Category Archives: phishing attacks

Detecting and Defending Against Phishing Attacks

One of the most persistent security challenges is phishing. This is true for both organizations and individuals. Whether gaining access to credit card information, security passwords, or any other sensitive information, hackers can use different techniques, such as social engineering, emails, phone calls, and other forms of communication, to steal data. This opens up businesses as worthwhile targets, since they have valuable data on hand.

In order to help businesses avoid losing data from phishing attacks, we’ve gathered information from different security experts to share their views on this and the best practices that companies can do in order to protect themselves. We’ve compiled the answers below:

Question: What is the single biggest mistake a company can do that makes them vulnerable to phishing attacks?

Answer from security experts:

  • When the company does not invest in the right tools and they do not provide proper training to their people about their role in information security.
  • Browsing the internet carelessly.
  • Not having proper policies that outline how to react to suspicious emails.
  • When organizations are run in an authoritarian style where employees are trained to simply follow instructions, which leads them to easily giving up information.
  • The same can be said for organizations that have a culture where asking for help is frowned upon.
  • Not using a multi-layered approach to detect, analyze, and stop phishing attacks.
  • Spear phishing is becoming more and more popular to target specific employees, so there is a bigger need to train employees about protecting their data.

While there are any different specific things that the security experts mention, there is one in common that can be picked out from these: Phishing attacks are geared toward people. Hackers use social engineering in order to get the information they need from company employees. This strengthens the fact that training employees on phishing defense is crucial to stopping these attacks.

It also highlights the importance of crafting proper policies and protocols in the event of such attacks.

Question: What are the common ways that hackers attack?

Answer from security experts:

  • Sending a link through email that opens a malicious website.
  • Placing a trojan in the target’s computer through an email attachment.
  • Creating a spoofed email to look as reputable as possible and tricking the receiver.
  • Impersonating a vendor or IT department and calling via phone.
  • A technique where content with malicious intent is injected into the company’s website to obtain passwords.
  • Hackers positioning themselves in the middle of the company and their customers to capture any and all information transmitted between them.
  • DNS-based phishing attack that forces people into a malicious website when they try to visit the target website.

Question: How can we defend against phishing attacks?

Answer from security experts:

  • Use an SSL certificate on your website to protect all information transmitted between the web server and the visitor’s browser.
  • Provide proper and regular training to employees about phishing, how to identify it, and what to do when they suspect an attack.
  • Ensure that all security tools, protocols, and controls are up to date. Also, take note of new developments in the IT industry about tools and new types of attacks, to be able to adapt the company’s defenses.
  • When a payment page is needed for your website, make sure to use a securely hosted page. This is the best practice in order to secure credit card information being transmitted over the internet.
  • Create a filter that can detect the most common types of spam and phishing attacks. This should be also able to identify attachments and filter malicious ones.
  • Use an antivirus solution for each endpoint device, as well as the entire network.
  • Encrypt the sensitive data of the company so they are difficult to open even when stolen.
  • Use a web filter in order to block malicious websites from even opening on your network.
  • Disable HTML email feature within the organization, which will reduce the risks of phishing attacks
  • Make sure to require proper encryption for all employees who telecommute or work remotely.

Remember, all it takes is for one employee to take the bait, and the organization can fall into chaos. The IT department can set up several layers of defense against such attacks as mentioned earlier, but each employee needs to participate in ensuring that all data is protected. Do not open suspicious emails, avoid browsing malicious websites, and never open an attachment from an email that you do not know the sender. These are just a few simple best practices that can be adopted by each employee in order to deter phishing attacks.

Also Read,

Phishing Attacks Targeted At Nokia Smartphone

London Blue Cybergang List 50,000 execs for Phishing Attacks

On Phishing Attacks and the Companies That are Targeted the Most

The post Detecting and Defending Against Phishing Attacks appeared first on .

Phishing Attacks Still Trending And On The Rise

GreatHorn, an incident-response consulting firm has released their Email Security, Challenges, Trends and Benchmark Report 2019 revealing that the corporate world and email users, in general, has not yet learned its lessons with regards to safeguarding from phishing attacks. The study GreatHorn said aims to increase awareness with regards to email-based threats and the continued desperate actions done in order to somehow contain it. The study is the result of the carefully extracted responses from a group of 1021 email system administrators and other professionals using email on their day-to-day jobs across the board (all industries). GreatHorn takes pride in having diversified respondents for the study, 56.8% of them representing the email security professionals that administer email service for their organizations. The rest of the sample, 43.2% of the respondents are categorized as people inside the organization that have nothing to do with email security setup, adjustments, and changes.

Key takeaways:

  • Compared to the last report, damage control needs after handling an email security issue rose to 34%. That is a significant rise compared to the 20% remediation rates from the previous report.
  • Email-based threats increased, as the report covers the population size of 1021, 22% of them admitted that their respective organization has a reported incident of a data breach in the past three months.
  • 49.8% of people participated in the study insisted that their mailboxes contain undesirable content, usually emails containing infected attachments and/or phishing content.
  • There is a gap of email threat knowledge between the IT professionals/IT enthusiast vs how ordinary Joe thinks about after watching how their offices operate their email system irresponsibly. The only way to harden the email system is to offer training for those white-collar professionals but not fully trained in IT.

