Surveys indicate that a large percentage of SMEs are blasé about cybercrime. That could be costly. Even if you don’t have a budget to install a boatload of cyber defence technologies, you can prevent a data breach by knowing the latest hacking techniques to watch out for.
It seems that every week there’s a high-profile data breach. And when a corporate entity suffers a data breach, it can put its customers at risk. So if your business invests in services from a leading company and hackers steal your email address or financial data, you should expect to be targeted.
This type of deep data can cause untold damage – and SMEs are the most vulnerable. Under the provisions of General Directive Protection Regulations (GDPR), businesses are legally obliged to inform stakeholders that are affected by a security breach.
Subsequently, more than 60% of businesses that suffer a data breach go out of business. In most cases, this is due to a lack of trust from their existing customers that switch to a competitor.
Whilst IT cybersecurity defences do a good job of keeping hackers at bay, threat actors are constantly evolving their technologies and strategies. We, therefore, recommend keeping up to date with the latest hacking techniques to watch out for.
Malicious Attachments Dropped in Microsoft Teams
As we reported a couple of weeks back, bad actors have found a way to drop malicious emails into Microsoft Team chats. The malicious .exe attachments are labelled “User-Centric”. That label could change.
When opened the self-administering files can take control of the user’s computer. If hackers get on to your business network, they can lock you out and demand a ransom.
Email spoofing is a sophisticated hacking technique that attempts to trick targets into taking a call-to-action such as clicking links infected with malicious malware, opening infected attachments, sending sensitive data and even making a payment.
This technique works well because, for all intents and purposes, the email appears to originate from a trusted source; a business, creditor or client for example.
In spoofing attacks, the email is designed to look precisely like an email an authentic party would send. A spoof email from a business will feature the company’s logo and other features that make the message appear authentic.
Without antimalware software, spoof emails can be so well designed that the only way to identify them is from the address of the sender. These types of email addresses will not quite look right.
Here are some real-life examples of how to detect spoof emails.
Stolen Source Codes
Source codes stolen from Samsung in a cyber-attack is the latest hacking technique to watch out for. Bad actors leaked source codes that contained confidential data relating to the operation of Galaxy devices. It is thought that some of this data exposed algorithms used for biometric unlock operations.
Although Samsung alleges the personal data of their customers was not compromised, acquiring source code is a big step to helping hackers exploit vulnerabilities in Samsung’s software – which potentially puts millions of Samsung device users at risk.
If any of your employees use Samsung devices to access your business network, double down on your cybersecurity protocols and limit their access to your business network.
Spear Phishing or Whaling
Spear phishing targets a specific person within the company which makes them more dangerous than a typical phishing attack that is sent out on mass.
Also known as whaling, these types of cyberattacks typically target C-level executives. However, they can also be sent to personnel that has access to sensitive data such as HR or someone in accounts that is responsible for making payments.
Because hackers have started infiltrating third-party cloud software that is popular with businesses, spear phishing attacks can be harder to spot because it appears as though the originator is a trusted source.
Microsoft Teams is a recent example. Dropbox, Trello, Skype and Zoom are other easy avenues for hackers to pursue if they have access to an employee’s computer.
There are several ways to identify spear phishing attacks, depending on the technique being used. If you are being asked to open an attachment or click on a link, hover your mouse over the attachment or link first to determine if it’s from a genuine source or whether it’s a known threat. If you’re still unsure, contact the sender to confirm it’s come from them.
The National Cyber Security Centre say emails sent by threat actors may convey a sense of urgency when asking you to send money. Although the tone and language can appear genuine, there are slight clues that should make you question the authenticity of the email.
Clone phishing is very similar to spoof emails but sends out an email that has already been sent and replaces the original attachment or link with a malicious one.
For clone phishing to work, hackers need to compromise a computer they can take control of. Once they have access to an individual’s email account, they can send a message to everyone in their contact list.
Clone phishing uses the same techniques as spoofing to make the email appear genuine. However, because they are typically sent out on mass, you will get some random emails you weren’t expecting.
When this happens you should be able to inform the hacker’s victim their computer has been compromised and nip cloning in the bud early doors. The person or persons that have the toughest time recognising clone phishing are the individuals that received the original email.
An effective way of eliminating this type of threat is to ban attachments in internal emails. It’s far easier to share attachments in the cloud anyway. And safer. Also, train your staff to check the description of a link or file by hovering their mouse over the link or attachment.
Access IT Security Specialists in Surrey
Our IT security specialists keep a keen eye on the latest cybersecurity news so that we can inform our clients of the latest hacking techniques to watch out for and take any relevant actions. It’s our goal to ensure your business networks has the maximum amount of protection for your budget – and knowing how to spot threat actors can prevent around 95% of your attacks!
If you’re not already taken advantage of our award-winning team, get in touch with us today.