3 Tips to Deal with Online Impersonators and Impersonation Attacks

3 Tips to Deal with Online Impersonators and Impersonation Attacks

The online space makes it easier for people to pretend to be others. People can easily create fake profiles with the click of a button. Facebook says they removed 2.2 billion fake accounts in the first quarter of 2019.

Source: Facebook

Instead of hacking into your account, an attacker can just pretend to be you. Bad actors can easily take your photos and create a fake social media profile or mock up an email address that looks close to your work email. From there they can try to contact people close to you and engage in impersonation attacks.

3 Types of Impersonation Attacks

Bad actors who try to impersonate others can engage in any of the following attacks:

1. BEC/CEO Fraud: In these attacks, attackers impersonate companies or high-level executives like CEOs. They then contact employees or business partners and ask them to wire transfer money into a fraudulent account. BEC attacks are very common and losses are typically in the excess of $100,000 according to the Canadian Anti-Fraud Centre.

2. Romance Scam: Colloquially known as catfishing, this scam involves bad actors trying to woo their victims by pretending to be another person. This attack involves stealing photos from real life people and crafting a persona from those images. In some cases, an attacker will pretend to be a well-known celebrity. They build a rapport with their victim to establish trust. Once trust is established, they will concoct a story that will move the victim into giving them money.

3. Vishing: Scammers will not only impersonate people online but also through telephone calls. Vishing is a type of phishing attack where attackers call potential victims and pretend to be a government authority or help desk support. They try to scare victims by telling them they have bank, computer or fraud issues, or they will try to entice victims into giving information by saying they’ve won a prize.  

What to Do If You’re Being Impersonated Online

Anyone can be a victim of online impersonation. Here are three things you can when dealing with a fake account:

1. Report the user: It’s important to try to get the fake account taken down as soon as possible. Report any false accounts that are in your name. Do not engage with the fake account. They could get hostile and end up escalating the situation to something worse.

2. Warn others: Having multiple accounts in your name can confuse your friends, family and employees. If they accidentally mistake the impostor for you, valuable data or finances could be lost. Let your contacts know that you are being impersonated. If the account is doing any specific actions, like messaging your employees to buy gift cards, make sure you warn others about these actions too. 

3. Monitor for other incidents: Check for other fake accounts on other websites like LinkedIn, Twitter or Facebook. Make sure that there aren’t any other impersonators elsewhere. Continue to monitor time and time again to ensure that this doesn’t happen in the future.

How to Avoid Falling Victim to Impersonation Attacks

1. Awareness: In order to combat these attacks, you need to know what to look out for. Engaging in a security awareness course like our Secure IT – Cyber Awareness Training will help employees understand the threat landscape and learn what they can do to help build defenses.

2. Speak up: Employees may be hesitant to doubt the veracity of a message from an executive or boss but if they are receiving strange messages, it’s important to alert someone about it. Creating a good security culture in your workplace will encourage employees to speak up about potential security incidents. By directly asking the person who supposedly sent the email or having a second opinion from another co worker, it can help curb potential fraud or data leaks.

3. Increase email security: A secure email solution like Secure IT – Mail will help protect your inbox and can filter out malicious messages. This solution provides advanced security technologies like AI and SIEM to protect your inbox from threats.

3 Types of Insider Threats to Look Out For

3 Types of Insider Threats to Look Out For

Most organizations may see hackers as their biggest threat but security threats can happen from inside their company as well. According to Verizon, 57% of database breaches involved insider threats within an organization. 

Insider threats can occur in various ways and are not always intentionally malicious. For example, an employee who has their credentials leaked can inadvertently become an insider threat if a hacker compromises their account to steal data. In this case the employee may seem like they are a bad actor when in reality their account is being controlled by a malicious actor. 

Understanding the different types of insider threats can help organizations ensure they have effective measures in place to prevent insider threats from harming their company. 

insider threat

Source: Verizon

What Is An Insider Threat?

An insider threat is someone who has authorized access to an organization and misuses that access and puts an organization’s security and data at risk. They can be former or current employees, stakeholders, partners or someone who frequently access your organization’s premises.

Insider threats are serious because they know their way around an organization. They will most likely have access to or know how to gain access to important data. Since they have authorized access, they can be hard to detect or determine if they are using their access maliciously.

A well-known example of an insider threat is the whistleblower Edward Snowden. Snowden famously leaked highly classified information from the NSA, where he used to work.

