Connect with us

Featured

Is someone faking being your CEO?

Fraud in the form of someone impersonating another company’s email address is on the increase. NICK SAUNDERS, Cyber Resilience Expert at Mimecast, explains how to spot these homographs and what we can do about them.

Published

on

When I say the word ‘bat’, what image comes to mind? A flying mammal? A cricket bat?

In English, they call this a ‘homograph’: when two or more words are spelt the same but don’t have the same meanings or origins.

In cybersecurity, a homograph is a lot more sinister. It’s a term given to a type of impersonation attack where an email address or website URL looks legitimate but isn’t. It’s designed to trick people into clicking on malicious links or to fool them into transferring money or sharing sensitive information.

Recent research by Vanson Bourne and Mimecast found that more than 85% of respondents had seen impersonation fraud in the past 12 months, and 40% had seen an increase in this type of attack in the same period. In South Africa, 36% of respondents had seen an increase in impersonation fraud asking to make wire transactions, and 37% had seen an increase in impersonation fraud asking for confidential data.

Despite this growth, many organisations do not have a cyber resilience strategy in place to help them detect, prevent and recover from these types of attacks.

Easy to execute, hard to detect

Homograph attacks are difficult to detect – by both the user and regular email security systems.

To create these lookalike domains, attackers use non-Western character sets or special characters found in Greek, Cyrillic and Chinese, to display letters which, to the naked eye, look identical to the western alphabet. Mimecast.com, for example, looks like мімесаѕт.com in Cyrillic. According to one domain name checker, there are 117 possible Mimecast domains that can be misrepresented with just one character from a non-English alphabet.

These subtle changes are likely to go unnoticed by users. In South Africa, 31% of respondents were not confident that employees could spot and defend against impersonation attacks, which easily and often slip through an organisation’s security systems.

Some 21% of South African respondents were not confident that their organisation’s security defences could defend against impersonation fraud asking for confidential information, rising to 25% for fraud asking to make wire transactions – in line with global trends.

This is because the emails themselves don’t contain malware and the URLs often have legitimate (read: stolen) security certificates.

Is it me you’re looking for?

Website URLs aren’t the only avenues for impersonation attacks; email address impersonation is also on the rise.

These types of attacks are designed to trick users such as finance managers, executive assistants and HR representatives into transferring money or disclosing information that can be monetised by cybercriminals. The email appears to come from someone they trust – a C-suite executive or a third-party supplier that they regularly do business with – and therefore wouldn’t think twice about responding to.

South Africans reported that, in the past 12 months, cybercriminals have attempted to impersonate finance teams (24%), third-party vendors (20%), a member of the C-suite (7%), as well as HR, sales, operations, legal and marketing team members (between 5% and 8%).

Again, these emails do not contain malware, which means they can go undetected by most email security systems. Social engineering attacks such as these rely on our inability to spot anomalies in URLs and email addresses – and the fact that we believe we’re communicating with someone we know.

Know what to do

Cybercriminals have figured out that they can bypass security systems by switching from malware-laden attacks to malware-less impersonation attacks. Now, social engineering meets technical means to put us in the middle of the next evolution of cyber-attacks.

Here are some measures organisations can implement to guard against these types of attacks.

  • Education. When users know how social engineering and spoofing attacks work and then understand they shouldn’t click on links in emails, breach incidents can be drastically reduced. Users should be encouraged to physically type an address into a browser rather than click on a link in an email, even if it was supposedly sent by someone they know and trust. Education and awareness will always be the most important defence mechanisms.
  • Protection. Email security systems are getting better at stopping malware which enter the network through dodgy files and attachments, but few are effective against impersonation attacks. Organisations need a solution that can deep-scan all inbound emails and inspect for header anomalies, domain similarity, sender spoofing and the existence of keywords and suspicious impersonation emails. These can then be blocked, quarantined, or delivered as flagged to alert the receiver of potential risk.
  • Resilience. Having the right threat protection in place is just one part of a robust cyber resilience strategy. Organisations also need to be able to adapt their strategies to stay ahead of attacks, while having the durability to continue with business as usual in the event of an attack, and the recoverability to ensure data and emails are always accessible.
  • Oversight. Often, lax security on a third-party supplier’s side provides an entry point into an organisation’s network. Enterprises should continuously evaluate and manage the security and privacy policies of their suppliers and include security in their service level agreements. They should also perform on-site security assessments with new suppliers before sharing sensitive information.
  • Visibility. Organisations need to know who their vendors are and who has access to company information, and for what reasons. This is even more important now that the EU’s General Data Protection Regulation has come into force and will affect all South African organisations when the Protection of Personal Information Act is finalised.

