Information Security

In today’s digital world, we see a great deal of news focused on cybersecurity, malware, phishing, viruses, and other topics related to online attacks. There have been many publicized data breaches in the news over the last few years impacting large companies, including: Target, Sony, Equifax, JP Morgan. You may be thinking, am I safe online anymore? The answer is yes; but, like walking around a large city, you need to take precautions and know your surroundings. The best way to do this online is to get as much information as you can about how and what to do to protect your company from attackers. There is not an absolute, 100% way to prevent cyber-attacks, like phishing and malware. It’s more important to make sure you have security awareness training, letting your employees know the warning signs of possible risk and how to handle suspicious, phishing emails that show up with or without documents attached. A security team is also important to put good defenses in place, in an effort to catch different threats.

As a trend, cyber-criminals are now doing less social engineering via phones and are operating more through emails, especially to financial companies. The attackers use infrastructures that host applications through either SQL injection or cross-site scripting, among other methods. Attackers also use applications as a big way of gaining access into financial businesses. Cyber-criminals look for the applications that typically generate revenue.

There are about 9 different kinds of emails an attacker can send:

Phishing – with phishing, attackers use email and instant message or other types of social engineering and social media (i.e. Facebook, Twitter, Instagram, etc.). Attackers are attempting to gather login credentials by making their message look like it is from an authorized source.
Vishing – this is when an attacker uses voice communication technology to spoof calls that seem to be from authorized sources that are using voice over IP technology. The attackers may also use recordings and leave voicemails that appear to be legitimate and often make threats that there is an arrest warrant out for you, to force you to pay a monetary amount. It’s a scare tactic that unfortunately works for them.
Smishing – this technique uses text messaging sent to mobile devices. Some will send a website link that installs malware onto the victim’s phone when the person receiving the text clicks on the website URL.
Whaling – this is a type of phishing attack which targets high level executives, politicians, and celebrities.
Pharming – is when an attacker impersonates an authorized website in hopes of getting your credentials. Pharming works by misdirecting users to a fake website, which appears to be legitimate.
Spyware – this software allows the attacker to gain information about the user’s computer activities. Spyware is able to do the following: track activity, collect keystrokes, and capture data. Spyware can potentially alter or modify security settings in an effort to overcome security measures. Spyware often bundles with other software, Trojans, or on shareware websites.
Scareware – this uses fear to get a user to take a certain action. Scareware takes the form of a pop-up windows that look like operating system dialogue windows. The windows that pop-up say the system is at risk and you need to install a specific program in order to fix it. Reality is: there is no problem and if the program is installed, it will execute and infect your system with malware.
Adware – these are usually the annoying pop-ups that we deal with and generate revenue for its authors. Malware that is attached to the adware may watch what interest you might have by tracking websites visited.
Spam – this is also be known as “junk mail” and is unsolicited email that we all get and have seen. It’s annoying and none of us like them or want them on our systems. Some spam also contains harmful links, malware, or deceptive content. The greatest majority of spam comes from multiple computers on networks infected by a virus or worm. These types of viruses and worms tend to send out as many emails as they can. (Types of Email Attacks; Ranjan, A; GeeksforGeeks)

Most attackers use 3 main attacks:

Malicious attachments
Links to malicious web pages
Enticements to perform transactions

Financial institutions over the last two years have seen a great deal of email phishing attacks and an increase in malware attacks. You get an email that looks like it is from a legitimate company or even from someone you know. After opening the email and attachment (in the last few years, this has been a common scenario in the attacks facing financial institutions) it happens: the attachment isn’t anything you recognize or anything you were expecting and you realize that you have been duped.

The Kaspersky report (Kaspersky Report Tracks Financial Malware Attacks in 2018; Mar 7, 2019 article); states that:

“Financial phishing decreased from 53.8% of all detected phishing to 44.7%, still accounting for almost half of all detections.
The share of phishing-related attacks on payment systems and online stores accounted for almost 14% and 8.9%, slightly less than in 2017.
The share of financial phishing encountered by Mac users grew from 55.6% in 2017 to 57.6%.
Zbot and Gozi are the most widespread banking malware families (26% and 20% roughly), followed by SpyEye (15.6%)
Users who encountered Android banking malware more than tripled to 1,799,891 worldwide.
Just three banking malware families accounted for attacks on the vast majority of Android users (about 85%).”

References: