Surely everyone changed their LinkedIn credentials in 2012, when the LinkedIn hack was made public right?
Furthermore, most users would have doubled down on their credential security - changing their passwords to something complex and perhaps using a secure service like LastPass to manage those credentials securely, right?
LinkedIn confirmed last week that more than 100 million members' email and password combinations stemming from a 2012 data breach have been posted online.
So when LinkedIn confirmed last week that more than 100 million members' email and password combinations stemming from a 2012 data breach have been posted online, the natural question is 'why bother'?
As I pointed out to CNET this week, it's no longer the credentials themselves which have value (although there might be a few laggards who still haven't changed their passwords). It's the fact that cybercriminals now hone in on a target by building very accurate pictures of companies and employees ripe for targeting. Also, as I discussed with Computing in March, LinkedIn is now the principle super market for enterprise hacking intelligence - a front door for hackers.
Once the overall picture of an organization is complete, the email account of the target be it personal or professional becomes the Holy Grail for the attackers. Suddenly the penny drops…Peace, who according to a story from Vice's Motherboard is trying to sell the credentials for about $2,200 in bitcoin is actually selling the email addresses.
And I'm sure he or she will sell the information in no time at all - because who thought it was important to change their password and email address in 2012? Not many.
Aside from the immediate damage of social engineering-based attacks, the damage will really be felt by organizations who've been hacked over the last few years and are high-value targets in general. What this action has done is highlight the long-tail value of hacking - inspiring cybercriminals to re-harvest old hack data and inspire more audacious attacks in future as the financial incentive has been boosted further still.
It’s no secret that social engineering attacks, like phishing, spear-phishing and domain spoofing have grown from being a nuisance to a colossal problem. But, perhaps the most colossal problem of the moment is Business Email Compromise, otherwise called CEO fraud or whaling.
Whaling attacks can cost companies millions in financial losses. In fact, according to the U.S. Federal Bureau of Investigation, whaling attacks led to more than $2.3 billion in losses over the last three years. Cybercriminals are able to pull off these deceptive scams by posing as a CEO, or other executive, sending an email asking the unsuspecting target to initiate a wire transfer or send payroll and other sensitive data.
It’s time to protect your organization from whaling attacks. This means you must get to know the ‘5 Phases of a Whaling Assault’ so you can both educate your employees and increase your technology defenses. They are:
- In the Crosshairs: In the first stage of an assault, fraudsters use social media networks to gather intel on their target.
- The Domain Game: Next, armed with just enough detail, they register a domain similar to the actual domain for the target company.
- Gone Phishing: An employee receives the phishing email, but doesn’t notice the subtle warning signs that it’s fraudulent.
- Victim’s Assistance: The target follows the call-to-action in what appears to be an authentic email from someone familiar.
- On the Money: But, it’s not authentic. The attacker now moves the funds from the fraudulent bank account or has sensitive employee information like W-2 forms and social security numbers that are used in a larger scam.
Are you ready to take action against whaling? Download: “Whaling: Anatomy of an Attack” to learn more, including why whaling works, examples of recent high-profile attacks, and ways to defend against whaling fraudsters.
Stop me if you’ve heard this one: my first week at Mimecast went so well that my manager sent me to Indianapolis for the state’s presidential primary.
Full disclosure: Indiana’s presidential primary happened to coincide with the 2016 Midsize Enterprise Summit (MES) East. MES East is The Channel Company’s largest-ever independent gathering of midmarket CIOs and senior executives, and a great opportunity to catch up on new market developments, services, and products.
We’re big fans of MES events (we’ll be at MES West in Austin this September), both as a vehicle to learn what IT executives are focusing on, and to share our updates with them. So while there was plenty of side chatter about the race for the White House, at no point did it distract from the urgent business matters at hand.
This year’s theme, “The Big Shift,” was well suited to the discussions Julian Martin, Mimecast’s VP of Product Marketing, led in our Boardroom Sessions. Why? Because companies are now faced with an unprecedented mix of reward and risk as they migrate to the cloud. And, we seem to have reached a critical inflection point in that migration.
The vast majority of execs we met are committed to their cloud transformations. We heard the same goals over and over again: to streamline operations, shift from capex to opex, and improve scale and agility. But, they tell us, it’s no cakewalk. Our Boardroom and expo booth guests shared plenty of war stories, many related to email.
Email is usually the first platform organizations move into the cloud. It’s the business application that IT departments are most comfortable relegating to a third party to maintain. Yet it’s also the ultimate Killer App, a vital conduit – and repository – for business-critical and strategic information. Whether cloud-based or on premises, email data is crucial for closing sales, negotiating, and brainstorming.
