October 21, 2022
Three cyber security horrors to avoid with Trend Micro’s Cloud One solution
This Halloween, find out how to avoid the latest cyber criminals’ tricks and protect yourself from threats with Trend Micro and Cloud One.
Petrified of phishing attacks? Shudder at the thought of cyber security bad omens? You’re not alone. According to PwC, 69% of organisations predicted a rise in cyber spending in 2022 compared to 55% 2021. This highlights the urgent issues of streamlining cybersecurity for CISOs, CIOs and their teams. As the need for more stringent cyber security measures increases, it’s an opportune time to support National Cyber Crime Awareness month – a national campaign designed to increase awareness of cyber security and cybercrime issues. Plus, one of the spookiest days of the year happens to fall on the final day of this month – Halloween.
Trick or treat, dare you read on?
With the rise and rise of remote working, these changes mean facing an ever-growing attack surface in the era of the “new normal”. Your security teams must contend with the challenge of defending all possible sections of the IT infrastructure. Here we pick the worst fright night cyber scare stories, which we’ve aligned to some Halloween cinema classics for good measure. Read on and uncover the ghoulish goings on in the outer limits of the internet.
“Cyber-crime is big money, this money flows back into the criminal business, which means the cyber criminals are well equipped, highly trained and beyond everything else innovative. It is this innovation that is truly scary to me. Sometimes as an industry we can take significant steps forward and begin to feel we are winning the fight only for a new type of attack to appear, new way around our controls, or for our digital transformation to have unintended consequences and weakness.
More than ever preventing these threats requires both a best of breed as well as a platform approach, insuring that we a maximise the chance of tackling a particular threat and minimise the chance of something slipping between disparate tools.
It’s for this reason we love Trend Micro and why we back Cloud One to our customers.”
James Holton, Cyber Security Practice Director at Trustmarque
Jaws – Just when you thought it was safe to go back on the internet
You never really knew what was beneath the surface in the 1970s classic, Jaws. Unsuspecting tourists bobbing on the water of a sleepy corner of New England, the ominous soundtrack fills the cinema and the sea’s greatest predator stalks its prey.
Back then, it was man against shark – but in today’s fight against cyber crime the tide has turned and it’s you and your organisation’s reputation against sophisticated phishing scams. These can range from classic email phishing schemes we’ve come to try and avoid, to the more inventive approaches of recent years such as spear phishing and smishing. Recognising a phishing emails is hard. Spotting spear phishing emails is even harder. All have the same purpose – to steal your personal details.
According to Trend Micro , over 90% of targeted ransomware attacks start with a spear phishing attack. They’re often the first port of call for a wave of cyber combat methods. By opting for a (hypothetical) spear, instead of a ‘catch all’ fishing net, these methods are highly targeted to a specific group or type of individual such as a company’s system administrator. Attackers utilise various social engineering techniques that leverage recent events, work-related issues, and other areas of interest pertaining to the intended target.
How to Defend Against Spear Phishing Attacks
When it comes to protecting against spear phishing attacks, here are some best practices to sink your teeth into:
- Be wary of unsolicited mail and unexpected emails, especially those that call for urgency. Always verify with the person involved through different means of communication, such as phone calls or face-to-face conversation.
- Learn to recognise the basic tactics used in spear phishing emails, such as tax-related fraud, CEO fraud, business email compromise scams, and other social engineering tactics.
- Refrain from clicking on links or downloading attachments in emails, especially from unknown sources.
- Block threats that arrive via email using hosted email security and antispam protection.
The Exorcist – The Unwelcome Guest
Just like the ground-breaking 1973 film, The Exorcist, where a young girl plays host to a demonic presence, our unwelcomed guest, malware, lurks in the shadows. It bides its time to embed itself in your systems, playing on your weaknesses to cause maximum impact to your digital footprint, evolving into ransomware.
The full extent of malware’s horror can manifest to include computer viruses, computer worms, ransomware, Keyloggers, Trojan horses, spyware and other examples of malicious software.
Most recently, cyber researcher Leandro Velasco uncovered a new malware/ransomware threat variant, aptly dubbed ‘The Exorcist’. The crux of the virus follows as so – after the installation, the victim’s files on the computer become encrypted and criminals demand paying the ransom, often totaling thousands of Bitcoin. Life is really beginning to imitate art.
Our fright night horrors don’t end there, according to Trend Micro, the first half of 2022 also saw the emergence of advanced persistent threat (APT) groups that employed sophisticated toolkits and expansive infrastructure in their campaigns. At the same time, threat actors continued to turn to commodity malware, integrating older tools and malware into their attack routines for their capabilities and reliability.
Ready to close the door on unwelcome guests?
So, what can you do to get rid of these unwelcome guests, or put them off knocking on your door entirely? Today’s sophisticated threats require a new approach to protecting users, networks, and data centers from becoming ‘the host’. Trend Micro suggests adopting an approach which has a blend of cross-generational threat protection techniques, such as CloudOne and email protection which use the right techniques at the right time.
The Shining – a case of the evil twin(s)?
Stanley Kubrick’s iconic The Shining has gone down in cinematic history for its portrayal of a haunted hotel occupied by evil spirits. Most notably, the scenes of Danny pedaling furiously on his trike through the corridors of Overlook Hotel, away from the ghosts of twin girls. They appear at every turn, in a bid to torment the young boy. But when you consider your own IT estate, could an evil twin have crossed the digital threshold and checked in without your knowledge? *Pedals away at full speed*
As you may know, an evil twin in the world of cyber security is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications. The evil twin is the wireless LAN equivalent of the phishing scam whereby the network infrastructure serves as the main method by which users within an organisation communicate and share information. This makes it a particularly lucrative target for cyber criminals who want to infiltrate the organisation to retrieve data or disrupt processes.
These Man in the Middle (MitM) attacks cause significant damage and disruption, through the following methods:
- Address Resolution Protocol (ARP) Cache Poisoning
- SSL (Secure Socket Layer) and TLS (Transport Layer Security) Hijacking
- Domain Name Server (DNS) Spoofing
A ‘shining’ example of how to protect your network from MiTM attacks requires a multistep approach that combines different mitigation techniques and security solutions.
- Disable auto-connect: Devices with auto-connect often do so via a Wi-Fi’s SSID, meaning it can’t differentiate between legitimate Wi-Fi networks and evil twin ones.
- Avoid public Wi-Fi: If possible, use a personal hotspot or one you’re sure isn’t compromised.
In addition to these best practices, organisations should also look into solutions that can provide multi-layered solutions that can protect the network across all levels.
Ready for the treat?
Written by Julia Bluckert
