Current Cyber Threats – What you need to know

Share on facebook
Share on twitter
Share on linkedin
Share on pocket


We all hear about cyber threats and hacks virtually every day and most of the time there’s alot of technical jargon involved.  I’ve
written this article to explain what some of the most common types of threats are and what you need to look out for.

There are a number of ways that you and your business are at risk from cyber threats.  Three of the most common include –

Brand-jacking/Credential Harvesting –

Scenario –

  • Usually done initially through an email
  • Fools victim into thinking that email is legitimate
  • Pretending to be a reputable company like Microsoft or a bank or well-known business
  • Directs victim to a very real looking log-in screen (which is fake)
  • Asks victim for username and password for that website to enable them to log in.
  • Once this has been entered, scammer has victims credentials and has full access to victims account.

Tips –

  • Check language very carefully in emails – Dear customer, dear <email address> are red flags
  • Check the senders email address to ensure that they are who they say they are.
  • Hover over the link in your email to check the web address to see if it is legitimate
  • Use a URL scan to check if there is record of the web-site being malicious or spam – https://www.virustotal.com
  • If you do click on link – check that the website address is legitimate and again it is who they say they are.
  • Set-up additional security for yourself on critical web-sites and services.  This could include multi-factor or two-factor authentication.
  • If in doubt, don’t click on it.  Ask your IT

 

Spam Emails Containing Malware

Scenario –

  • Comes in an email with an attachment or link
  • Fools victim into thinking that email is legitimate
  • Pretending to be a reputable company
  • Directs victim to open file or click on link
  • Once victim performs action, malicious payload is installed onto the computer
  • Most common type is crypto/ransomware which encrypts all files on computer and spreads to network.  Only recovery is from backup.  Other
    malicious software can include key loggers which steal credentials.
  • Some businesses take decision to pay ransom which is a huge risk.

Tips –

  • Check language very carefully in emails – Dear customer, dear <email address> are red flags
  • Check the senders email address to ensure that they are who they say they are.
  • If there is a link – hover over the link in your email to check the web address to see if it is legitimate.
  • Use a URL scan to check if there is record of the web-site being malicious or spam – https://www.virustotal.com
  • If there is an attachment, what is it called?  Does it have a generic name like invoice.pdf etc
  • If you do click on link – check that the website address is legitimate and again it is who they say they are.
  • Set-up additional security for yourself on critical web-sites and services.  This could include multi-factor or two-factor authentication.
  • If in doubt, don’t click on it.  Ask your IT.

 

Brute Force Hacking –

Scenario –

  • Usually performed by a skilled ‘hacker’
  • Targets businesses with perceived poor security
  • Usually doesn’t involve user/staff interaction
  • Targets poor passwords or ‘back-doors’ to provide access to the business computer network or business application.
  • Once inside the network or application hackers can steal information, install malicious software and cause major disruption.

Tips –

  • Ensure that password policies have been set-up properly for all staff.
  • Ensure no accounts are set with non-expiring passwords.
  • Provide staff with access to what they need, not what they want.
  • Ensure your external network security is strong.
  • Set up additional security for business applications including multi-factor authentication.
  • Ensure that security alerts are set up so that your IT knows when there are hacking attempts.
  • Get an expert to perform regular reviews of your cyber security.


As I’ve talked about numerous times there are precautions you and your business can put in place to help prevent the majority of cyber
threats from impacting you.  These include – 

  • Install suitable end-point security software on all computers and servers
  • Install a security firewall to protect your network
  • Install an email anti-spam and email security solution
  • Set-up password policies and configure complex passwords
  • Configure multi-factor authentication where you can
  • Educate and raise awareness of threats
  • Take out cyber insurance

If you’d like any further information or assistance with your cyber security please call us on 1300
478 738

or email us at 
info@suretyit.com.au


About the author:

Geoff Stewart

Geoff Stewart

Geoff Stewart is a highly experienced and skilled IT Challenger at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT’s mission is to address and overcome the 4 biggest problems businesses have with their IT systems and support which are: poorly performing systems, unreliable systems, unresponsive IT support and poor IT related advice.

We’ve developed a proprietary process that allows us to do that by: thoroughly understanding your business requirements, gaining an in-depth knowledge of your IT systems, identifying mission critical technology issues vital to your business performance and ensuring our ‘Solution Path’ process is specifically designed and tailored for you with value based solutions and support.

Give us a call or send us a message on our contact page to find out more about how we go about achieving these outcomes.

Scroll to Top