February 13, 2015 by

How to Defend Your Business Against Social Engineering Scams

We hear the term “Social Engineering” quite often nowadays and we have recently even written about its basics. That encompassed a wider area, including various forms of it, but most of them were not related to cybersecurity. In this article, we’ll have a look at how phishing together with ransomware and a bit of social engineering is used by criminals to blackmail unsuspecting victims and what can be done to prevent you from falling victim to these crooks.

PHISHING

Phishing has become a big player in malware attacks in the last few years and proving this type of social engineering hard to overcome. Attackers usually send well-crafted emails with seemingly legitimate attachments that carry a malicious payload. These aren’t the typical “Nigerian Prince” scammers, but rather sophisticated hacking groups with sufficient time and funding who launch these exploits. They usually hide behind a Tor network or the like and become hard to find, especially when they are backed by organized crime who use this as a source of income.

RANSOMWARE

In the recent years, we’ve seen a dramatic increase in the use of ransomware being delivered alongside phishing emails. They usually send an attachment such as “URGENT ACCOUNT INFO” with a file extension of “.PDF.zip” or “.PDF.rar,” which slips by the unsuspecting victim and delivers the payload. This attack often encrypts the entire hard disk (some of the less damaging forms simply block your access to the computer, but do not encrypt – such as this example), or the documents and requires a bitcoin payment to unlock. Luckily, these groups actually do unlock the data, this way future victims are more likely to pay.

What can you do to minimize the chances of yourself as an individual of falling a victim to these dirty schemes? Here are a few steps you can take:

  • DO NOT open emails in the spam folder or emails whose recipients you do not know.
  • DO NOT open attachments in emails of unknown origin.
  • Use a reputable antivirus software – we recommend Kaspersky, which ranked the highest in our tests.
  • Perform a regular backup to an external medium (external hard drive or the cloud)
  • After backing up, disconnect your drive. Current ransomware is known to encrypt your back up drive as well.
  • DO NOT pay the ransom. The reason why the criminals keep utilizing this form of blackmailing attacks is that people keep paying. To try to get your data back, consult a professional in your area.

What can your company do to prevent being victimized by these types of attacks?

  • Humans need to be trained – they are the weakest link. Companies should employ at minimum a bi-annual training geared towards each user group (end-users, IT staff, managers, etc.) so that everyone is aware of the latest attacks.
  • Employees should be tested by having an outside party conduct a social engineering test, like something from Rapid7 or LIFARS. These kinds of tests help keep the employee on their toes and more likely to avoid the attacks.
  • Since these attacks are on the rise, a number of new defenses have been developed. AppRiver is a great Spam and Virus email filter that can block a large number of phishing exploits before they even reach the internal servers.
  • If they happen to get through, Kaspersky Labs has an excellent endpoint protection system that can block even the latest malware, and recently they just released a video showing how they prevented a Ransomware attack from being successful.
  • As a last line of defense, Cyphort has a good IDS/IPS solution that can help detect known attacks and how far they managed to get into the network by signature, behavior, and by community knowledge.

 

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Security Researchers Uncover ‘World’s Most Powerful Android Spyware’

Security researchers at Kaspersky have uncovered a new form of Android spyware with capabilities...

Read more arrow_forward

Hackers Steal $400,000 of Cryptocurrency in DNS Hijack

Unknown hackers have hijacked the DNS server for web-based wallet application BlackWallet, an online...

Read more arrow_forward

Intel Scrambles and Fumbles to Issue Patch for Chip Flaws

Intel has reportedly advised computer makers and cloud service providers to refrain from using Intel...

Read more arrow_forward