General Cyber Security

Types of phishing attacks

In our previous article, we explained the general idea behind phishing. We also stated that there are different types of phishing attacks which we all need to know about in order to identify and protect ourselves from them.

 

Over the years, some of these computer phishing attacks have become more sophisticated, making it more difficult to recognize them; It is true that many phishing attempts that reach us by email are quite crude and obvious, but others are much more subtle and if we do not pay special attention to some details, we can fall victim to them. 

In the following sections, we will explain some of the most used phishing techniques. 

Spear Phishing 

While traditional phishing uses a “lay down and wait” approach, meaning that mass emails are sent to as many people as possible, spear phishing is a much more selective attack where the hacker knows what specific person or organization they are after. They investigate the target to make the attack more personalized and increase the chance that the target will fall into their trap. 

The use of social engineering techniques here is key, especially since the hacker will try to know all the information he can about his target, so that the content of the email is as convincing as possible. 

Email / Spam 

It is the most common technique to carry out computer phishing attacks; the same email is sent to millions of users with a request to fill in their personal data. These details will be used by phishers for their illegal activities. Most messages have an urgent note that requires the user to enter their credentials to update account information, change details, or verify accounts. Sometimes they may be asked to fill out a form to access a new service via a link provided in the email. 

Web-based delivery 

Web-based delivery is one of the most sophisticated phishing techniques. Also known as a “man in the middle,” the hacker stands between the original website and the phishing system. The phisher tracks details during a transaction between the legitimate website and the user. As the user continues to pass information, the phishers collect it without the user knowing. 

Link manipulation 

Link manipulation or URL phishing is a technique by which the phisher sends a link to a malicious website. When the user clicks on the misleading link, they open the phisher’s website instead of the website mentioned in the link. Usually, the appearance of the fraudulent website is identical to the real one that the user expects, so that they do not suspect anything and thus fall into the manipulation of the link. 

Keyloggers 

Keyloggers refer to malware used to identify input from the keyboard. The information is sent to hackers who will use it to crack passwords and obtain other types of information. To prevent keyloggers from accessing personal information, secure websites offer options for using mouse clicks to make input via a virtual keyboard. 

Trojans 

A Trojan horse or Trojans is a type of malware designed to trick the user with an action that appears legitimate (for example, downloading free software), but actually allows unauthorized access to the user’s account to collect credentials from his local machine. The acquired information is passed on to the cybercriminals. 

Malvertising 

The malvertising or malicious advertising is one that contains active scripts designed to download malware or force unwanted content on your computer. Exploits in Adobe PDF and Flash are the most common methods used in malicious ads. 

Session hijacking 

In session hijacking, the phisher exploits the web session control mechanism to steal user information. In a simple session hacking procedure known as session sniffing, the phisher can use a sniffer to intercept relevant information and gain access to the web server illegally. 

Content injection 

Content injection is the technique in which the phisher changes a part of the content on the page of a trusted website. This is done to trick the user into going to a page outside of the legitimate website where the user is asked to enter personal information. 

Phishing through search engines 

Some phishing scams involve search engines where the user is directed to product sites that may offer low-cost products or services. When the user tries to buy the product by entering the credit card details, the phishing site collects it. There are many fake bank websites that offer credit cards or loans to users at a low rate, but they are actually phishing sites. 

Vishing (Phone Phishing) 

Vishing, also known as Phone Phishing or Voice Phishing, is a technique in which the phisher makes a phone call impersonating a company or entity. The techniques used are similar to those that we can find in phishing (communicating a problem with a service, the payment method or that style). The goal is for the victim to provide personal bank account information. 

Although in the past it was common for vishing attacks to be carried out through private numbers or numbers with many more digits than usual, over time they have changed and now telephone numbers are used that in principle do not make us suspect that it is a scam call. 

Smishing (SMS phishing) 

Phishing carried out via Short Message Service (SMS) is called Smishing. A smishing text, for example, attempts to entice a victim to reveal personal information via a link that leads to a phishing website. 

Malware 

Phishing scams that involve malware require it to be run on the user’s computer. The malware is usually attached to the email sent to the user by the phishers. Once you click on the link, the malware will start working. Sometimes malware can also be attached to downloadable files. 

Malware refers to any type of virus, so if we click on these types of links, we will be opening the door to different types of viruses with different types of objectives. 

Data hijacking 

Date Hijacking or Ransomware denies access to a device or files until a ransom has been paid. It can be applied to the entire device, preventing its use, or limiting access to certain files. 

Although individuals are also often victims of this type of phishing attack, it is more common for companies or public bodies to be the favourite target of these cyberattacks, since the damage that a specific computer or file lock can cause is high. 

The way to do this, as in most of these attacks, is to get the victim to click on a link that will download the malware onto the computer; it can be a link in an email, a malicious ad, or an attachment. 

