Be prudent towards cybersecurity before its too late

Be prudent towards cybersecurity before its too late

Hollywood movies give us an insight as to how it is going to feel when someone puts a gun on your head and asks you for ransom. The good part is we can anticipate the reaction and prevention of any such situation. However, virtual life is significantly different from the ones we see in reel or sometimes unfortunately in real life. People stay under the misapprehension of the virtual world being a safe one, as no physical or face to face contact is made. If you think the same, you may want to rethink it.

The advancement in technology is no doubt, making life much easier. All it takes is just one click to flourish businesses, contact and lock deals and expand the clientele base. Communication has become easier and people can contact anyone from any corner of the world. But are these advantages turning into a bane? In recent years, it most definitely has. Cybersecurity is one of the biggest concerns of businesses that carry most of its operations online. Phishing, vishing, ransomware, smshing are few of many cyber threats occurring on an hourly if not daily basis. One such cyber threat that has caught the attention of cyber police and tech enthusiasts is ransomware.

What is ransomware?

Ransomware is a kind of malware that is used to infect the devices of individuals or businesses. There are a few variants available as of now including the ones which either infect the device and encrypt the files. The other ones get access to the device and either delete the files or block them till they get the desired ransom. The amount of ransom can be anything between $200-$20,000, gift cards or bitcoins with no specific pattern in the value of ransom.

The loss related to a ransomware attack is not only limited to the amount of ransom itself, but it hits the victim in many ways. The losses include the loss of data, amount of ransom, legal charges, IT costs, cybersecurity software and loss of productivity. One ransomware attack can affect the victim in numerous ways, from which it takes months or even years to recover. When a phisher attacks a victim he makes sure to take full advantage of the opportunity and attacks all the devices including the desktops and even the smartphones; leading to complete wreck in the system.

How does a ransomware attack work?

The attacks vectors it’s way to the victim because of his own activities. When the victim clicks on unauthorised links, e-mails containing malicious attachments, compromised websites or sometimes drive-by downloads; the malware gets downloaded automatically and infects the system. 

Another method used by phishers to trap their victims is the use of cyber threat actors. This method is a combination of spear-phishing and ransomware. When the attacker intends to attack a specific person, this method stands by far most successful. After mining all the information, the phisher contacts the victim, win the trust and then attack him by persuading him to click the malicious link or attachment. Using actors in such attacks helps in gaining more money or ransom in comparison to sending mass e-mails or messages. 

Top 3 important steps for mitigation of ransomware attack

  • Incidental response plan- This is very similar to cybersecurity training where the employees of an organization are trained on how to prevent, respond and identify various phishing attacks. During the ransomware attack, the employees, employer or individual are trained on how to respond to a ransomware attack.
  • Anti-spam and antivirus- The antivirus and anti-spam solutions are your go-to preventive measures when it comes to phishing attacks. Make sure you upgrade them time-to-time for better protection.
  • Backups are saviors- The main element of a ransomware attack is stealing or encryption of important data. If you already own a backup of all the important data which you know may cause trouble if it gets stolen or deleted, it will significantly mitigate the loss caused by an attack.

Facts and figures

  • The bar graph below is the clear representation of the growth in damage and cost of ransomware which shows a whopping increase to an estimated $20billion dollar in 2020 alone
be-prudent-towards-cybersec-growthstats

To sum up final thoughts

The greed for quick and easy money by people with ill-intentions has stooped them down to a level where they use their brightest brains to weave ideas for trapping people. The ransomware attacks are getting more and more sophisticated which is making it difficult to avoid or prevent them. However, with proper training and preventive measures as stated above; the task doesn’t seem impossible. Therefore, its high time one must get alert with the activities online to save oneself and businesses from huge losses.

Don’t let new tactics get you phished!

Don’t let new tactics get you phished!

Evolving and progressing in life goes hand in hand. One must always make efforts to progress so life doesn’t get stagnant. However, in recent years phishers seem to have taken this mantra way too seriously; as every year they tend to come up with new tactics to phish their victims. Just with the onset of the new decade, phishers came up with a new technique to swindle victims using the same old phishing technique but with a new twist to make it look more genuine and easy to trick.

What is the hype all about?

In the month of January this year, computer expert Terence Eden brought into the knowledge of people about a new trick that is being used by the phishers. Reportedly, the phishers sent a message to his wife masquerading themselves to be from EE asking for personal information using a different type of URL. Fortunately, Eden’s wife was not a user of EE; however, Eden did manage to notice a weird and new thing in the message. The message read:

As can be clearly seen in the URL above, the phishers have managed to use three elements to make it look genuine.

  1. The use of HTTPS://
  2. Using the real and official subdomain, that is ee.co.uk and,
  3. The main element of the date, that is Jan 02

What is the cause of concern

The elements as stated above has caught all the attention and also the causes of concern.

  1. Use of HTTPS:// – One of the main concerns and reason to worry about is the throwaway prices at which the domain servers provide sub-domain these days. Anyone can easily get access to domain names of popular and established companies, making it difficult for non-tech savvy and people unaware of such attacks to become prey of one. These hoax websites manage to get the SSL certificates due to which the sign of lock is shown in the address bar; which makes the whole act look even more real.
  2. The ee.co.uk was just a subdomain that was replicated and constructed by adding other information which is usually not added in phishing e-mails, making them look more genuine.
  3. The current date was added in the URL which is a new card played by the phisher. When a potential victim comes across such a message, they see “jan02.info” which makes them believe that the link has been directed from the company itself.

How to protect yourself from such attacks?

One can find multiple alternatives to save oneself from phishing attacks like security awareness training, e-mail filters, etc. but to tackle this specific new type of phishing using DMARC protocol has to be your best bet.