It’s no wonder that email has also emerged as the single biggest threat vector for attacks on corporate information.
This was the central message of Julian’s Boardroom Sessions: it’s just as important to deploy a layered security solution for cloud-based email as it is when your email servers are in your data center. Cybercriminals have demonstrated boundless creativity in their efforts to exploit technology and human nature to breach corporate firewalls, access sensitive data, and steal billions of dollars. Even as email attacks appear with alarming frequency in news headlines, these exploits continue to grow bolder and more numerous over time.
The good news is that our guests were completely on board with Julian’s message. Several IT execs recounted their own personal experiences of phishing, whaling, and impersonation attacks. If you were among them, we thank you for validating our observations. And, special thanks to Mimecast’s customers who were willing to share your ideas, your views on how our services have helped secure your operations, and what you’d like to see on our roadmap over the coming months.
Finally, a huge note of thanks for nominating Mimecast in the Vendor Best in Show and Best Solution categories! We were blown away by your recognition, and grateful for all of the feedback you provided. We’re excited that Donald Trump and Bernie Sanders weren’t the only winning candidates in Indiana last week.
We hope you can join us this coming Fall in Austin for MES West. Until then, if you want to stay abreast of email security happenings, please visit our Security Center and sign up to receive our Security Advisories.
The answer to email cybersecurity threats isn't simple. The email threat vector is complex, and your company's on-premises and DIY security solutions aren't always enough against the determined and advanced cybercriminal.
Achieving truly proactive protection could require the adoption of predictive big data analytics at the security vendor level, using a mix of vendor and client data, open source data (OSINT), and email meta-data to try and predict the source and outcome of the next big hacking or spear-phishing attempt.
Achieving truly proactive protection could require the adoption of predictive big data analytics at the security vendor level, using a mix of vendor and client data, open source data and email meta-data.
Email malware attacks remain high, and Verizon’s 2016 Data Breach Investigations Report revealed 30% of phishing messages were opened, up 7% on last year. A further 13% of those who opened the message, also opened the attachment leading to malware deployment. . Educating your staff to act as a "human firewall" against threats is critical, but it's not foolproof.
Big data analytics hold the potential for organizations to identify emerging threats in real-time. With sufficient access to data, it's possible to discover patterns in attacks against organizations by location, size, industry, or any number of other firmographic factors. With the help of truly forward-looking analysis, security vendors can adjust their defense methods before cyber criminals click "send" on malicious email messages. While this may sound farfetched, the technology exists today to detect attacks a soon as they are launched. We are only a matter of milliseconds away from advancing this detection to being before the attack is launched.
Leveraging Big Data to Predict Cyber-Attacks: How It's Possible
Fortinet predicts as a future filled with malware designed to "bypass advanced security protection systems," including state-of-the-art on-premises solutions. Ultimately, the issue with DIY threat protection is something everyone learned in their first coding class: garbage in, garbage out. Your organization's security data asset aren't garbage, but they're not big enough to notice an increase in risk based on global or industry-wide patterns. Data sets must be big enough to reveal definitive, real-time conclusions about emerging threats.
Large-scale cybersecurity companies will need to step up to the plate. A combination of big data, OSINT and email metadata can be used to predict, with accuracy, patterns in email attacks by region, industry, or company. A global view will be critical to identify probability of email threats, as well as DDoS and IP-based attacks. Predictive analytics is the art of identifying emerging patterns, such as a spike in abnormal traffic patterns in a category of IP addresses, or a sudden surge in malicious traffic that's targeting mid-sized businesses in the finance industry.
Why Security and Cloud Providers Must Step Up
The idea of strength in big data for effective prediction is the basis of open threat exchanges. However, the issue here isn't with the strength or volume of information gleaned from threat exchange, it's with the ability to execute. The idea of global predictive analytics could perform best if it's led by security providers who deal in cloud services.
Vendors must join forces to get in front of the quickly-evolving email threat landscape. When the "good guys" work together to share intelligence data and provide secure services, there's a remarkably high potential for results. With a combination of provider data, customer insights, and open-source resources, collaborative multi-vendor could actually result in a strong front against criminals.
Security pros know the value of taking a proactive, not reactive, approach to protection. However, if your on-premise options aren't sufficient and your data isn't broad enough to reveal patterns, your predictive analytics may just be capturing the shadows of threat patterns. Protection in the future could shift squarely into the hands of security and cloud services vendors, who have the access and ability to act as the ultimate firewall against threats that are emerging in real-time.