419 / Nigerian scams 

The Nigerian scam is one of the oldest email scams. They got this name because Nigeria was, in the beginning, the country of origin of this scam and 419 because it is the article of the Nigerian penal code on fraud. 

This form of phishing consists, generally, although there are variants, in convincing the victim to provide their bank account number or advance an amount of money, in exchange for which, they will be rewarded with a larger amount in the future. The basic idea is that an alleged Nigerian official needs to take money out of the country, but for this he needs the help of the victim, who must advance certain amounts of money to carry out the payment of alleged bribes, taxes, etc. In return, the alleged official will share with the victim that money that he wants to take out of the country. 

Whaling 

Whaling is a much more targeted and precise type of phishing attack that targets senior managers in a company, such as CEOs and other high-level positions. In this case, more sophisticated and refined techniques are used so that victims, who are better trained to recognize phishing, fall into the trap. 

The objective, as always in this type of attack, is to get the victim to access a link on a fake website, to get access credentials, or to download attachments that install malware on their computer and on the company network. 

Cloning Phishing 

In cloning phishing, the phisher copies or clones a legitimate email from a company or organization that has been sent previously and that contained either a link or an attachment. The phisher manipulates these links or attachments to lead to malicious content and resends the emails. Since the email is exactly the same as the last ones received, the victim usually falls into the trap and clicks on the link or downloads the file, allowing the computer to be infected. 

How to identify a phishing attack? 

Now that you know the most common phishing attacks, let’s see how you can identify them to avoid being victims of them. 

All phishing attacks are based on identity theft, either through email, through a fake website or, as we have seen, even through phone calls. So the way to identify them is to pay attention to detail. 

It is true that some phishers falsify emails or websites to the smallest detail, but there is always something that they cannot completely falsify and that is the address the email comes from or the URL of the website. This is where we must look closely. 

Normally, the emails that come from companies, organizations or banks, include your domain name, for example, info@companyname.com . When it comes to a phishing attempt, the address will look like this: info.companyname@gmail.com or similar. That is, the domain name will not appear after the @, but will be some strange mail platform or domain. 

So check the sender’s address and if you find it suspicious, do not click on the links it may contain or download attachments. 

As for web pages, the first thing you have to look at is if the address begins with “ https: // ”, that “s” is the key and tells us that we are on a secure website, just like the padlock that appears to the left of the steering bar. 

It is true that there are legitimate pages that do not have the lock, so in this case, you must make sure that you are in the correct place, especially if you have entered it via a link, instead of having entered the address manually. And if you are not sure, do not carry out any action there and close the web. 

When phishing attempts are less sophisticated, it is easier to recognize them, because the wording of the text has grammatical errors, since translators are often used to compose them. So pay attention to the language of the text as well. 

And if what you receive is a phone call, it is most likely that the criminal is trying to impersonate a technical service. Normally, on the other end of the line you will have foreign people, so that is already a clue to hang up the call. But in case they are speacking English or Arabic, remember that the technical services will only contact you if you request it. And if they tell you that they are banks or telephone companies that supply energy or water, remember that they call to sell you services, not to ask for your information at the first exchange rate. 

Now that we know what Phishing is and the types of Phishing Attacks, in our next article we will explain how to avoid being a victim of such attacks. 

read more

How to recognize and avoid phishing scams

Phishing is one of the most used attacks by cyber criminals who want to gain personal data, banking credentials, and user accounts. Phishing is not a new threat, in fact it has been used for a long time, however, victims of this type of attack are still on the rise.  

In this article we are going to explain what phishing is, types of phishing, how we can identify them and how we can protect ourselves. The dangers of the Internet are ever-present, but we can protect ourselves from them with a little caution, knowledge and awareness. 

What is phishing? 

Although there is no definition of phishing itself, we can define it as the techniques or methods used by cyber criminals to obtain confidential information from their victims; This information can be personal data, user accounts and passwords or bank details. Therefore, phishing is a type of computer fraud. 

The meaning of phishing comes from the English word “fishing”, and by which it refers to the fact of using a bait to get the victims of the attack to bite. 

Cybercriminals who carry out phishing attacks are called “phishers”. 

How does phishing work? 

One of the characteristics of phishing is that it is a social engineering technique that cybercriminals use to scam their victims and achieve their goals. 

Usually, an attacker sends an email in which they pose as a company or organization (such as banks, streaming platforms, online stores, etc.). The email mentions a problem that needs to be solved (the “threat” of blocking credit cards or user accounts is common) and contains a link that the victim will have to click to solve it. 

This link normally leads to a fraudulent website, but which imitates (sometimes very well) the real page of the company in question. Here the victim will be asked to enter different types of data, depending on the intention and objective of the phishing attack and the hackers behind it, or some type of malware will be directly be downloaded to the victim’s computer, allowing them to access the information stored in it. 