Thirty-seven percent of South African organisations have suffered data loss because of email-based impersonation attacks in past 12 months. These organisations also reported reputational damage (34%), loss of customers (29%), direct financial loss (17%) and lost market position (19%).

Email continues to be the number one threat to organisations globally and accounts for 96% of all incidents that organisations face.

Clearly, there is an urgent need to work towards a higher standard of email security. Cybercriminals have evolved their attack methods. It’s time the security strategies organisations use to protect their users and their businesses evolve as well.

Continue Reading

Featured

AppDate: Shedding light in our times of darkness

SEAN BACHER’S app roundup highlights two load-shedding apps, along with South AfriCAM, NBA 2K Mobile, Virgin Mobile’s Spot 3.0 and SwiftKey.

Published

on

Load Shedding Notifier

With all the uncertainty about when South Africans will next be plunged into darkness by Eskom, the Load Shedding Notifier tries its best to keep up with Eskom’s schedule. The app is very simple to use. Download it, type an area in and click the save button. The app automatically tells you what load shedding stage Eskom is on, the times you can expect to start lighting candles and for how long to burn them.

Multiple areas can be added and one can switch between the different stages to see how each one will affect a certain area.

A grid status is also displayed, showing how strained the country’s electrical network is.

Platform: Android and iOS

Expect to pay: A free download

Stockists: Visit the store linked to your device

EskomSePush Load Shedding App

EskomSePush does much the same as the Load Shedding Notifier, but allows multiple cities to be tracked. However, they may just want to rethink the name of the app if they want wider respectability.

Platform: Android and iOS

Expect to pay: A free download

Stockists: Visit the store linked to your device

South AfriCAM

South AfriCAM enables users to add branded stickers and frames from popular lifestyle magazine titles to their posts, including Huisgenoot, YOU, Drum, Move!, TRUE LOVE, Women’s Health and Men’s Health. 

In the process, they can earn JETPoints for their social influence: through the app’s built-in JET8 social currency, users are rewarded for their engagement. For every in-app like, comment, and share, users earn JETPoints, which can be used to redeem products online or over the counter across more than 2 500 retail stores in South Africa. Users are additionally awarded JETPoints for cross-posting onto external social media networks.

Platform: Android and iOS

Expect to pay: A free download

Stockists: Visit the store linked to your device

Click here to read about console quality graphics on a mobile phone, Virgin Money payments made easier, and an app that redesigns the keyboard.

Previous Page1 of 2

Continue Reading

Featured

Drones to drive
Western Cape agritech

Aerobotics is set to change how farmers treat their crops by using drones and machine learning, writes BRYAN TURNER.

Published

on

The Western Cape is poised to be a hotbed of innovation in the agritech sector, with drone piloting set to playing a major role in in the tech start-up scene.

This is the view of Tim Willis, chief operating officer of pioneering drone company Aerobotics, a Cape Town drone company recognised as a world leader in agritech.

“Drone piloting is a key skill that feeds into the value chain of the budding 4th Industrial Revolution,” said Willis. “Cape Town and the Western Cape is uniquely positioned to be the melting pot for innovation in the agritech sector, as a leading agricultural exporter and a hub for creative tech start-ups.”

He was speaking at AeroCon, a drone expo organised by Aerobotics and held in Johannesburg this week aimed at providing opportunities for drone pilots to apply their skills in South Africa, and to show how drones are being used to collect data on crops. 

The event was supported by the South African Civil Aviation Authority (SACAA), Wesgro, PROMMAC, MicaSense, and Rectron, among other

“We’re starting to sign up farmers across the country,” said Willis. “It’s exciting because farmers are starting to use drone technology on their farms. When a farmer wants a drone flown, they want it flown [now] so it’s important for us to capture that data as quickly as possible to show that drones are fast and effective.”

According to aerobotics, drone technology can help farmers reduce pesticide use on their crops by up to 30%. The result is environmentally friendly farming, reducing stressed crops and a healthier harvest. 

“We use aerial imagery from drones to recreate a 3D model of every single tree on a farmer’s orchard,” said Willis. “We’ve done this for millions of trees and it starts to give the farmers metrics of what they’re doing. We provide them with the health of the trees, the height, the volume, the canopy area, which enable the farms to make decisions on what to do next.”

Click here to read more about AeroCon and what it offers to those wanting to get into the drone industry.

Previous Page1 of 2

Continue Reading

Trending

Copyright © 2018 World Wide Worx