Skip to main content
All Posts By

admin

The alarming surge of phishing and how to protect your business

By Featured, Uncategorized

BLOG

The alarming surge of Phishing and how to protect your business

The threat of phishing is escalating. Statista reported that there were over 1.62 million unique phishing sites globally in Q1 2023, over 50% higher than the same period in 2022. On top of that, a 2024 survey involving 500 cybersecurity experts indicates a staggering 94% of organizations have faced phishing attacks.

Almost 80% of organizations faced financial implications due to phishing, with 64% experiencing direct monetary loss. Of these incidents, 74% led to disciplinary actions against employees.

Businesses typically spend about 11 months recovering from a phishing attack. With such implications, phishing has now become the primary method for initiating breaches (16%), surpassing stolen credentials (15%), according to data retrieved by IBM. The 2023 data also revealed that data breaches cost an average of over $4.5 million.

Types of phishing attacks

Phishing attacks come in various forms. Each of these has its own distinct characteristics. Here are some common types:

  1. Email Phishing: The most common type, where attackers send fraudulent emails resembling those from reputable sources. These emails aim to trick recipients into revealing sensitive information, such as passwords or credit card numbers.
  2. Spear-Phishing: A targeted form of phishing. Attackers personalize emails to specific individuals, often using personal information for authenticity. The goal is to steal data or install malware on the target’s device.
  3. Whaling: A specialized spear-phishing attack targeting high-profile individuals like executives. Whaling attacks often involve crafting highly sophisticated emails that address specific business concerns or personal interests of the target.
  4. Smishing (SMS Phishing): This type of phishing attack uses text messages instead of emails. Smishing messages often create a sense of urgency, prompting recipients to disclose personal information or click on a malicious link.
  5. Vishing (Voice Phishing): Conducted via phone calls. Attackers pretend to be from legitimate organizations, seeking personal or financial information. They often use fear tactics, like threatening legal action.
  6. Quishing: This involves the use of fake or manipulated QR codes whereby hackers carry out fraudulent activities, such as malware spreading or taking personal information.
  7. Pharming: Here, attackers redirect users from legitimate websites to fraudulent ones. This is typically achieved by exploiting vulnerabilities in DNS servers.
  8. Clone Phishing: Involves creating a nearly identical replica of a legitimate email with a safe attachment or link replaced by a malicious one. It often claims to be a resend or updated version of the original.
  9. Angler Phishing: Uses social media platforms for attacks. Fraudulent social media posts or messages, often pretending to be customer service accounts, aim to extract personal information from victims.

Well-known cases of phishing

Deepfake video attack

A multinational company recently lost $26 million after a Deepfake fooled employees, fabricating representation of the CFO and others. The scammers convinced the victim to make a total of 15 transfers to five different Hong Kong bank accounts, according to reports. The company attacked has not been identified.

Colonial Pipeline attack

In May 2021, the Colonial Pipeline ransomware attack starkly demonstrated the real-world impact of cyber attacks. The attack disrupted fuel supply across the East Coast of the United States. The breach, which likely began with a phishing email, compromised the company’s business network and billing system. Despite Colonial Pipeline paying about $4.4 million for a decryption key, the ripple effects were far-reaching.

The shutdown, lasting a week, halted the delivery of around 20 billion gallons of oil valued at about $3.66 billion. This incident spiked petrol prices and left over 10,000 petrol stations without fuel even after operations resumed. CEO Joseph Blount, in an interview with The Wall Street Journal, acknowledged the wider economic toll and defended his controversial decision to pay the ransom. This attack ranks as one of the most financially devastating phishing incidents ever.

NotPetya Malware attack

June 2017 saw the onset of NotPetya, a catastrophic cyber attack that rapidly spread across more than 60 countries. Originating as a supply chain attack through Ukrainian accounting software, NotPetya targeted Windows-based systems, encrypting hard drives and demanding ransoms. Unlike typical ransomware, NotPetya, likely a state-sponsored Russian wiper malware, rendered data irretrievable. This caused unprecedented damages exceeding $10 billion. Major companies like Maersk, Merck and FedEx suffered immense losses.