3 Types of Insider Threats

Unintentional Leak

Employees accidentally leaking information or putting data at risk end up acting as an insider threat. This type of insider threat doesn’t have malicious intentions but may use poor cybersecurity habits that end up threatening an organization’s security.  According to research by SolarWinds, more than 50% of organizations reported that employees pose the biggest risk for insider abuse or misuse.

The best way to combat employee error is to have a good cybersecurity culture. Cyber awareness through cybersecurity training can help users avoid common mistakes, such as clicking on a phishing link, that put organizations at risk.

Malicious Intentions

This type of insider threat wants to use their access maliciously for their own desires. They may be a disgruntled employee looking to cause havoc on their former employer or an employee trying to use their access for financial or personal gain. Research from Accenture found that nearly one in five healthcare employees said they would sell confidential information like login credentials to unauthorized parties.

Of course, organizations are unable to read the minds of their employees let alone know their intentions. In order to combat this type of threat, using advanced technology like a SIEM can help detect suspicious behaviour, such as employees accessing unusual data or systems or if your network is communicating with a malicious server. Organizations should also disable the accounts/access of recently departed employees as soon as possible.

Insider Accomplice(s) 

This threat occurs when the person colludes with other employees or with external parties to steal information.

An example of this type of insider threat would be the the incident with the “Wolf of Manchester.” In 2015 an insurance worker partnered with a former employee to steal customer data and used that information to commit fraud. The pair made £18,250 (approximately $30,000 CAD) by using the stolen data. 

To mitigate this kind of insider threat, it’s important that you are protecting your critical assets with privileged access management and monitoring. Limiting access to important data to only those who need it will help you keep track of who has access to the data. Monitoring your networks for suspicious behaviour can help detect fraudulent activity or abuse of access.

5 Business Impacts of Cyber Attacks

5 Business Impacts of Cyber Attacks

The impacts of a cyber attack can be devastating, and many executives are now recognizing cybersecurity as a key business driver. A recent report from Radware surveyed executives worldwide and found that security remains a top priority in the enterprise, with 72% of executives citing information security as a recurring agenda topic in every board meeting. With the rise of cyber attacks and data breaches, it’s getting more important for businesses understand the impacts these attacks can have on their operations.

Source: Cisco 2018 Annual Cybersecurity Report

Cyber Attacks and Your Business

Cyber attacks are no longer just the problem of the IT department. A single cyber attack can cripple an entire business’s operations. Organizations cannot ignore the long reaching effects of cyber attacks. Here are 5 ways a cyber attack can negatively impact your business.

1. Revenue loss: Cyber attacks like DDoS attacks can cripple websites and render them unusable for customers. Customers who are unable to access a business’s online store may look to a competitor to make their purchases. Cyber attacks can also lead to future revenue loss if customers decide they no longer want to do business with the company.

2. Brand reputation: Brand reputation is not only important for a business’s customer relationships but also for their relationships with other businesses and stakeholders. Building trust is an integral part of an organization’s relationship with others. A single cyber attack can cause damage to a brand’s reputation. Consumers will not want to do business with an organization that puts their information at risk. As a result, stakeholders will not want to invest in your business. Research from Bitglass has found that publicly traded companies suffer an average drop of 7.5% in their stock values after a breach and that it takes an average of 46 days for stock prices to return to their pre-breach levels.

3. Operational disruptions: Cyber attacks can cause service disruptions to an organization’s infrastructure. Organizations can either shut down due to an attack or be forced to divert their efforts into stopping the attack. Actions like having to unplug and isolate computers as well locating threats, negotiating ransoms, restoring backups, removing viruses, etc. disrupts business productivity. Additional activities like having to conduct investigations and implementing new resources can also cause additional disruptions after an attack.

4. Hidden financial costs: Cyber attacks have many hidden costs that can cause an attack to cost more than just the initial damage. For example, when Wasaga Beach got hit by ransomware, they paid a negotiated ransom of nearly $35,000. However, the cost of the attack didn’t stop there. The town had to hire consultants and make changes to their IT infrastructure. Overtime and productivity losses also added extra costs. Overall, the ransomware attack cost the town $251,759. That’s more than seven times the amount the town negotiated to pay for their ransomed servers. Other hidden costs can also include legal fees, PR/communications strategies and compliance penalties.

