010 001 2960 [email protected]

What is Phishing?

Phishing is an attempt to obtain sensitive information such as usernames, passwords, credit card details, etc. by impersonating a trusted entity using mass emails that attempt to bypass spam filters. Emails impersonating popular social websites, banks, auction sites, or IT administrators are often used to lure the unsuspecting public. This is a form of criminally fraudulent social engineering.

Top Phishing Techniques

There are many different techniques used to obtain personal information from users. As technology advances, so do cybercriminals.

To prevent Internet phishing, users must know how cybercriminals do it.

To prevent Internet phishing, users should have knowledge of how cybercriminals do this and they should also be aware of anti-phishing techniques to protect themselves from becoming victims.

Spear Phishing

Think of spear phishing as professional phishing. While traditional phishing campaigns send mass emails to as many people as possible, spear phishing is more targeted. Hackers have specific individuals or organizations they want to compromise and want more valuable information than credit card details. They research their targets to make their attacks more personalized and increase their chances of success.

Session Hijacking

In session hijacking, phishers exploit web session control mechanisms to steal information from users. In a simple session hacking technique called session sniffing, a phisher uses a sniffer to intercept relevant information and gain unauthorized access to a web server.

Email/Spam

The most common phishing technique is to send the same email to millions of users requesting personal information. These details are used by phishers for illegal activities. Most messages contain urgent notices asking users to update their account information, change their details, or enter their credentials to verify their account. You may be asked to complete a form to access the new service via a link within the email.

Content Injection

Content injection is a technique in which a phisher modifies part of the content of a page on a trusted website. This is done to trick the user into going to a page other than the legitimate her website and prompting the user to enter personal information.

Web Based Delivery

Web-based delivery is one of the most sophisticated phishing techniques. The hacker, also known as the “man-in-the-middle”, sits between his original website and the phishing scheme. Phisher tracks details during transactions between her legitimate website and users. If you continue to share information, phishers will collect it without your knowledge.

Phishing through Search Engines

Some phishing scams involve search engines redirecting users to product pages that may offer low-priced products and services. When a user tries to purchase a product by entering their credit card details, the phishing site collects them. There are many fake banking websites of his that offer credit cards and loans at low interest rates, but they are actually phishing websites.

Link Manipulation

Link spoofing is a technique by which phishers send links to fake websites. When the user clicks on the fraudulent link, it opens the phisher’s website instead of her website mentioned in the link. Hovering over a link to show the actual address prevents users from falling for linking.

Vishing (Voice Phishing)

In voice phishing, phishers call users and ask them to dial a number. The purpose is to obtain personal bank account information over the phone. Vishing is most often done using fake caller IDs.

Keyloggers

A keylogger refers to malware that is used to identify keyboard input. This information is sent to hackers who crack passwords and other types of information. To prevent keyloggers from accessing your private information, secure websites offer the option to type on a virtual keyboard using mouse clicks.

Smishing (SMS Phishing)

Phishing is carried out using Short Message Service (SMS), a phone-based text message service. For example, smishing text attempts to trick victims into providing personal information via links leading to phishing websites.

Trojan

A Trojan is a type of malware designed to mislead users with seemingly legitimate actions that actually allow unauthorized access to user accounts in order to gather credentials about the local computer. The information obtained is sent to cybercriminals.

Malware

Malware phishing scams require malware to be running on the user’s computer. Malware is usually attached to emails that phishers send to users. Clicking on the link will start the malware. Malware can also be attached to downloadable files.

Malvertising

Malvertising is malicious advertising that contains active scripts designed to download malware or force unwanted content onto your computer. Exploitation in Adobe PDF and Flash are the most common methods used for malvertising.

Ransomware

Ransomware denies access to your device or files until the ransom is paid. PC ransomware is malware that is installed on users’ workstations using social engineering attacks to trick users into clicking links, opening attachments, or clicking malvertising .

Website Forgery

Fake websites are created by hackers to look exactly like legitimate websites. The purpose of the fake website is to trick users into entering information that can be used for fraud or further attacks on victims.

Evil Twin Wi-Fi

Hackers use devices like pineapples. Pineapple is a tool used by hackers containing two radios to set up their own Wi-Fi network. They use generic names like AT&T Wi-Fi, which are pretty common in many public places. If you do not pay attention to a network controlled by hackers, information you enter during your session can be intercepted, including: B. Bank Details.

Social Engineering

Users can be tricked into clicking on questionable content for various technical and social reasons. For example, a malicious attachment may look like a work invoice at first glance. Hackers rely on victims not to think twice before infecting a network.

Source: What Is Phishing?

Phishing and Malicious Emails

…Are Still the Primary Initial Attack Vector

According to new data from Acronis, as cybercriminals continue to develop their techniques, they continue to rely on phishing as the most successful proven initial attack method.

In security vendor Acronis’ Mid-2022 Cyberthreat Report, they found that phishing continues to dominate as the preferred initial access method for cyberattacks.

According to the report:

• 1% of all emails are malicious in nature
• Q2 increased by 10% compared to Q1 in the number of malicious URLs identified

Among all the malicious emails:

• 58% of them are related to scams
• 28% contains malware
• 81% are part of phishing campaigns
• The average campaign targets 10 organizations

And the goal?
Based on the data, Acronis claims that leaked or stolen credentials are the cause of nearly half of all breaches reported in the first half of 2022, making it clear that cybercriminals understand the price value of a business credential.

