Category: email

In today’s digital age, where email communication is integral to business operations, the threat of Business Email Compromise (BEC) looms large. BEC attacks are sophisticated schemes where cybercriminals manipulate email communication to deceive employees into transferring money or sensitive information. These attacks often result in significant financial losses and reputational damage. To safeguard your organization against BEC, implementing robust defenses and fostering a culture of cybersecurity awareness are crucial. Here’s a comprehensive guide on how to defend against BEC:

1. Educate Your Team:

Awareness Training: Conduct regular training sessions to educate employees about BEC tactics, such as phishing, spoofing, and social engineering.

Recognizing Red Flags: Teach employees to scrutinize email addresses, grammar errors, urgent re-quests, and unusual payment instructions.

2. Implement Technical Controls:

Email Authentication: Use technologies like SPF, DKIM, and DMARC to verify sender identity and detect spoofed emails.

Advanced Threat Protection: Deploy email security solutions that offer advanced threat detection, sand-boxing, and URL filtering to prevent malicious attachments and links.

3. Establish Secure Procedures:

Verification Protocols: Establish multi-factor authentication (MFA) for accessing sensitive systems or approving financial transactions.

Payment Verification: Implement a protocol requiring verbal confirmation or secondary approval for significant fund transfers or changes to payment details.

4. Enhance Email Security Practices:

Email Filtering: Use robust spam filters and email scanners to block suspicious emails before they reach employees’ inboxes.

Encryption: Encourage the use of email encryption for sensitive information to protect data in trans-it.

5. Monitor and Respond:

Incident Response Plan: Develop and regularly update an incident response plan specific to BEC incidents. Ensure all employees know their roles and responsibilities.

Continuous Monitoring: Implement monitoring tools to detect anomalies in email traffic and unusual behaviors indicating potential BEC attempts.

6. Cultivate a Security-Conscious Culture:

Leadership Support: Foster a culture where cybersecurity is prioritized from the top-down, with leadership actively promoting and participating in security initiatives.

Reporting Channels: Provide clear channels for reporting suspicious emails or incidents promptly, without fear of repercussion.

7. Regular Assessments and Updates:

Security Audits: Conduct regular security audits and vulnerability assessments to identify and mitigate potential weaknesses in your email systems and processes.

Stay Updated: Keep software, security patches, and email systems up to date to protect against known vulnerabilities.

8. Collaborate and Share Information:

Industry Collaboration: Engage with industry peers and share insights about emerging BEC tactics and threats to strengthen collective defenses.

Information Sharing: Participate in threat intelligence sharing platforms to stay informed about evolving BEC techniques and indicators of compromise.

By implementing these proactive measures, businesses can significantly reduce the risk of falling victim to Business Email Compromise attacks. Vigilance, education, and technological defenses work in tandem to create a resilient barrier against sophisticated cyber threats.

Remember, defending against BEC is an ongoing effort that requires continuous improvement and adaptation to stay ahead of cybercriminals’ evolving tactics.

The post Defending Against Business Email Compromise: A Comprehensive Guide appeared first on Cybersecurity Insiders.

As the US Elections of 2024 approach, voters must remain vigilant against a rising tide of cybercrime targeting political donations. Several threat groups are deceiving citizens into donating money purportedly for the elections, which turns out to be fraudulent schemes aimed at financial gain.

A recent study by Trellix highlights the urgency for law enforcement to increase vigilance, noting that hackers are leveraging advanced technologies like GenAI to exploit the November 2024 elections for profit. Notably, groups such as China’s Volt Typhoon and Russia’s Sandworm APT have intensified their malicious email campaigns targeting government sectors. Their objectives range from disrupting the upcoming elections to sowing widespread electoral panic.

These cyber operations often involve spreading ransomware and gathering sensitive intelligence, with sectors like telecom, healthcare, and finance being primary targets.

This alarming trend echoes past concerns about foreign interference in US 2016 elections. Following suspicions of cyber influence, an investigation was launched under the Obama administration, although details were largely obscured after Donald Trump assumed the presidency in January 2017.

