SOMETIMES there's a misconception that it’s only vulnerable people who are caught out by cybercrime. Of late though, a number of very astute local businesses have been victims of devious online scams.
Generally, these involve an individual in an organisation receiving and opening an email that they assume is safe, but which is anything but. This then triggers a process that allows cyber criminals access to company data, or the individual perhaps follows instructions based on the mistaken belief that it is from a genuine source.
One of the more common examples of this is ‘spear phishing’. This is a very targeted and involves top executives being impersonated, with financial losses often the result of the activity. Historically, phishing scams were a more scattergun approach but they have become much more refined. The intent is often to steal intellectual property, financial data, business secrets and other confidential data, but more recently specific directions to transfer money out of the company electronically have become the norm.
This is how it works: An email arrives, apparently from the managing director of the company convincing the unknowing recipient to carry out specific instructions with very tight timelines. The email is ‘spoofed’ in such a way that it looks and feels genuine and it is often sent to a member of the finance department who has responsibility for making electronic banking payments.
The failure in the system for businesses is that most employees do not realise that it is very easy to send a fake email that looks like it has been sent by your boss.
These cyber-criminals employ individually-designed approaches and social engineering techniques to effectively personalise messages. That enables cyber-criminals to manipulate finance staff to either steal the data they need in order to attack their networks or force the staff to actually transfer funds to the cyber criminals.
Ransomware is another type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Some ransomware encrypts files (called Cryptolocker).
The ransom prices vary, ranging from a few pounds to hundreds of pounds. It is important to note, however, that paying for the ransom does not guarantee that users can eventually access the infected system.
Users may encounter this threat through a variety of means. Ransomware can be downloaded by unwitting users visiting malicious or compromised websites. It can also arrive as a payload, either dropped or downloaded by other malware. Some ransomware is delivered as attachments in spam emails.
Once executed in the system, a ransomware can either lock the users computer screen or encrypt predetermined files with a password. In the first scenario, a ransomware shows a full-screen image or notification, which prevents victims from using their system. This also shows the instructions on how users can pay for the ransom. The second type of ransomware locks files like documents, spreadsheets and other important files.
Ransomware is considered a ‘scareware’, as it forces users to pay a fee (or ransom) by scaring or intimidating them. In this sense, it is similar to the FAKEAV malware; though it uses a different tactic. Instead of capturing the infected system or encrypting files, FAKEAV coax users into purchasing their bogus antimalware software by showing fake antimalware scanning results.
Businesses in Northern Ireland can carry out some very basic tasks to reduce the risk of getting caught by a spear phishing or Ransomware scam. Firstly they can compile a very basic risk management policy document, which details all of the relevant processes in the company. This document must become part of staff induction and should be treated seriously by the board. They must ensure that it is regularly updated and it is treated with importance.
As well as documenting these processes, companies would be well-advised to provide all staff with appropriate training so that if an employee finds himself or herself in such a situation, they know what way to react and wont feel embarrassed to report such activities.
Senior executives should seriously consider how much of their personal details they divulge online through social media. Cyber criminals often use this information to help plan the attack and it is advised that security settings for all social media applications are double-checked to ensure you limit public access. Additionally, specific company information such as periods of leave should never be found in applications such as Facebook or Twitter.
Finally, it is very clear that these types of scams are only going to increase and companies need to adapt a “when in doubt - seek it out” attitude. Bosses must allow for some flexibility to implement this new ethos.
- Patrick McAliskey is managing director of Novosco, an indigenous Northern Ireland IT infrastructure company with offices in Belfast, Dublin and Birmingham. It employs 100 people and works for leading organisations across the UK and Ireland, including many of the north's top companies, UK health trusts, councils and other organisations.