DMARC is an abbreviation for domain-based message authentication, reporting, and conformance. This is a protocol that further uses a combination of two frameworks namely, sender policy framework (SPF) and DomainKeys identified mail (DKIM) to authenticate the legitimacy of a website. When the SPF and DKIM fail in proving the authenticity of an e-mail, only then the DMARC protocol works towards protecting the user.

When a DMARC policy is properly configured, it helps the user in deciding whether or not to accept or reject an e-mail from a particular sender. When you use a DMARC for protecting your brand or your individual information, it saves you from receiving messages from unauthorized senders.

DMARC not only protects you from receiving e-mails from phishers but its reports also provide you with information on people who are sending e-mails to other people using the name or domain of your company.

Finally, DMARC does more than just identifying and analyzing e-mails and bogus websites. It also helps in creating a community which helps in establishing a policy that authenticates the messages in circulation. When this happens the overall email environment becomes a safe and secure one.

According to research, more than 70% of e-mails around the globe are fake, 30% of these phishing emails are opened by victims, 9 out of 10 emails have some form of ransomware in it and steady growth of over 4,00,000 phishing sites from the year 2016 has been observed. If these figures were enough to spook you, there is more to it. Therefore before you become one of the victims of such attacks, get your DMARC program installed today.

To sum up final thoughts

The beginning of the new decade has brought with itself some new risks as well. Phishers are trying their best to stay one step ahead and trick people into traps. However, as an aware netizen, you must try not to fall in such a trap and be alert with the link and websites you are visiting. Keeping track of all the new tricks used by phishers and the precautions available to protect oneself will help you in the long run.

TIKAJ’s Anti-phishing service will help secure your intangible treasure.

Make anti-phishing solutions ride shotgun in your company’s modus operandi

Make anti-phishing solutions ride shotgun in your company’s modus operandi

A person is always very particular and vigilant when it comes to his or her close one’s secrets. They try to protect it while keeping their lives on stake. This is because they understand the sensitivity and tenderness of the secret and the chaos it can create if they beans get spilled. The same situation works for a company as well. The business owner or the core workers know they sweat and blood they had to invest to make they the company stand at the position it stands today. Therefore, it becomes their utmost priority to safeguard not only the company’s sensitive data but also the reputation and trust the employees and customers lay in it.

The company holds a lot of important matters with it which includes the data, finance, intellectual and intangible property. The security of these elements is as important as the assets itself. When these elements get into the hands of attackers, it can land the company into problems with irreversible consequences. Therefore along with proper awareness among the employers and employees, effective solutions are equally vital. With the advancement of technology and a detailed analysis of the pattern of the attacks by phishers, a number of solutions are now available which can help the company in the long run.

Need for anti-phishing solutions

The need for any solution or service can be best understood by the urgency of its use. Starting with the statistics, in 2018 alone around 880 million phishing e-mails and messages were detected around the globe.

Phishing e-mails disguise themselves as if they are from familiar websites or companies. The e-mails are usually sent in bulk which is a time and cost-efficient method of catching prey. They add attachments or links which contain malware and ransomware making them very dangerous even if a victim clicks on it. Although the phishers have now specialized and upgraded their game, where they attack their victims by creating personalized e-mails for them, which increases the success rate of them falling for it.

The scariest and worrisome part of a phishing attack is that if the attacker gets access to your data, it will months before you could even detect the breach. Even after you detect the breach, it will take you months to contain and get back on its feet to control the damage. This gives the phishers straight-eight months of a headstart to continue with their malicious venture. These reasons add up as to why every company is under the radar of the phishers and how important are these anti-phishing solutions.

How do anti-phishing solutions work?

  • Scans the incoming e-mails- The most important feature of an anti-phishing solution is to scan the e-mails. This is because most phishers make their way into your device through the malicious e-mails they send you. When you click these links or attachments the malware infects your device. However, when you install anti-phishing solutions to your system, the software intercepts the e-mails and lets you know whether or not the e-mail is safe to go ahead with.
  • Processes smart quarantine- You might be wondering what if your important e-mails are marked as spam or get blocked and never reaches you. However, the anti-phishing solutions provide you with smart quarantine which means it will never mess up with your important e-mails or mark it as junk.
  • Real-time blocking of malicious URLs and links- No matter how aware or experience you are with surfing the internet, one misclick is enough to infect your whole network. Therefore, installing a proper anti-phishing solution will stop you in the first place from loading into malicious webpages or clicking on the links. So now you can safely surf the internet and without worrying about malicious webpages or links.
  • Protects all the devices other than a computer- While a number of excellent solutions are available for protecting your computer; there is a lack of cybersecurity options for your mobile phones. As more and more people prefer using their phones for carrying out most of their activities, having proper security options for your phone is equally important. Anti-phishing solutions come as a good tiding as it includes multiple software for protection of your mobile phone and similar devices as well.
  • Prevention from spoofing- If your website earns a lot of traffic or is gaining popularity, you may be a possible target of phishers. They spoof your website and misuse it under your name. Phishers these days also use a number of spoofing e-mails that you might receive. In such cases, anti-phishing solutions sniff out any incoming spoofed e-mail or help in detecting spoofed websites; decreasing truckload of the responsibility off you.

Some final thoughts

It is an important step for all companies to educate and create awareness among the employer and employees regarding the prevalence of phishing attacks and all the possible techniques used by them to phish their victims. It is equally important for them to provide insights as to how these attacks can affect the company in multiple ways. Having said that, the implementation of only security awareness training is not enough for providing all-round security for the company. Every company must install software which can ensure that any kind of phishing attack can be prevented both at the internal and external level; which gets us to the conclusion that anti-phishing solutions are a must in every company or individual’s modus operandi.