Sony Pictures attack

In November 2014, Sony Pictures fell victim to the ‘Guardians of Peace’ hacking group. The attackers gained access through phishing emails, eventually leaking 100 terabytes of sensitive data. The emails, disguised as communications from Apple, deceived top executives into providing their credentials on a fake website. This breach not only exposed employee and film information but also included a demand to withdraw “The Interview” under threats of violence. The total damages to Sony Pictures from this cyberattack were estimated to exceed $100 million.

Facebook and Google scam

Evaldas Rimasauskas, a Lithuanian man, orchestrated a cunning business email compromise (BEC) scam against Facebook and Google, defrauding them of over $100 million. Between 2013 and 2015, Rimasauskas and his associates created convincing forged email accounts. They pretended to be Quanta Computer, a real vendor for both tech giants. Through elaborately crafted phishing emails containing bogus invoices and contracts, they deceitfully billed millions of dollars. The scam resulted in these companies transferring the funds to Rimasauskas’ sham company accounts spread across multiple countries.

FACC business email compromise attack

In 2016, FACC, an Austrian aerospace manufacturer, was hit by a severe BEC attack. Impersonating the CEO, attackers convinced an employee to transfer roughly $50 million for a fake acquisition project. While $10 million was salvaged at the last minute, the company still suffered significant financial damage and the CEO was subsequently dismissed.

Tips to combat phishing

Phishing poses a significant threat to businesses of all sizes. However, companies can effectively combat this pervasive cyber threat through a blend of technological solutions, employee education and vigilant practices. Here’s what businesses can do to combat phishing:

  1. Recognize phishing scams: Stay informed about new phishing techniques and their common features. Regular updates and training can help you identify these threats early.
  2. Provide security awareness training: Technical defenses alone can’t stop phishing. Educate employees about phishing dangers and teach them to report suspicious activities. Regular simulated phishing exercises can test and enhance your team’s readiness.
  3. Strong passwords and Two-Factor Authentication: Encourage unique, complex passwords for each account and discourage password sharing. Implement two-factor authentication for an added security layer.
  4. Heed update alerts: Don’t ignore software update notifications. These updates often contain vital security patches protecting against the latest cyber threats.
  5. Be careful with emails and links: Avoid emails and links from unknown sources. Verify links by hovering over them and avoid clicking unless sure of their safety.
  6. Avoid unsecured websites: Don’t share sensitive information on websites without HTTPS encryption or a visible security certificate. There is a closed padlock icon on the URL bar when the website has HTTPS certification.
  7. Ignore pop-ups: Pop-ups can be phishing attempts. Use ad-blockers to prevent them and avoid clicking on any that slip through.
  8. Regularly change passwords: Regularly updating your passwords can prevent ongoing unauthorized access, especially if your accounts have been compromised without your knowledge.
  9. Deploy Anti-Phishing tools: Use anti-phishing technologies to block fraudulent sites and emails. Combine desktop and network firewalls for comprehensive protection from external threats.

SafeBait: How C8 Secure can help

Partnering with C8 Secure can significantly enhance your company’s defense against phishing attacks. Our SafeBait service offers a comprehensive, managed solution that focuses on both technological and human elements. Our key features include:

  1. Simulation: Customized simulations help combat various social engineering threats. Our Phishing Simulator offers AI-driven scenarios in over 160 languages. We also have an Email Threat Simulator that strengthens email gateways against cyber attacks.
  2. Awareness training: Focusing on the human element, C8 Secure’s training includes MFA, Smishing, Vishing and Quishing Simulators. These simulate real-life scenarios and enhance staff’s ability to identify and respond to threats. On top of that, a Security Awareness Training Platform with interactive modules fosters a security-conscious culture.
  3. Threat sharing: C8 Secure’s Threat Sharing Platform allows for a collaborative defense ecosystem, where clients exchange threat intelligence. This unique approach allows our ecosystem to improve its collective security measures.