This should clearly focus on the organization’s cybersecurity to prevent its users from falling prey to the social engineering tactics used in phishing attacks. Security solutions are part of the answer, but users themselves must be trained through security awareness training to play the part of a vigilant employee who is always on the lookout for email attacks and searches. Find their credentials on the web.

By enabling users to help prevent these attacks, organizations greatly reduce the threat surface and reduce the likelihood of a successful cyberattack of any kind.

Source: Phishing and Malicious Emails Are Still the Primary Initial Attack Vector

Darkverse emerging from Metaverse

ARN just reported. However, security he provider Trend Micro warned in a recent research report that cybercriminals could abuse the technology for their own purposes. Security researchers predict that a kind of darknet structure could emerge, similar to today’s Internet. Cyber ​​gang conspiracies can even take place in protected rooms that can only be accessed via valid authentication tokens from specific physical locations. This prevents law enforcement from accessing the underground market. In fact, it could be years before the police can operate effectively in the Metaverse.

Possible metaverse threat scenarios
Researchers warn that the Darkverse could become a platform for cyber threats such as:

– Attackers are targeting non-fungible tokens (NFTs), which are becoming increasingly popular as a means of defining ownership in the metaverse for phishing, ransomware, fraud, and other attacks.

– Criminals use the Metaverse to launder money in overpriced virtual real estate and NFTs.

– Criminals and state actors create manipulative narratives that influence vulnerable and vulnerable groups. Social engineering, propaganda, and fake news are having a huge impact on the cyber-physical world.

– Data protection is redefined.  Room operators like the Metaverse have unprecedented insight into user behavior. Data protection as we know it no longer exists.

“The Metaverse is a multi-billion dollar high-tech vision that will define the next internet age. We already have to think about how we can build our own to meaningfully protect society,” commented Udo Schneider, IoT Security Evangelist at Trend Micro.

“Given the high costs and legal challenges, law enforcement will typically struggle to monitor the metaverse for the first few years,” Schneider said. He demands: “The IT security industry must step in now.” Otherwise, “a new Wild West will emerge at our digital front door.” .

Source: https://blog.knowbe4.com/researchers-warn-of-darkverse-emerging-from-the-metaverse

2022 Microsoft Vulnerabilities Report

Now in its ninth year, the Microsoft Vulnerabilities Report provides a unique analysis of the vulnerability landscape in the Microsoft ecosystem.  Each year in the past, the report has provided a holistic overview of vulnerabilities across Microsoft’s platforms and products, making an indisputable business case for the importance of removing administrative privileges to mitigate risk.

Click Here to Read Full Report

Regulations, compliance standards, security best practises and, increasingly, cyber insurance providers dictate that we identify and respond appropriately to the latest threats. Analysing the threat landscape annually can also help your organisation address the problem more effectively. However, implementing an efficient process to effectively combat threats and remediate or mitigate vulnerabilities in a timely manner is a different problem altogether.

B

Cyber Security – General Overview

Although cyber attacks are rapidly growing in volume and sophistication, the fact of the matter is that organizations are still struggling to fight back, but you might ask yourself why do i even bother to learn cyber security basics? I’m already protected and nothing can happen to the company I work for. This is a common misconception since cybercriminals find new vulnerabilities each day and no one can say that they are out of danger, so you can help by understanding the basic cyber security dangers and by staying alert. Please watch the video and slides below for a general overview, and if you need any help, please don’t hesitate to give us a call.

 

A Decade of Technology – 2015

Continuing our 10 year anniversary celebrations, this month we take a look at 2015.

It’s been a great year for tech and the gadget obsessed amongst you have been spoiled for choice. Wearables finally became cool, the usual plethora of app releases kept us focused on our smart devices.

Some other noteworthy events, products and services:

  • Ross Ulbricht, the man behind the website Silk Road, was convicted on February 4.
  • Taking to the skies: A drone from Flirtey made a medical delivery on July 17 and became the first government-approved drone delivery.
  • In March, Facebook released React Native, an open-source JavaScript framework for developing mobile apps on Android and iOS/
  • Google split into two companies on August 10. The new company known as Alphabet is now responsible for Google, Nest, Google Capital, Google Fiber, Calico, Google X, Sidewalk Labs, and Google Ventures.
  • Swift was open-sourced to encourage community-driven development of the language itself.
  • Google announced it discontinued Google Code on March 12. Thousands of the Google open-source products were moved to GitHub.
  • Google launched YouTube Gaming.
  • Apple introduced Apple Music, Apple Pencil, and Live Photo
  • Apple officially released the Apple Watch on April 24.
  • YouTube Music was released on November 12.
  • Microsoft released the Surface Pro 4 and the Surface Book on October 26.
  • The Internet browser Brave was released in 2015.
  • On July 18, eBay spun off PayPal as an independent company.
  • In May, Broadcom was purchased by Avago Technologies Ltd. for $37 billion. After the purchase, the company was renamed to Broadcom Limited.
  • Google made TensorFlow open-sourced for public use in November.
  • After seven years of development PHP 7.0.0 was released in December

Follow us next month to see what happened in 2016.

Anon IT
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful. View Privacy Policy