Network

Business Email Compromise

Business Email CompromiseBusiness Email Compromise (BEC) Scams

A Business Email Compromise, or (BEC) for short, is a type of attack that targets company email. A hacker gains control of a business email and uses that access to request money or data.

The most recent data we have available from April to May shows a 200% rise in BEC scams, and the trend continues to go up. These types of hacking events are on the rise because they result in much higher amounts of money than a normal phishing attack. On average a BEC attack results in 100x greater profit to the criminal than a normal malware attack.

The FBI outlines five types of BEC attacks.

Invoice Scams: An invoice scam could originate with your company, or a vendor you work with. The criminal gains access to a professional email account and uses that access to send an invoice. Sometimes the invoice looks different than usual, but not always. Jack talks about an invoice scam we saw in the Miami Valley where the criminal simply changed the routing number, and let the business send the wire transfer as usual. Watch Jack’s video here.

Account Compromise: Criminals gain access to an executive’s email account and use the address book to request money from business contacts. Once criminals have access to executive email, they will watch traffic as well as read email history. Criminals can hang around in a compromised email for weeks looking for the best way to steal money.

CEO Fraud: Attackers pose as company CEO or other upper level executive, and email employees in the finance department instructing them to transfer funds to an outside account. This can be done by actually gaining access to a CEO’s email, or by using a spoofed email account. Many employees would be hesitant to question a request from the CEO.

Legal Impersonation: Criminals pose as a law firm representing the company with confidential information. This scam is done over the phone, or email, and will typically fall at the end of the workday or week. The criminals in this scam rely on urgency, and confidentiality.

Data Theft: This tactic normally targets Human Resources departments for confidential data instead of money. Criminals will pose as other members of the company and ask for employee information or database access.

All of these methods rely heavily on quality research, and targeted social engineering. These are not blanket phishing emails sent to thousands of email addresses. The criminals know exactly who they are impersonating. They gain access to a business email account through any number of tactics like password reuse, a separate phishing attack, malware, or missing security patches. Once they gain access, they read emails and form a plan for exploitation. Criminals can spend weeks inside the compromised email developing a method of best attack. This is a long, well researched process.

Employee education is the key to prevention, especially in Finance and HR departments. Open communication as well as quality IT Security is the best way to prevent these kinds of attacks. Employees should be encouraged to confirm requests for money, especially if they are out of the ordinary. The criminals first have to gain access to the business email in order to develop this kind of attack. A high quality layered security approach is the best defense against a criminal gaining access to a business email in the first place.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

 

Posted by Charles Wright in Recent Posts

Patch Management

Back to Basics with Patching and Updating

Microsoft released two patches this week outside of their normal monthly update. These two vulnerabilities opened Microsoft users to hackers and were serious enough that the company pushed the updates out of schedule. This is the kind of story that emphasizes one of the steps in our Q-Stack. You can read the whole story on the Microsoft patches Here. Today we’re going Back to Basics with Patching and Updating.

When we talk about patch management in the IT world, what we are really talking about are updates. Operating system and application developers both consistently release patches to correct errors or bugs found in software, or security updates when vulnerabilities are found. Hackers and software companies are in a continuous battle for the next vulnerability. The hacker finds a vulnerability they can exploit, the software developer sees this exploitation and releases a patch.

There are many aspects of patching to think about. Servers, operating systems, and software all have patches. Any of these three components could present a vulnerability a criminal could exploit. Many systems offer automatic updates, but these do not always cover all updates. It is best to have a professional manage you company’s updates for times like these when a patch comes out of schedule and there is a known vulnerability. Hackers are reading the IT news just like we are, so they know there’s a Microsoft vulnerability that could be open for a couple weeks.

Another factor to consider is end of life software. As machines and operating systems age, there is a point where developers stop supporting software. We covered this issue last year when Microsoft decided to continue to support Windows 7, but with limitations. Users had to pay for the support and it only lasted a year as a stopgap. At some point the software does not pass the ‘worth it’ factor for the company, and they decide to discontinue support. In a business setting, this is a problem you should see coming, and have a solution to well before the abandonment date.

Now that many companies have employees working from home, it’s an even more important time to focus on patches and updates. If employees are using a personal computer, this device is an unknown on the business network. Even if employees are only accessing email, and remote services, patching and updating is still a critical step to keeping that personal machine working. Educating users about the basics of IT security is always important, but now it’s even more critical as many employees are using person equipment to do their job.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business, Virtualization

Multi-Factor Authentication

Multi Factor AuthenticationBack to Basics: Multi-Factor Authentication

Multi-Factor Authentication (MFA), or Two-Factor Authentication (2FA) are systems to identify a login with more than just a username and password. You have probably experienced Multi-Factor Authentication when logging into a banking app. They may have asked for a fingerprint or a one-time password they sent you. Often these apps will only ask for a second form of authentication if you are logging in from a new location.