Now, the resurgence of malicious email campaigns poses a renewed threat, potentially escalating into broader disinformation campaigns that could sway public opinion.

It is imperative that measures are promptly implemented to safeguard electoral integrity and counter these evolving cyber threats. Awareness and proactive security measures are essential to mitigate the impact of such malicious activities on the democratic process.

The post Malicious emails tricking users to make donations for elections appeared first on Cybersecurity Insiders.

The US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack by the Chinese government that accessed the emails of senior US government officials.

From the executive summary:

The Board finds that this intrusion was preventable and should never have occurred. The Board also concludes that Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations. The Board reaches this conclusion based on:

  1. the cascade of Microsoft’s avoidable errors that allowed this intrusion to succeed;
  2. Microsoft’s failure to detect the compromise of its cryptographic crown jewels on its own, relying instead on a customer to reach out to identify anomalies the customer had observed;
  3. the Board’s assessment of security practices at other cloud service providers, which maintained security controls that Microsoft did not;
  4. Microsoft’s failure to detect a compromise of an employee’s laptop from a recently acquired company prior to allowing it to connect to Microsoft’s corporate network in 2021;
  5. Microsoft’s decision not to correct, in a timely manner, its inaccurate public statements about this incident, including a corporate statement that Microsoft believed it had determined the likely root cause of the intrusion when in fact, it still has not; even though Microsoft acknowledged to the Board in November 2023 that its September 6, 2023 blog post about the root cause was inaccurate, it did not update that post until March 12, 2024, as the Board was concluding its review and only after the Board’s repeated questioning about Microsoft’s plans to issue a correction;
  6. the Board’s observation of a separate incident, disclosed by Microsoft in January 2024, the investigation of which was not in the purview of the Board’s review, which revealed a compromise that allowed a different nation-state actor to access highly-sensitive Microsoft corporate email accounts, source code repositories, and internal systems; and
  7. how Microsoft’s ubiquitous and critical products, which underpin essential services that support national security, the foundations of our economy, and public health and safety, require the company to demonstrate the highest standards of security, accountability, and transparency.

The report includes a bunch of recommendations. It’s worth reading in its entirety.

The board was established in early 2022, modeled in spirit after the National Transportation Safety Board. This is their third report.

Here are a few news articles.

EDITED TO ADD (4/15): Adam Shostack has some good commentary.

This is a newly discovered email vulnerability:

The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. All that email was supposed to achieve was being forwarded to you. However, the moment the email appeared in your inbox, it changed. The innocent pretext disappeared and the real phishing email became visible. A phishing email you had to trust because you knew the sender and they even confirmed that they had forwarded it to you.

This attack is possible because most email clients allow CSS to be used to style HTML emails. When an email is forwarded, the position of the original email in the DOM usually changes, allowing for CSS rules to be selectively applied only when an email has been forwarded.

An attacker can use this to include elements in the email that appear or disappear depending on the context in which the email is viewed. Because they are usually invisible, only appear in certain circumstances, and can be used for all sorts of mischief, I’ll refer to these elements as kobold letters, after the elusive sprites of mythology.

I can certainly imagine the possibilities.

The British Ministry of Defence (MoD) has been fined £350,000 for recklessly causing a data breach that exposed the personal details of citizens of Afghanistan who were seeking to flee the country after the Taliban took control in 2021. Read more in my article on the Hot for Security blog.

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced the results of its Q1 2023 top-clicked phishing report. The results include the top email subjects clicked on in phishing tests and reflect the shift to IT and online service notifications such as laptop refresh or account suspension notifications that can affect end users’ daily work.

Phishing emails continue to be one of the most common methods to effectively perpetuate malicious attacks on organizations around the globe. Cybercriminals are always refining their strategies to stay one step ahead of end users and organizations by changing phishing email subjects to be more believable. They prey on emotions and aim to cause distress or confusion in order to entice someone to click. Phishing tactics are changing with the increasing trend of cybercriminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts and more. These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed.