Choose C8 Secure’s SafeBait for advanced, all-around defense against phishing. Our simulations, awareness training and threat-sharing platform build a secure, informed company environment. Get in touch today info@c8secure.com.

RECENT POSTS

A year in review: Cybersecurity trends and challenges in 2023

17 November, 2023

The year 2023 marked a significant evolution in the cybersecurity landscape as it adapted to an array of emerging digital threats.

READ MORE

DOWNLOAD BROCHURE

For more information, please download our solutions brochure

Let’s Get Started


The rise of GoldFactory: Addressing mobile threats with C8 Secure’s Mobile Protect

By Uncategorized

BLOG

The rise of GoldFactory: Addressing mobile threats with C8 Secure’s Mobile Protect

Craig Lusher, Product Principal [Secure Solutions], discusses the recently uncovered iOS Trojan designed to steal users’ facial recognition data, identify documents, and intercept SMS.

In an era where digital threats are increasingly sophisticated, the discovery of the GoldFactory iOS Trojan, as reported by Group-IB, underscores a critical challenge for businesses and individuals alike. This advanced iOS Trojan, designed to infiltrate iPhones through malicious applications, represents a significant escalation in the cyber threat landscape, particularly for users who assume iOS devices are immune to such risks.

The Trojan, named GoldFactory, exploits a method that bypasses Apple’s stringent app review process, enabling cybercriminals to distribute their malicious software via seemingly benign applications. Once installed, GoldFactory can execute a range of malicious activities, from stealing sensitive facial biometric information to executing phishing attacks, posing a substantial risk to data security and privacy.

C8 Secure’s response with Mobile Protect

In response to evolving mobile threats like GoldFactory, C8 Secure’s Mobile Protect service stands as a defence against mobile cyber threats. Our solution is designed to safeguard iOS and Android devices against a wide spectrum of cyber attacks, including sophisticated Trojans, malware, and phishing schemes.

Mobile Protect leverages cutting-edge technology to provide real-time threat detection and response, ensuring that even the most advanced Trojans, such as GoldFactory, are identified and neutralised before they can inflict harm. The service employs a multi-layered security approach, combining endpoint protection with continuous monitoring and threat intelligence, to offer comprehensive protection for mobile devices.

Addressing Business Challenges

The advent of Trojans like GoldFactory presents significant business challenges, from the risk of data breaches and financial loss to reputational damage. C8 Secure’s Mobile Protect service directly addresses these challenges by:

  1. Ensuring data privacy and security: Mobile Protect guards sensitive data against unauthorised access and theft, crucial for maintaining customer trust and complying with data protection regulations.
  2. Enhancing operational resilience: By safeguarding mobile devices against cyber threats, businesses can ensure uninterrupted operations, protecting against the downtime and financial losses associated with cyber attacks.
  3. Supporting compliance efforts: Mobile Protect aids businesses in meeting compliance requirements, like GDPR, offering peace of mind in an increasingly regulated digital environment.

The detection of the GoldFactory iOS Trojan serves as a stark reminder of the evolving cyber threat landscape and the need for robust security measures. C8 Secure, through its Mobile Protect service, offers an effective solution to these challenges, providing businesses and their mobile users with the highest level of protection against mobile cyber threats.

As cybercriminals continue to innovate, the importance of proactive and comprehensive security measures cannot be overstated. With Mobile Protect, C8 Secure reaffirms its commitment to securing the digital frontier, ensuring that businesses can operate with confidence in a connected world.

RECENT POSTS

A year in review: Cybersecurity trends and challenges in 2023

17 November, 2023

The year 2023 marked a significant evolution in the cybersecurity landscape as it adapted to an array of emerging digital threats.

