Last month, cyber attacks aimed at small businesses were examined and the most prevalent type of attack used was phishing emails. Small businesses have been targeted repeatedly mainly because of their weaker security protocols they have in place. The attackers exploit these vulnerabilities to steal information and gain access to valuable business resources.
An example of the attacks using phishing emails seen recently contained emails posed as notices from the Better Business Bureau and claimed a customer had filed a complaint against the recipient, but the notes actually contained links to malware created with the Black hole exploit kit. This type of email
These type of attacks are not new but attackers are becoming more sophisticated in their method of delivery to disguise their intent. The delivery of these emails with URLs embedded linking them to sites aimed at stealing information. As common of an occurrence this is for attackers, it still proves to be effective.
To protect yourself from these attacks, it is best to educate employees on the types of attacks and update security to protect from malware infecting your system. To read more go to:
http://www.inc.com/magazine/201312/john-brandon/hackers-target-small-business.html
http://www.ittechnewsdaily.com/254-small-business-cyber-attacks.html
http://www.aa.com/i18n/urls/phishingEmails.jsp?anchorLocation=DirectURL&title=phishing
A CISOs Guide on Cybersecurity
Sunday, February 15, 2015
Sunday, February 8, 2015
Anthem Data Breach- things to consider afterwards
Anthem, a health insurer company, alerted customers Wednesday that it suffered an attack that resulted in 80 million users information being stolen. The stolen personal information includes residential addresses, birthdays, medical identification numbers, Social Security Numbers, email addresses and some income data belonging to both current and former customers and employees, including its own chief executive.
From a security standpoint, this is worrisome. The first area of concern is what vulnerabilities are present that can allow for the compromise of 80 million users information. It is to be estimated that the malicious hackers may have infiltrated the Anthem’s networks by making use of a sophisticated malicious software program that gave them access to the login credential of an Anthem employee, thereby breaching 80 million customers.
Next, there is email scams that have increased for customers affected. Almost immediately after the attack occurred. Anthem warned about the email scam in a statement saying that the emails appears to come from Anthem and ask recipients to click on the attached link in order to obtain credit monitoring. Do not click on such links and do not provide any information on any website, Anthem advised its customers.
Overall, this is the largest breach of personal information being stolen in recent times and based on how attackers are gaining access requires security personnel to be alert and proactive to identify vulnerabilities before suffering a catastrophic attack. These prevention techniques may not eliminate the threat, but may provide ways to decrease the amount of data stolen.
To read more, go to:
http://thehackernews.com/2015/02/anthem-data-breach.html
From a security standpoint, this is worrisome. The first area of concern is what vulnerabilities are present that can allow for the compromise of 80 million users information. It is to be estimated that the malicious hackers may have infiltrated the Anthem’s networks by making use of a sophisticated malicious software program that gave them access to the login credential of an Anthem employee, thereby breaching 80 million customers.
Next, there is email scams that have increased for customers affected. Almost immediately after the attack occurred. Anthem warned about the email scam in a statement saying that the emails appears to come from Anthem and ask recipients to click on the attached link in order to obtain credit monitoring. Do not click on such links and do not provide any information on any website, Anthem advised its customers.
Overall, this is the largest breach of personal information being stolen in recent times and based on how attackers are gaining access requires security personnel to be alert and proactive to identify vulnerabilities before suffering a catastrophic attack. These prevention techniques may not eliminate the threat, but may provide ways to decrease the amount of data stolen.
To read more, go to:
http://thehackernews.com/2015/02/anthem-data-breach.html
Sunday, February 1, 2015
"MAGNET" new malware that uses social media tagging to spread rapidly
 |
| MAGNET malware example link |
Over the last two days, a malware program used to infect and steal data from social media users has infected over 110,000 users on Facebook, primarily those trying to access video links from the site. The reason being is that it poses a Flash update once you click on a link and then inserts a Trojan horse into the users system to hijack one's keyboard and mouse controls in order to facilitate stealing usernames, data, and passwords.
This new technique also enables the malware to keep a low profile, while also displaying itself publicly on your profile, and this is only the reason how the malware infected so many Facebook users just in two days. Another part is the malware exposes what link you have clicked on to everyone, exposing inappropriate site selections. In the new technique, which is called 'Magnet,' the malware gets more visibility to potential victims by tagging the friends of the victim in the malicious post, infecting other rapidly. A tag may be seen by friends of the victim's friends as well, which leads to a larger number of potential victims. This will speed up the malware propagation.
Overall, this malware has not been publicly announced by Facebook and it has to the potential to expose data of users without their knowledge. The best defense is not to click on links to videos you cannot confirm the source to. Just because a friend's name is linked to a post or link doesn't make it factual or reliable.
To read more, go to:
Subscribe to:
Comments (Atom)