Holiday phishing email subjects were also utilized this quarter with incentives such as a change in schedule, gift card and spa package giveaway used as bait for unsuspecting end users. Tax-related email subjects became more popular as the U.S. prepared for tax season in Q1.

“Cybercriminals are constantly increasing the damage they cause to organizations by luring unsuspecting employees into clicking on malicious links or downloading fake attachments that seem realistic,” said Stu Sjouwerman, CEO, KnowBe4. “Emails that are disguised as coming from an internal source such as the IT department are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as skeptical. Building up an organization’s human firewall by fostering a strong security culture is essential to outsmart bad actors.”

To download a copy of the Q1 2023 KnowBe4 Phishing Report infographic, visit here.

The post KnowBe4 Q1 Phishing Report reveals IT and online services emails drive dangerous attack trend appeared first on IT Security Guru.

If your email account gets hacked, the first thing to do is to contact the email services provider and inform them about the compromise. One can use the security question that was used at the time of registration to regain control over the account via a recovery service/procedure.

Since an email compromise can lead to identity theft, better watch for any kind of other account takeovers, as people use the same username and password across all services provided by a single service provider. Like Google, where one account compromise can leak data from drive, Gmail, photos, videos and such…

And once you gain control over the compromised account, check what all devices are connected to it and whether all of them belong to your ownership. Like smart TV, smart phone etc.…

The very first thing to do is to change the password as quickly as possible and use an alpha-numeric password that is tucked between one or two special characters. Better if you craft the password that is over 12 characters and by far.

Notify those on the contact list and specify to them that the account was compromised on so and so date and if at all they received any mail communication after that date, ask them to ignore the content and subject-lines.

Enable a 2FA and use a smart phone, or a physical key or a printed code to get access to the account.

Deploy a security solution for sure on the device and enable an automated scan once a day or at least in a week.

Monitor your social media accounts and banking transactions, as email compromise can also lead to other issues.

 

The post What to do if an email account gets hacked appeared first on Cybersecurity Insiders.

Can you remember your first email? Either sending one, or receiving it? I certainly remember explaining to people what email was, and I also remember someone telling me they could live without their email server for “about a month before it becomes a problem”. Can you imagine that now? A month without email? Emails are […]… Read More

The post Email and cybersecurity: Fraudsters are knocking appeared first on The State of Security.

With how much of our personal and professional lives take place online, it becomes more important each day for us to understand our vulnerability to cyberattacks. Cybercriminals target emails, domains, and accounts in order to impersonate identities and scam consumers and businesses alike. In 2021 alone, email spoofing and phishing increased by 220% and caused […]… Read More

The post Email Fraud in 2022: What you Need to Know appeared first on The State of Security.

Cybercriminals reportedly hacked UK’s National Health Service, shortly dubbed NHS to launch over 1000 phishing emails from the compromised servers. This incident was discovered by a research firm named Inky and it confirmed that the illegal access to the servers was carried out for a time frame of six months ending in March this year.

Inky researchers claim NHS servers might have been compromised around October last year and the fraudulent access to email servers and exploitation ended in March 2022 and was discovered in April this year.

The reason for the end of March 2022 is the fact that the healthcare services provider conducted an annual audit on its security systems and immediately blocked fraudulent access to the servers.

Cybersecurity Insiders learned that the email accounts of about 139 employees were compromised in the incident, leading to the generation of 1157 phishing emails from NHS email boxes.

The aim behind the campaign was simple- to collect credentials, mainly those related to Microsoft from the employees of NHS and use them in brute force attacks.

It is still unclear whether the stolen details were used in other campaigns to access the computer networks of companies fraudulently.

Note 1- NHS reacted to the news on an immediate note and apparently denied any such incident taking place on its servers. It added that it has the right tools to monitor and proactively mitigate such risks and is being done in collaboration with its partners.

Note 2- In the year 2020, a media resource leaked to the world that NHS was selling data of millions of its patients to pharmaceutical companies operating in the USA and in other parts of the world. This includes patients’ medical histories and treatment that is been given to them…..isn’t that concerning?

 

The post NHS Email Servers used for Phishing Attacks appeared first on Cybersecurity Insiders.