“In short, the current state of email security is shaky. Email security professionals need to be more vigilant as end-users are seeing more threats making their way to inboxes—25% more compared to last year,” explained the GreatHorn report.

This highlights the need for CISO (Chief Information Security Officer) to have real decision-making powers. As email becomes part of Software-as-a-Service (SaaS), the exact responsibility for email security and privacy falls more on the service provider instead of the local IT team. The obligation to counter phishing attacks belongs to the service provider, and lesser to the company itself. “More than one-quarter of email security professionals report that payload attacks (e.g. malicious/suspicious attachments or links)—despite being the threats most heavily guarded against—are still making it through their cybersecurity defenses,” added the report.

Though more companies are going to the direction of Google Docs or Office 365 for their email, hence the security infrastructure is now owned by a tech giant, Google or Microsoft. Unfortunately, IT professionals still claim they see infection through email. “More than one-quarter of email security professionals report that payload attacks (e.g. malicious/suspicious attachments or links)—despite being the threats most heavily guarded against—are still making it through their cybersecurity defenses. Smaller companies (defined as fewer than 500 employees) seeing a slightly higher rate of most email attack types with the exception of credential theft attempts (39.8% large companies vs. 25.6% smaller companies),” said the report.

Also Read,

Counter Phishing Attacks with These Five Tricks

The Rise of phishing attacks against businesses

HackerCombat Guide on How to Prevent Phishing Attacks

The post Phishing Attacks Still Trending And On The Rise appeared first on .

TrickBot’s “TrickBooster” Update Compromised 250M Emails

Last Valentines day, we made a fearless declaration here in Hackercombat.com, that Trickbot is shaping itself of becoming the “malware of the year”, due to its massive campaigns of infecting computers worldwide. That will remain as our forecast; Trickbot was recently named by the DeepInstinct security researchers as responsible for the compromise of at least 250 million email accounts. It rode on the massive spam emails coming from computers that were already infected, in a campaign to cast a wider net for the banking trojan.

Trickbot used to use the flawed SMB protocol in unpatched versions of Windows to spread itself, navigate the network shared files and install itself deep into the operating system. Known as the “TrickBooster” update, TrickBot received a huge facelift in its history, as the banking trojan can now tap the address book of installed in the infected computer, sending phishing attacks to all the contacts of the user. As per DeepInstinct’s research of the new version of TrickBot, the use of user’s contacts further increases the trojan’s possibilities to infect more machines than it used to.

The new spam emails are unique, able to bypass the tried and tested antispam formula established by Outlook.com, Yahoomail.com and GMail.com. In fact, the most heavily infiltrated email address of TrickBot turned out to be from @gmail.com with 25 million unique instances of spam emails containing TrickBot. Yahoo Mail comes second, with 21 million of their customers received the spam email at least once and lastly Outlook.com users with 11 million instances.

“We analyzed the malware sample and found swaths of PowerShell code in its memory. Analysis of this PowerShell code immediately led us to the conclusion that we are dealing with a mail-bot. We discovered more samples of the malware, both signed and not, additional infrastructure used in the campaign – both to distribute (infection points) and control the malware (C2 Servers),” explained Shaul Vilkomir-Preisman, security researcher at DeepInstinct in their official website blog.

The new strain has the capability to hook to Outlook.exe creates a parallel thread, then executes a COM-based command. As it taps the Microsoft.Office.Interop.Outlook instance alongside CoCreateInstance, it hooks to OUTLOOK.exe via OleRun function. TrickBot 2.0 also incorporates advanced features that aid to its proliferation such as cookie theft capability and use legitimately looking digital certificates for the Microsoft Office attachments where it piggybacks.

Rumors have been circulating online discussing TrickBot’s new version were able to reach the mailboxes of United State’s federal agencies such as the Department of Transportation; NASA; Federal Aviation Administration; Internal Revenue Service; Social Security Administration; Department of Justice; Department of Homeland Security; Bureau of Prisons; and Bureau of Alcohol, Tobacco and Firearms.

Compared to the espionage accusations against Huawei Technologies of China, TrickBot authors have made success in stealing not only personally identifiable information but also banking data of Americans and other nationalities. “We continued monitoring the campaign and the infrastructure involved in it, both its infection points and C2 Servers, which were going on and off line, and employing various Geo-IP restrictions and other mechanisms to hamper analysis. It was at one of these servers that we found something that made us realize how successful this campaign is – an Email dump containing approximately 250 million Email addresses,” concluded Vilkomir-Preisman.

Also, Read:

Status of Today’s Email as a Malware Vector

Laptop Running Six Most Dangerous Malware up for Auction

The Fileless Malware Attacks Are Here To Stay

The post TrickBot’s “TrickBooster” Update Compromised 250M Emails appeared first on .