5. Loss of Data: Cyber attacks put your data at risk. Hackers can steal any kinds of data, including those from your customers and employees. Once your data is in the wrong hands a number of things can occur. Hackers can hold it for ransom, sell it on the dark web or use it in other malicious ways. Hackers not only target personal identifiable information but also intellectual property. Information regarding product designs, marketing campaigns, strategies and blueprints can also be at risk. Losing this type of data can affect the competitiveness of your business.

How to Protect Your Business

No matter the size of your business, cybersecurity protection is vital. Using advanced cybersecurity solutions like Jolera’s Secure IT, combined with cyber aware staff, can help protect your business and prevent these kinds of attacks.

How Botnets Infect Your Computers

How Botnets Infect Your Computers

The increase of IoT devices and their lack of security is giving rise to several cyber threats, including botnets. Botnets not only target corporate devices but infect home IoT devices like security cameras. One of the largest botnet attacks was the Mirai botnet attack in 2016. Hackers managed to infect 500,000 devices and used them to engage in DDoS attacks which shutdown services like Spotify and Netflix.

Although the attack happened in 2016, Mirai botnet (as well as other botnets) is still active today. A report by Fortinet found that Mirai was one of the most active botnets in the second quarter of 2018.

Source: Spamhaus Botnet Threat Report 2019

What is a Botnet?

A botnet is a network of IoT devices that have been infected with malware and are controlled by hackers. Hacker control networks of infected devices by having them communicate using peer-to-peer networks or through a command and control (C&C) server.

How Do Botnets Work?

Hackers start creating botnets by first infecting as many devices as possible. This is done through spreading malware via malicious email attachments, pop up ads or downloads. Some botnets can self propagate and scan for vulnerable devices to infect automatically.

Once a device is infected, hackers will try to control the devices. They can either use a peer-to-peer connection where infected devices share communication with other infected devices or connect the device to a C&C server. The C&C server is where hackers relay instructions to control the infected devices. Hackers often spread C&C servers throughout the world so they’re more difficult to find and bring down.

Being able to control hundreds of thousands of computers all at once allows hackers to engage in large scale attacks. Examples of malicious activities botnets can carry out include DDoS attacks, send out viruses, steal data and more. Botnets can be hard to detect because they don’t use a large amount of computing power, meaning they can infect devices for years.

How to Protect Against Botnets

Since botnets are hard to detect, preventing your device from being infected is critical. Here are three things you can do to defend against botnets.

1. Employ advanced protection: Integrating advanced security solutions like those from our security solutions package (Secure IT) can help protect against botnet infections. Using a combination of antivirus, endpoint protection, SIEM and firewalls will provide multiple layers of defense and reduce opportunities for hackers to infect your systems.

2. Patch and update regularly: Using legacy systems or failing to update your software and hardware can leave you vulnerable to attacks. It’s important to make sure that your systems, applications and browsers are always updated to the latest version. Patching against these security vulnerabilities can prevent hackers from using known exploits and infecting your devices.

3. Isolate infected machines: Detecting and removing infected machines from your network helps prevent the threat from spreading to other devices. As soon as an infected computer is discovered, it’s important to disconnect the device right away. Once you’ve isolated the infected machine, you need to clean the machine and remove the malware. If a computer is not cleaned up properly after an infection, it can become reinfected.

4 Ways Legacy Systems Challenge Security

4 Ways Legacy Systems Challenge Security

As technology continues to upgrade and change, many systems that are currently in place in organizations tend to become outdated.

For example, Microsoft recently announced that Windows Server 2008 and SQL Server 2008 will be reaching end-of support. This means that Microsoft will no longer be updating and patching security vulnerabilities to these products.

When manufacturers make these announcements, it means that organizations that continue to use outdated systems are using what’s considered to be legacy systems. It’s ultimately up to an organization as to whether or not they want to upgrade their systems but using legacy systems can present several security challenges.

Source: Accenture

Why are legacy systems being used?

It seems like as technology advances, companies should be updating alongside with it to better serve customers and remain competitive. However, there are several reasons why companies would continue to use legacy systems. It can be tough for a business to upgrade their systems, especially when their operations are tailored around them. This can affect data as it can be lost or corrupted. Some companies may not want to update due to the high costs of their current systems not being amortized. As a result, legacy systems can be seen in several industries, opening them up to several security risks.

4 Ways Legacy Systems Are Security Risks

1. Security vulnerabilities: Legacy systems are vulnerable to cyber attacks. When manufacturers end support for their systems, it means they stop updating any security vulnerabilities too. This means that hackers can exploit unpatched vulnerabilities and gain access to your systems. These systems may also lack updated security features necessary to protect data and/or may not support new security software.

