Too often, organizations gloss over the importance of cyber security in the workplace. As technology has advanced, the lack of end user cyber security awareness has become a leading cause of breaches in modern organizations. It’s important to understand, cyber breaches can happen to anyone, anywhere, at any time. In his monthly security webinar, Bruce Ward, VP of Business Strategy, explains how and why.
In 2019’s final installment of This Month in Cyber Security, Bruce discussed phishing, patching, and ransomware. Read below to catch a summary of each topic!
According to Akamai, a credible website hosting and DNS reporting company, about 56% of phishing sites use Google Analytics to generate targets and build better campaigns. The sites use Google Analytics to gather precise information about their audience. With the help of AI, capturing popular searches by area, industry, and vertical, they can build a nearly flawless campaign for their targets. Read the full story here.
Two common tactics are:
- User Impersonation: spoofing the identity of a user to trick another user into providing their credentials, payment, or company data.
- Domain Impersonation: spoofing the email domain of a trusted company to trick an employee or user to give up their credentials and/or send them important company info or payments.
The solution: Microsoft Office 365 ATP, you can learn more about it here.
This month on Patch Tuesday, Microsoft announced 74 flaws that needed to be resolved. The good news, only 15 of those flaws were critical. These critical flaws related to Windows Hyper-V, Adobe, Google Chrome, and Windows 7, just to name a few. You can read the overview of these patches here.
A major cause for concern is on addressing the issue of BlueKeep. Originally, the patch was addressed in April, however, BlueKeep is changing. What we have seen is, it is able to create wormable, self-spreading malware. This malware is used to cryptomine data on Windows 7, Windows Server 2008, and Windows Server 2008 R2. You can read more about BlueKeep here.
As the most profitable method of attack and one of the toughest to catch, Ransomware has been front and center this entire year. Cyber criminals spread its availability to other criminals via service offerings.
The new service being offered is known as Ransomware as a Service (RaaS). This service offers ransomware bots that are sold to individuals, ready to deploy. When deployed, it will run as a normal ransomware attack that attempts to infiltrate a victims network. Learn the full scope of RaaS here.
For the full list of stories and slide deck download the PDF version here.
Want to watch the webinar on-demand? Click the video below!
Peters & Associates engineers are dedicated to securing your network, with 24/7 monitoring and support, our Managed Services and Managed Security Services will never leave you guessing. Want to put your network or employees to the test? Ask us about our free Phishing Test, Vulnerability Scan, and Security Review for Office 365. Call us at 630.832.0075 or send an email to firstname.lastname@example.org to get started!