Cyber crime is likely to increase, despite the best efforts of government agencies and cyber security experts. Its growth is being driven by the expanding number of services available online and the increasing sophistication of cyber criminals who are engaged in a cat-and-mouse game with security experts. With the right level of preparation and specialist external assistance, it is possible to control damages, and recover from a cyber breach and its consequences.
In one of the more bizarre data breaches to surface recently, hackers made off with 6 million accounts for CashCrate, a site where users can be paid to complete online surveys, according to a database obtained by Motherboard. In short, CashCrate connects users to companies that need people to test new products and services, or take part in daily surveys in exchange for cash.
Microsoft has declared that the next major Windows 10 update dubbed Redstone 3, will not have SMB1 protocol. The WannaCry attacks that took down thousands of systems across the world was largely based on SMB1 exploits that were leaked by Shadow Brokers. SMB1 is a file sharing protocol that Microsoft developed in the early 90s which the company has been working to detach for a while now. In fact, Microsoft has already disabled SMB1 for internal builds of Windows 10 Enterprise and Windows Server 2016 which are currently under beta testing.
Email remains the No. 1 threat vector for businesses, with a full 76% of ransomware attacks starting with a malicious message. According to a survey from Barracuda, phishing—and particularly spear phishing—has become a lucrative art. The attackers also do not discriminate based on company size. Email remains one of the most widely used business communications tools, as well as one of the most commonly targeted threat vectors. “Whether you are a mid-sized business with limited staff and resources, or a 10,000-employee organization with a dedicated security team and budget—we are all feeling the impact of these attacks,” said Hatem Naguib, senior vice president and general manager for the security business at Barracuda. He noted that criminals are taking the time to personalize the messages, crafting them to be compelling and convincing.
The ransomware encrypts the Android device’s files and then displays a ransom message imitating the notorious WannaCry malware. Hackers have begun distributing Android ransomware disguised as copies of the popular multiplayer online battle game King of Glory, which has millions of users, security researchers have warned. The malware has prompted “emergency” warnings to be posted on gaming forums and websites in China, security firm Sophos said in an advisory.
Two cyber security companies said they have uncovered a sophisticated piece of malicious software capable of causing power outages by ordering industrial computers to shut down electricity transmission. Analysis of the malware, known as Crash Override or Industroyer, indicates it was likely used in a December 2016 cyber attack that cut power in Ukraine, according to the firms, Slovakian security software maker ESET and U.S. critical-infrastructure security firm Dragos.
Protect Against Spam Emails
Spam has become a major problem for almost every email user. We all need to spend time cleaning away the massive amount of unwanted and unsolicited email messages everyday.
- Install spam filtering/blocking software
Anti-spam software examines incoming email to try and separate spam from legitimate messages. Filtering software can automatically identify and detect spam, or offensive emails, and prevents those messages from reaching your inbox.
- Do not respond to suspicious emails
If you suspect an email is spam, do not respond, just delete it. Do not click on or open any attachments. And do not click on any email links asking to be taken off the sender’s list — sometimes unsubscribe links are phony, and your response only confirms the accuracy of your email address and could result in even more unwanted messages.
- Set up a disposable email address
Have a secondary — or disposable — email address for public use, such as a free web email account. Use that email when you’re registering for web services or signing up for online newsletters. If you like, you can forward these emails to your primary account but spam could get forwarded too. So make sure to activate your secondary email account’s spam filter to catch spam before it’s redirected to your main inbox.
- Create an email name that’s tough to crack
Some spammers use computer programs to guess email addresses. Research shows that email addresses containing numbers, letters and underscores are more difficult to guess and tend to receive less spam.
- View emails in plain text
Spam written in HTML (the code used to create web pages) can contain programs that re-direct your web browser to an advertising page. Images in emails can be adapted to send messages back to the spammer. Spammers use these images to locate active email addresses for future spamming. To play it safe, from your email program’s main menu, select Preferences and choose to read emails in plain text.
- Create a spam filter for your email
Most email programs already have a strong defense against spam. If your email program does not have a junk email filter, create one. Go to your programs main menu, select Preferences and create a filter or Rule. Create a filter that checks for messages that do not include your email address in the “To:” or “CC:” fields, which is a common tip-off for spam. Have the filter transfer possible spam messages to a junk or spam folder. Email filters are not 100% effective, however, so from time to time review the junk or spam folder before deleting messages.
- Do not post links to email addresses on web sites
Spammers use spambots or web spiders to locate email addresses on web pages, so consider not displaying your complete email address on any web site. For instance, instead of John_Doe@c#COMMENT#ENDCOMMENTompany.c#COMMENT#ENDCOMMENTom, publish the email address as John_Doe[at sign]company[dot]com. Other options include displaying email addresses as images instead of text or using contact forms. Contact forms allow web site visitors to send emails to you by filling out a form that never reveals your email address.
- Watch out for those checked boxes
Before signing up for services or newsletters on the web, be meticulous about reading through every option on the registration form. Watch out for text at the end of the registration forms that reads, “YES, I want to be contacted by select third parties concerning products I might be interested in.” Sometimes the checkbox next to the text is already checked, so you’ll need to unselect those boxes.
- Report spam
Most Internet Service Providers (ISP) forbid users from spamming. If you’re getting frequent spam from a sender, try to track down the spammer’s ISP and report the offense. The spammers email address might include the ISP’s name. Or you can forward it to your ISP. If the user is found to have spammed you, the ISP will likely terminate the account. Another option is to file a complaint with the Federal Trade Commission#IF($EnableExternalLinks)(ftc.g#COMMENT#ENDCOMMENTov)#ENDIF. Visit the FTC spam page to file a complaint or forward a suspicious email to the agency for investigation.
Copyright (c) Studio One Networks. All rights reserved.
