Inside TDV - The Data Vault Blog
Advanced Phishing Catching Users Off Guard
Phishing is the term used when malicious attackers utilize social engineering techniques to bait users into compromising their own systems. This strategy has been around for a long time (dating back to the first days of the internet), but cybercrimminals are now turning to document-based malware as everyday people wise up to malicious email attachments and web links.
Recent studies have shown that while only 1 in 200 participants (0.5%) would open an email attachment and 70% would click on a web link, 98.5% would open a document file (such as Microsoft Word or Adobe PDF); failing to realize these could be a vector for network infection. “Most people do not think of document files as being a security risk, which is why we are seeing a massive shift to using malware embedded in documents to launch attacks,” James Lyne, global head of security research at Sophos said, adding that he recently received an email that appeared to be from someone he knows asking to meet up and accompanied by malicious document file. To entice him into opening the document, the spoofed email said: “Please check my itinerary and let me know when we can meet.”
Another rising threat involves unsecured Wifi networks. Attackers continue to take advantage of organisations’ poor patching practices and employees’ bad wireless habits, leading to new vulnerabilities as techniques become more sophisticated. Many successful attempts use exploits that have been patched up to three months before, and an experiment in New York showed that no-one read the licence agreement for a Wi-Fi hotspot set up by researchers before connecting.
In either of these cases, knowledge is the best defense. New ways of gaining unauthorized access are being developed all the time, but by staying informed you can mitigate their effect on your organization. Install software updates as they become available, don’t click on anything sent through email without verifying it’s authenticity first, and keep vigilant for changes in the online environment. Questions? Contact us and one of our experts will be happy to answer any that you may have about information management!