MFA is a way to secure your login credentials beyond just using a password. Many users choose passwords that are easy to crack, or use the same password on multiple services. If one password is compromised, they are all compromised. MFA is an extra step to secure a given login.

Multi-Factor Authentication types are broken into three categories:

Something you know: Password, Mother’s Maiden Name, DOB, PIN.

Something you have: Cell Phone, USB token, RFID chip.

Something you are: Fingerprint, Retina Scan, Facial Recognition.

The most common form of MFA is an SMS text message to your phone. This extra step stops criminals from accessing an account where they have figured out the password. Also, the app or service could see this login attempt with the correct password, but not the second factor of the text message. This could prompt a notification from the service to re-set your password. Additionally, if you receive a text message and are not trying to log into your bank account, you know someone is trying to access your account. While SMS 2FA has its own set of vulnerabilities, it is still much more secure than only using a password.

We read an article last week that reinforces this theory. An Xbox user was not using MFA, and when his account got hacked, the hackers turned on MFA so that he couldn’t recover his password and get back in. Click here to read the article.

This article illustrates a great point. If a service you are using has an option for MFA, but you’re not using it, this opens up a huge vulnerability for the account. If the account gets hacked, the hacker can turn on MFA and make it nearly impossible to access the account again. In the case of the Xbox account, it was also tied to a bank account, so the hacker turned on MFA, locking out the original user permanently, then started buying games on the linked bank account.

Most companies will not let you back into the account if you don’t have the extra point of authentication. If 2FA or MFA is an option and you’re not using it, the hacker who breaks into the account will.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Small Business

Knoxville Ransomware Attack

Knoxville RansomwareThe Knoxville city government was hit by a ransomware attack last week.

The city was forced to take down parts of their public facing website and shut down many of the servers required to do work in the city. The court system had to reschedule all Friday court appearances, and police officers were not responding to non-injury traffic accidents.

The Knoxville mayor, Glenn Jacobs, released a statement Thursday:

“Cyber-attacks can happen to anyone or any government no matter how good the defense is. In a lot of cases it’s not a matter of ‘if’ but a matter of ‘when.’ Our IT department has been in contact with the city and we stand ready to help if they need it.”

Initial reports indicate the breach occurred with the use of a spear phishing attack. Spear phishing is different from a general phishing attack, because the target is known by the criminals. Knoxville is the 51st state or local government to be attacked by ransomware this year. In 2019, 113 state or local governments were breached. The study below shows attacks are on the rise because they often work, and the city is forced to pay the ransom. The study also shows people are still the biggest liability in many of these attacks.

CyberEdge recently released its 2020 Cyberthreat Defense Report. Below are their top five takeaways from the report. They are interesting points to view the Knoxville attack through. Statistically attacks are up, they are up because they are working, and employee education is still one of the largest contributors to the criminal’s success rate.

  1. The bad guys are more active than ever. The percentage of organizations affected by a successful cybersecurity attack had leveled off during the previous three years, but this year it jumped from 78% to 80.7%. Not only that, for the first time ever, 35.7% of organizations experienced six or more successful attacks. The number of respondents saying that a successful attack on their organization is very likely in the coming 12 months also reached a record level.
  2. Ransomware attacks and payments continue to rise. Ransomware is trending in the wrong direction: 62% of organizations were victimized by ransomware last year, up from 56% in 2018 and 55% in 2017. This rise is arguably fueled by the dramatic increase in ransomware payments. 58% of ransomware victims paid a ransom last year, up from 45% in 2019 and 38% in 2017.
  3. People are the biggest problem. The greatest barriers to establishing effective defenses are: (a) lack of skilled IT security personnel and (b) low security awareness among employees. According to respondents, these are more serious than issues like too much data to analyze, lack of management support and budget.
  4. But IT security is having some successes. Respondents say the adequacy of their organization’s IT security capabilities has increased in all eight of the functional areas. They rated these improvements as greatest in application development and testing, identity and access management (IAM), and attack surface reduction through patch management and penetration testing.
  5. Advanced security analytics and machine learning are becoming “must-haves.” Implementations of advanced security analytics took off over the past year and are expected to keep rising. Organizations are showing a strong preference for IT security products that feature machine learning and other forms of AI.

Source: CyberEdge Group

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Small Business