READ MORE

DOWNLOAD BROCHURE

For more information, please download our solutions brochure

Let’s Get Started


5 Steps to Reduce Your Risk of a Ransomware Attack

By Uncategorized

BLOG

5 Steps to Reduce Your Risk of a Ransomware Attack

Listening to the news, you would be correct in being concerned about the extreme levels of ransomware attacks across the world. And, more importantly, whether your company is prepared to weather such an attack. To help address those concerns, Leon Allen, Cybersecurity Director at C8 Secure (www.c8secure.com), lists 5 key steps that companies can take to reduce their risk of a ransomware attack:

  • Take Inventory “We don’t know what we don’t know”

Whilst this may sound simple, you would be very surprised to learn how organizations are directly infiltrated and exposed by simply not understanding what assets are within their enterprise. This starts from unsecured endpoints (such as laptops, switches, servers etc.) through business applications hosted in the cloud or in a data center.

To help with taking inventory, tools like asset discovery scanning and automated vulnerability scanning can be used. Furthermore, other good housekeeping measures involve reviewing your change management procedures, running a report on administrator accounts, verifying firewall rules, and validating VPN accounts.

  • Define Risk “An ounce of prevention is worth a pound of cure

It’s important to not get caught saying “I really wish I would have spent a few more security dollars”. Whilst it’s very much understood that security budgets are only typically increased following an incident, the level of threat in the world should help us all justify greater security investment.

Where you spend resources should be commensurate with your risk. If we don’t know the risks, it’s very hard to justify the application of those resources. Risks such as loss of revenue, regulatory concerns, impact to operations, your reputation, penalties, fines, contractual obligations, and data protection obligations need to be understood for your business.

Take stock of your data and cyber footprints and focus on the risks and cost to business that are applicable to you.

  • Educate “To be armed is to be forewarned

To make decisions on technical solutions that can help mitigate risk, we need to arm ourselves with an understanding of the available cybersecurity solutions out there, including how those solutions compare. This naturally leads into decisions around whether you bring this solution in-house or whether you outsource to a Managed Security Solutions Provider (MSSP).

Crucial from an education perspective, is the end users. This is still the most direct path in avoiding the proliferation of malware within your organisation. When combined with an effective security event monitoring and ransomware controls solution, providing regular security awareness training can go a long way in mitigating the likelihood of a ransomware attack.

  • Plan “Security is a journey not a destination

Far too many idioms that can be used here (and I’ll try and avoid using the classic ‘Rome’ one). Essentially, we are not going to solve every problem in a single instance. Use the risks identified in step 2 and prioritize. Tackle the list over time. It’s crucial at this stage to ensure you have security representation at a board level to ensure you have the required backing to address those risks.

  • Execute

The time has come to execute your plan and start mitigating those risks. It’s critical that when you execute you are also testing, measuring, and quantifying along the way. Continually ask yourself the following questions:

  • Was this investment worth it?
  • Can I do this more cost effectively by outsourcing?
  • Were other gaps/risks exposed?
  • Was the result intended?

To keep your risks low, and returning to the adage that “security is a journey, not a destination”, it’s time to rinse and repeat steps one through five.

And remember, if you’re ever feeling overwhelmed, there are a multitude of companies out there who can help you. They would like nothing more than to have a conversation with you on how best to reduce your risk.

About the Author: As C8 Secure’s Cybersecurity Director, Leon oversees the full spectrum of security services including advanced cyber defense, applied cybersecurity solutions, and managed security services. Leon also leads the security innovation program, which discovers and delivers new and innovative cybersecurity technologies. He is a highly experienced IT professional with 17 years’ experience in the industry and holds a BEng degree in Software Engineering and a first-class Information Security Master’s Degree from City University, London.

RECENT POSTS

5 Steps to Reduce Your Risk of a Ransomware Attack

23 Feb, 2023

Listening to the news, you would be correct in being concerned about the extreme levels of ransomware attacks across the world. And, more importantly, whether your company is prepared to weather such an attack.

READ MORE

DOWNLOAD BROCHURE

For more information, please download our solutions brochure

Let’s Get Started