REGISTER FOR OUR NEXT WEBINAR- CLICK THE IMAGE
2. Browser in browser attacks
are an increasing trend to be aware of. We first heard about this a few months ago… once you land on a fake webpage, a pop up appears inviting you to login. Why is this different? Well, pop ups are far easier to fake. It’s easy to show a genuine website address on a pop up window, and users are far more likely to trust a pop up than they are a whole new tab that opens. Below is a quick example of what we mean, courtesy of https://mrd0x.com/browser-in-the-browser-phishing-attack/
The take away message is, beware of popups. This month, attacks on users of the gaming platform Steam used this tactic successfully. We see this becoming an increasing way to fool users. How do you spot the difference, now that you can’t be looking out for a fake website address? Well, unless a real browser page that pops up, these fakes won’t resize, and you can’t move them beyond the browser window onto your desktop. So now you know. For those wanting more information about the tactic, this article
sets out some of the detail relevant to the Steam campaign.
3. Increasingly, the cyber security world has been highlighting the risk of so-called ‘supply chain’ attacks,
where a criminal tries to compromise a piece of software which is used by multiple businesses. Maximum reward, for minimum effort. This month a report
by Sonatype suggested that the problem is big, and growing: we think you need to be aware of it. They found 88,000 malicious open-source packages, an increase of around 750% over three years. They also found that although 68% of people thought they were using safe sources, a random sample showed that the same percentage were actually using products known to be vulnerable. What does this mean for you? In simple terms, limit your software to what you need. If you have the resources and the ability, do what you can to make sure whatever you do us is from a trusted and trustworthy source. The National Cyber Security Centre produced updated guidance this month regarding supply chain cyber security, which is focused at medium to large businesses, and which may be of help in this regard. You can either search for it in your browser – it’s easy to find - or follow this link.
4. A quick word on training
. This month saw the release of a genuinely fascinating report (we though so, anyway) about people’s attitudes and behaviours relating to cyber security. Cybsafe’s “Oh Behave!” report can be found via your browser or this link
. We already knew that over 80% of breaches are down to human factors. But based on this pretty extensive survey, we can also say that 58% of people who had received training said they were better at recognising phishing messages, and 45% used better passwords. It does pose the question about what your business or charity has done to train your people this year. If the answer is ‘nothing’ then you’re out of excuses. We put together a blog
on our website’s news section some while back, showing the free stuff you can access… from a half hour of e-learning to face to face support from your local force. Or our student team can put on something bespoke at minimal cost. Come to us if you need support, but please don’t ignore the problem.
5. Low-rent scams
. A month or two back we showed you an email which said that it was from a IT security provider and that your IT department wanted you to give them access to your machine so they could run some checks. Inevitably, someone will have fallen for it. This month, we spotted an even better message… essentially, it went like this. “You’ve been hacked. We’re going to leak all your data. You need to pay us some money, or we’ll destroy your company.” No-one would ever fall for this , would they? We think it’s worth mentioning that not all cyber crime is intensely technical: you just need to have your wits about you.
6. Finally, this month’s breaches
of note. As we said, it’s been cybersecurity month. And whilst there have been a few breaches (aren’t there always) we don’t think there’s anything significant enough to raise here, for pretty much the first time since we started these newsletters. Nice to end on a high!