Risk Visibility HACKERS AREN’T HEROES
In Association With myredfort
Some think that hackers are "cool" and that their spirit of mischief and sneaking is admirable.
PARTNER WITH THE BEST

Please get in touch if you need any advice and we’ll connect you with an expert who can help (we won’t give your details to anyone - we’ll give you a selection to choose from).

If you’d like to know more about any of the technologies mentioned in this article please get in touch.

* by submitting this form you agree to receive other communications from MYREDFORT

Free 90 day trial is subject to systems compatibility and number of users, which will be determined in our pre-qualification process.

But the IT experts who spend a lot of money building business or government networks and systems that connect them would disagree.
For that matter, so would anyone who has ever had their money or identity stolen by a hacker. There's nothing “cool” about it.
WHAT DOES A HACKER LOOK LIKE?

There are four types of hackers:

1. Kids "having fun"

These are adolescents who are essentially Internet vandals and are also known as Script Kiddies.

They use existing computer scripts or codes to hack into computers because they lack the expertise to write their own. They're not looking for more than a few hours of fun messing with websites or networks, but have the ability to cause havoc.

2. Recreational "Hackers"

These are savvy computer users who intrude on networks when they feel, in their minds at least, they have a valid reason to.

They may have a grudge against a certain website or company and take their dislike out by "hacking" or disrupting the website. Or they simply want to use their skills to make easy money.

3. Black Hat “Professional Hackers”

When a computer expert or recreational hacker gets a taste for hacking or enjoys the buzz, he or she will continue to use their skill, often to steal money, or cause maximum disruption and reputational damage.

They use deception to obtain personal information that they will use for many purposes, not least to or demand ransom payments or to trick account owners into handing over bank details. They also might like taking down a big network for "fun."

4. White Hat - "Ethical Hackers"

Ethical hacking (or penetration testing) is the exploitation of an IT system with the permission of its owner to determine its vulnerabilities and weak points.

It’s an effective way of testing and validating an organisation’s cybersecurity vulnerabilities, check incident detection and response process.

Big business

Hackers can be individuals, or part of a team of people employed to find and use personal details for the purpose of building individual profiles to target them for fraudulent purposes. Phishing is big business and can range from small time scams to organisational extortion.

Whether it’s ego or money driven, the effects can be devastating costing businesses £tens of thousands in downtime, reputational damage and non-compliance fines.

Just think about it. If your HR database is breached, your business could be responsible for any impact or loss sustained by one of your employees.

Who Can Be Targeted?

Phishing personas don’t just come from big brands

Most people associate phishing with e-mail messages that spoof, or mimic, banks, credit card companies or other business like Amazon and eBay.

However, they can be made to look like they come from someone a business trades with regularly – or even someone internal to the business such as the CEO or HR department.

These messages look authentic and attempt to get victims to reveal their personal information. But e-mail messages are only one small piece of a phishing scam.

What happens in a Phishing attack?
What happens in a Phishing attack?

01

Planning.

Phishers decide which business to target and determine how to get e-mail addresses for the customers of that business. They often use the same mass-mailing and address collection techniques as spammers.

02

Setup

Once they know which business to spoof and who their victims are, phishers create methods for delivering the message and collecting the data. Most often, this involves e-mail addresses and a Web page.

03

Attack

This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source.

04

Collection

Phishers record the information victims enter into Web pages or popup windows.

05

Identity Theft and Fraud.

The phishers use the information they've gathered to make illegal purchases or otherwise commit fraud. As many 25% of the victims never fully recover

If the phisher wants to co-ordinate another attack, he evaluates the successes and failures of the completed scam and begins the cycle again.

Phishing scams take advantages of software and security weaknesses on both the client and server sides. But even the most high-tech phishing scams work like old-fashioned con jobs, in which a hustler convinces his mark that he is reliable and trustworthy.

What About The Banks?

Banks aren’t obliged to return the stolen cash

Banks are putting more safeguards in place, but aren’t obliged to refund the stolen cash as they are with unauthorised or fraudulent payments on credit and debit cards.

Despite victims being tricked into transferring funds, banks will say the payments were "authorised" and they simply followed the payee's instructions.

Under GDPR compliance rules, businesses face hefty fines if personal data is stolen therefore needs to put safeguards in place.

Improve Your Cyber Security
Fraudsters are able to compromise IT systems, which are often insecure even with measures in place, usually through a phishing attack, gaining access to contact lists.
Take the Test
Education, Education

Tips for improving your company’s cybersecurity.

  • Consider nominating individuals as part of a new leadership team focused solely on cyber protection. These individuals will be responsible for training staff members about the necessary security policies and maintaining open lines of communication with stakeholders.
  • Realise that Mircosoft 365 isn’t enough. Although it’s transformational, it doesn’t come with enough safeguards to deter the criminal fraternity.
  • In the event of a data breach, it’s important to minimise the time it takes to restore your organisation’s sensitive data by regularly backing up your files – ideally off-site in the cloud where cyber-criminals cannot locate the data so easily.
KNOW YOUR PHISH!

Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other forms of communication. Attackers will commonly use phishing emails to distribute malicious links or attachments that can perform a variety of functions. Some will extract login credentials or account information from victims.