2. Lack of talent resources: IT professionals are constantly updating their skills and knowledge so that they can support the latest platforms. As a result, the talent pool of knowledge for legacy systems grows smaller. This can make it harder for you to find the right people to help support your systems. Since legacy systems require more work to maintain, it’s important you have the right experts looking after these systems.

3. Data loss: Legacy systems may not always be compatible with new apps or software, leading to data silos. Research by Snaplogic found that 41% of organizations have critical company data is trapped in legacy systems that cannot be accessed or linked to cloud services, costing organizations approximately $140 million. This can lead to organizations forgetting about data in these systems and system administrators may fail to backup the data or implement necessary security controls to protect it.

4. Compliance issues: Legacy systems put organizations at risk to cyber attacks which can lead to compliance risks. Countries all over the world have implemented privacy standards like GDPR and PIPEDA in response to protecting personal identifiable information. Failing to comply with these standards can lead to penalties and fines if you experience a data breach.

If you are unsure about the security of your legacy systems or have questions about upgrading, contact an expert at Jolera today.

How Hackers Use Social Media to Target Your Employees

How Hackers Use Social Media to Target Your Employees

Social media is a gold mine for data because so many people use it. About 94% of Canadian internet users have at least one social media account, according to research from the Social Media Lab at Ryerson University. This means your employees are most likely on social networking sites. By simply looking up a company on LinkedIn, hackers can find out who their employees are. From there, they can do more research and find other social media accounts they have. Hackers can use information gleamed from social networking sites to engage in social media profiling and find ways to target your employees with attacks.

Source: Weber Shandwick

What is Social Media Profiling?

People share a lot on social media, from their interests the company they work for and even where they currently are. All this data is blueprint of who you are and can be used to create a profile. Social media profiling is commonly used in marketing. Marketers often build profiles of potential clients and use them to refine their marketing strategies. But just as marketers look through data to see how to get consumers to buy items, hackers can use social media data to see what will entice someone to click on a phishing link and spread malware.

How Social Media Can Be Exploited

Sharing on social media is so ingrained in our culture that we often don’t think about the impacts our posts can have. In fact, these platforms consistently encourage us to share ideas, videos and photos with others. Unfortunately, this can lead people to take social media data and use it maliciously. Here are three ways hackers can target you based on your social media posts.

1. Social engineering: Social media makes it easier for hackers to manipulate potential victims by impersonating friends, family, brands, or celebrities. It can be hard to determine a fake account because hackers can steal photos of real people and use them to seem legitimate.

2. Passwords: Hackers can guess your passwords or the answers to your security questions based on information from your social media accounts. People often use pop culture characters or sports teams as part of their passwords. If you constantly tweet about a sports team or like a Star Wars page on Facebook, hackers can use this information and engage in password spray attacks. If you happen to use an insecure password, this can give hackers access to your accounts.

3. Phishing: Social media makes it easier for hackers to craft phishing emails that you will most likely click on. For example, if you tweet about a Netflix show, chances are you have an account. Hackers can look at this and use this information to send a phishing email related to your Netflix account.

Using Social Media Safely

Social media is a fun tool for your employees to collaborate and unwind. It’s important that your employees use social media safely to help protect their data and your company. Here are three tips for using social media safely.

1. Train employees: Employees should undergo mandatory security training every year so that they are aware of the ever changing cyber risks they can experience while online. Cyber crime is a threat that can impact them in both their personal and professional lives. Enrolling employees in a cyber awareness training course like Secure IT – Training will help them understand the threat landscape and encourage them to build good cybersecurity habits that will protect them from these threats.

2. Be cautious: It’s important to use social media with caution when posting on your accounts and when deciding who to allow into your networks. Tweeting that your boss is away may seem innocent but a hacker can use this information to commit CEO fraud. It’s also important to use caution when accepting random friend requests or connections on LinkedIn. By letting strangers into your network, you open yourself up to the risk of your information being used for malicious purposes. Be wary when responding to messages and don’t click on links or download any attachments.

3. Protect your endpoints: It’s important to have endpoint security to protect your laptops, desktops and mobile devices. Some people use social media as part of their job but even those who don’t may be on social networking sites while at work. Using an endpoint solution like Secure IT – Endpoint will help prevent threats and improve your security posture.