Employee Security Training

Sly phishing attack catching users off guard

admin — Wed, 26 Apr 2017 15:19:37 +0000

You pay close enough attention to the links you click to avoid clicking on something like goolge.com or evrenote.com…right? Because if you’re not, you could end up exposing your computer or smartphone to a host of malware. The newest phishing attack strategy is the worst of all, and can catch even the most astute users off guard.

What are homographs?

There are a lot of ways to disguise a hyperlink, but one strategy has survived for decades — and it’s enjoying a spike in popularity. Referred to as “homographs” by cybersecurity professionals, this phishing strategy revolves around how browsers interpret URLs written in other languages.

Take Russian for example, even though several Cyrillic letters look identical to English characters, computers see them as totally different. Browsers use basic translation tools to account for this so users can type in non-English URLs and arrive at legitimate websites. In practice, that means anyone can enter a 10-letter Cyrillic web address into their browser and the translation tools will convert that address into a series of English letters and numbers.

How does this lead to phishing attacks?

Malicious homographs utilize letters that look identical to their English counterparts to trick users into clicking on them. It’s an old trick, and most browsers have built-in fail-safes to prevent the issue. However, a security professional recently proved that the fail-safes in Chrome, Firefox, Opera and a few other less popular browsers can be easily tricked.

Without protection from your browser, there’s basically no way to know that you’re clicking on a Cyrillic URL. It looks like English, and no matter how skeptical you are, there’s no way to “ask” your browser what language it is. So you may think you’re clicking on apple.com, but you’re actually clicking on the Russian spelling of apple.com — which gets redirected to xn—80ak6aa92e.com. If that translated URL contains malware, you’re in trouble the second you click the link.

The solution

Avoiding any kind of cybersecurity attack begins with awareness, and when it comes to phishing, that means treating every link you want to click with skepticism. If you receive an email from someone you don’t know, or a suspicious message from someone you do, always check where it leads. Sometimes that’s as simple as hovering your mouse over hyperlink text to see what the address is, but when it comes to homographs that’s not enough.

In the case of homographs, the solution is unbelievably simple: Manually type in the web address. If you get an email from someone you haven’t heard from in 20 years that says “Have you checked out youtube.com??”, until your browser announces a fix, typing that URL into your browser’s address bar is the only way to be totally sure you’re safe.

For most, this trend feels like yet another development that justifies giving up on cybersecurity altogether. But for small- and medium-sized businesses that have outsourced their technology support and management to a competent and trustworthy IT provider, it’s just another reason to be thankful they decided against going it alone. If you’re ready to make the same decision, call us today.

Published with permission from TechAdvisory.org. Source.
Sly phishing attack catching users off guard

The post Sly phishing attack catching users off guard appeared first on Employee Security Training.

How to Educate Healthcare Employees to Stop Ransomware

admin — Tue, 27 Dec 2016 16:23:04 +0000

At least 10 hospitals in the United States have been hit with ransomware. One hospital, Hollywood Presbyterian, made international headlines when they paid a $17,000 ransom to unlock critical data.

Hospitals have become a favorite of hackers due to the nature of the data compromised. With most hospitals modernizing and doing away with written internal records the hackers know the effect on day-today operations, which means life or death to some patients, and they use that as leverage.

Our security training courses help hospital employees recognize when cyber criminals are trying to penetrate their networks and avoid locking patient files with crypto-ransomware. We train your employees on the basics of ransomware, email security and Red Flags they need to watch out for to help prevent very expensive attacks like this.

The post How to Educate Healthcare Employees to Stop Ransomware appeared first on Employee Security Training.

Spear Phishing Attack at Pentagon’s Network, Breached 4000 Military Accounts

CPTech Admin — Tue, 20 Dec 2016 23:58:27 +0000

In 2015, the cyber security officials over at Pentagon reported that a spear phishing attack onto the Pentagon’s unclassified Joint Staff emailing system, compromised the email credentials of over 4,000 military and civilian personnel.

Researcher: Sony hackers used fake emails

CPTech Admin — Sat, 10 Dec 2016 15:55:57 +0000

North Korean hackers likely used fake Apple ID emails sent to IT administrators at Sony Pictures Entertainment to steal passwords and logins and gain control of the company’s computer network, according to new research.

Read more here…

The post Researcher: Sony hackers used fake emails appeared first on Employee Security Training.

Ransomware attacks against businesses increased threefold in 2016

CPTech Admin — Fri, 09 Dec 2016 21:10:29 +0000

Kaspersky Lab recorded one ransomware attack every 40 seconds against companies in September.

Ransomware: Hollywood Presbyterian Medical Center in Los Angeles, California

CPTech Admin — Mon, 05 Dec 2016 16:10:48 +0000

In February of this year, Hollywood Presbyterian Medical Center in Los Angeles learned that the hospital was the victim of a ransomware attack that encrypted files on multiple computers. After several days of staff resorting to pen and paper for record keeping, the hospital paid the $17,000 ransom (40 bitcoins) that the attackers demanded.

Whitehead Nursing Home fined £15,000 over stolen computer data breach

CPTech Admin — Thu, 25 Aug 2016 22:15:40 +0000

A nursing home has been fined for a data breach after a computer containing sensitive details about staff and patients was stolen.

Ransomware hackers are targeting U.S. execs

CPTech Admin — Fri, 05 Aug 2016 19:35:28 +0000

https://www.employeesecuritytraining.com/wp-content/uploads/2016/12/malwarebytes-ceo-ransomware.cnnmoney_1024x576.mp4

American businesses are being hit by ransomware at an unprecedented rate — and execs are far more likely to be targeted.

Read the story here…

The post Ransomware hackers are targeting U.S. execs appeared first on Employee Security Training.

21st Century Oncology data breach prompts multiple lawsuits

CPTech Admin — Sat, 23 Jul 2016 16:15:00 +0000

21st Century Oncology revealed in a statement on their website that 2.2 million patients may have had personal information stolen when the company’s system was breached in October 2015.

Ubiquiti fraud: the $46 million cyber crime

CPTech Admin — Thu, 30 Jun 2016 15:40:55 +0000

Last year Ubiquiti revealed in an SEC Form 8-K filing that an incident involving “employee impersonation and fraudulent requests from an outside entity targeting the Company’s finance department … resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties.”

The post Ubiquiti fraud: the $46 million cyber crime appeared first on Employee Security Training.