the message sounds like whoever wrote it doesn’t use English as their first language (and it is not from a foreign company you do business with), delete the message. Do not open or click on anything in the message.

The last point is that it’s usually not a good idea to unsubscribe from scam emails.

This may seem counterintuitive, but when you unsubscribe, you usually put your email address in to confirm you no longer want these messages.

Unfortunately, that lets the scammer know your email address is active. They will continue to send emails to this account or may sell it off as an active email.

Rather than unsubscribe from the email, block the sender. They will not know your email is active, and if they do send another message to you, it will not be received.

SPAM filters are great and they are essential. Still, remember that they are not 100% effective. Even with protection in place, it is wise to proceed with caution.

Take a moment to look for signs that the message is not from who it seems. These few seconds can save you a lot of time and money by avoiding disaster.

« Previous Page