Email Phishing

Most phishing attacks are sent by email, where a fake domain is registered that mimics a genuine organisation. The fake domain often involves character substitution, like using ‘r’ and ‘n’ next to each other to create ‘rn’ instead of ‘m’.

Alternatively, they might use the organisation’s name in the local part of the email address (such as paypal@domainregistrar.com) in the hopes that the sender’s name will simply appear as ‘PayPal’ in the recipient’s inbox.

There are many ways to spot a phishing email, but as a general rule, you should always check the email address of a message that asks you to click a link or download a attachment.

Spear Phishing

Spear phishing, describes malicious emails sent to a specific person. Criminals who do this will already have some or all of the following information about the victim:

  • Their name; 
  • Place of employment; 
  • Job title; 
  • Email address; and 
  • Specific information about their job role. 
Whaling

Whaling attacks are even more targeted, taking aim at senior executives. Although the end goal of whaling is the same as any other kind of CEO Fraud - CEO fraud, is when attackers abuse the compromised email account of a CEO or other high-ranking executive to authorise fraudulent transfer of funds to a financial institution of their choice.

Smishing and Vishing

With both smishing and vishing, telephones replace emails as the method of communication. Smishing involves criminals sending text messages (the content of which is much the same as with email phishing), and vishing involves a telephone conversation.

Angler phishing

A relatively new attack vector, social media offers a number of ways for criminals to trick people. Fake URLs; cloned websites, posts, and tweets; and instant messaging (which is essentially the same as smishing) can all be used to persuade people to divulge sensitive information or download malware.

Pharming

As users become wiser to traditional phishing scams, some fraudsters are abandoning the idea of “baiting” their victims entirely. Instead, they are resorting to pharming.

This method of phishing leverages cache poisoning against the domain name system (DNS). Under a DNS cache poisoning attack, a pharmer targets a DNS server and changes the IP address associated with an alphabetical website name. That means an attacker can redirect users to a malicious website of their choice. That’s the case even if the victim enters the correct site name.

About Animal Systems

Partnering with the Best

ASL has been providing IT Security software and hardware solutions that we integrate into our customer's platforms for over 20 years. When you choose ASL you get more than just a supplier, you gain a partner who will always deliver.

Our email security partner, Libraesva, was awarded not one, but two of the top awards at the Computing Security Awards in December 2021, winning both the best email security category and the best email phishing solution.

Computing recognised that Libraesva was best in class against all the top email security providers, which is probably why they are one of the fastest growing email security solutions worldwide.

Working with our skilled engineers who have extensive experience of computer technology for most business sectors, you can depend on ASL to deliver the most up to date and reliable solutions for your applications - on time, within budget and exceeding your expectations.

Together, ASL and Libraesva are a good fit whatever you do, with top customers in any number of sectors.

Other articles in this category
Risk Visibility
+
6 Stages of a Crisis

And getting your business through it: Cyber Security Edition

Friday, May 01, 2020
+
When Office 365 isn’t Secure Enough

When Office 365 isn't secure enough

Thursday, May 07, 2020
+
Is Your Network Secure?

You can’t protect what you can’t see

Friday, May 01, 2020
+
UK and US governments warn on the risks of VPN’s

Alarm bells should be ringing with cyber security teams following recent guidance issued by both UK and US government security experts.

Monday, May 18, 2020
+
Digital Transformation or Digital Disaster

Before Covid 19, many SMB’s and mid sized enterprises were embarking on a journey to workplace automation and a world of greater performance, flexibility and control

Monday, May 18, 2020
+
The threat from within

With more employees now working from home, the risk of breaches has grown exponentially.

Tuesday, June 02, 2020
+
You’re never too busy to stay secure

Tuesday, June 09, 2020
+
Hackers aren’t Heroes

Some think that hackers are "cool" and that their spirit of mischief and sneaking is admirable.

Wednesday, July 15, 2020
+
Half Full

50% of IT leaders don’t know if their cyber security is working

Friday, May 01, 2020
+
An awful lot of pain

Any business feels the pain

Friday, May 01, 2020
Protecting against Microsoft 365 security weaknesses

Libraesva is an award winning email management tool that works seamlessly with Microsoft 365 to protect all your business emails with zero impact on email performance. To address these failings, Libraesva has additional features that work with Microsoft 365 to provide greater security

* by submitting this form you agree to receive other communications from MYREDFORT

Free 90 day trial is subject to systems compatibility and number of users, which will be determined in our pre-qualification process.

You can’t protect what you can’t see

Now there’s a simple ‘plug and play’ solution that takes out the complexity and resource needed to provide the SMB IT team with all the information it needs to take action on imposing threats.

* by submitting this form you agree to receive other communications from MYREDFORT

Free 90 day trial is subject to systems compatibility and number of users, which will be determined in our pre-qualification process.

Secure & affordable remote working with no VPN or VDI

Blackberry Desktop is an alternative to traditional VPN’s, offering secure email, calendar and the ability to edit and share documents with absolute confidence. A world leader in cybersecurity, Blackberry Desktop is available at a fraction of the price of traditional VPN’s and is free to use for 60 days.

* by submitting this form you agree to receive other communications from MYREDFORT

Free 90 day trial is subject to systems compatibility and number of users, which will be determined in our pre-qualification process.

Interested in what you see? Get in touch, and let's start a conversation Get in touch
If you’d like to know more about any of the technologies mentioned in this article please get in touch.