Although it is commonly used in emails, the truth is that there are other avenues of attack, such as instant messaging services, SMS, messages on social networks or even voice messaging applications or the telephone. 

The content that we can find in these messages can vary from referring to cards or bank accounts, we can also find other types of content such as false job offers, promotion of new products, alleged lottery in which we have been winners, cancellation of user accounts in online games, etc. 

As we will know in the upcoming blogs, there are various types of phishing attacks, however, their objectives are usually always similar, to obtain personal and banking details of the victims. 

read more

فيروسات الفدية: ما هي وما مخاطرها وكيف تحمي نفسك منها

 

 

في يونيو 2017، انتشر فيروس الفدية “نيتيا” كالنار في الهشيم عبر شبكة الانترنت في أوكرانيا. استخدم هذا الفيروس ثغرة في تحديث لبرنامج محاسبة أوكراني مشهور ليلتهم المعلومات في ملايين الأجهزة واضعاً ما يقارب 2000 شركة أوكرانية تحت رحمته بينها فروع لشركات عالمية كشركة النقل البحري المعروفة ميرسك. 

في هذا المقال، سنحاول أن نشرح باختصار وموضوعية النقاط الأساسية الخاصة بفيروسات الفدية وكذلك الخطوات التي يجب أن نتخذها لحماية أنفسنا منها للوصول الى راحة بال أكثر لنتمكن من التركيز على أعمالنا دون الخوف من هذا النوع من التهديد. 

ولكن قبل أن نتحدث عن فيروسات الفدية، نحتاج أن نأخذ نبذة سريعة عن البرامج الضارة Malware بشكل عام وأن نفهم تداعياتها. 

ما هي البرامج الضارة Malware ؟ 

عندما نتحدث عن البرامج الضارة ، فإننا نتحدث عن جميع أنواع البرامج الضارة (Malicious Software) التي تهدف إلى إحداث ضرر أو إجراء تغييرات أو حتى سرقة المعلومات من جهاز كمبيوتر واحد أو أكثر. 

بمعنى آخر، إنها برامج كمبيوتر خبيثة تنتشر عبر الشبكة بطرق مختلفة وتضر الملايين من الأشخاص كل عام. 

هناك عدة أنواع من البرامج الضارة كالفيروسات والديدان وأحصنة طروادة وبرامج الفدية وبرامج التجسس والبرامج الإعلانية وغيرها. لكل من هذه الأنواع مخاطرها الخاصة وتسعى كل منها لاستغلال نقاط ضعف مختلفة، لكن جميعها تشترك في شيء واحد، تتطلب جميعها الكثير من الاهتمام ويمكن أن تسبب أضرارًا جسيمة لعملك. 

الفيروسات Viruses  

تُعرف الفيروسات على نطاق واسع، ولكن غالبًا ما يتم الخلط بينها وبين أنواع البرامج الضارة الأخرى. الميزة الرئيسية للفيروس هي طريقة انتشارها حيث يستخدم ملفات النظام للانتشار تلقائيًا دون موافقة المستخدم. 

الديدان Worms  

تتمتع الديدان أيضًا بقدرة كبيرة على التكرار الذاتي، ولكن على عكس الفيروسات، يمكنها إنشاء نسخة من نفسها على الشبكة أو أجهزة الـ USB(محرك أقراص محمول ، أقراص ، إلخ) ولا تعتمد على ملفات لتشغيلها. 

حصان طروادة Trojan Horse 

هي برامج مثل حصان طروادة الخشبي المليء بالجنود ، يخدع المستخدم بالتظاهر بأنه برنامج عادي. ولكن عند فتحه، فإنه يفتح الأبواب ويستغل نقاط الضعف التي تسمح لبرامج ضارة أخرى بدخول النظام. 

برامج التجسس Spyware 

برامج التجسس هي برامج تراقب وترسل إلى الشخص الذي برمجها معلومات سرية حول جهاز الكمبيوتر الخاص بك، مثل البيانات المكتوبة على لوحة المفاتيح وكلمات المرور والسجلات وبطاقات الائتمان وما إلى ذلك. 

البرامج الإعلانية Adware 

وأخيرًا  وليس آخراً، من المهم ذكر البرامج الإعلانية. فهي لا تغرق أجهزة الكمبيوتر الخاصة بالضحايا بالإعلانات المزعجة وحسب، بل أيضاً أحصنة طروادة مما يفتح الأبواب لإدخال برامج ضارة أخرى أكثر عدوانية في النظام. 

حسنًا ، ماذا عن برامج الفدية ؟! 

في الأساس، هذه المجموعة المتنوعة من البرامج الضارة قادرة على اختطاف البيانات من أجهزة كمبيوتر الضحية. بمعنى آخر، يمنع هذا البرنامج الخبيث الوصول إلى البيانات من جهاز كمبيوتر مصاب (في بعض الحالات القرص الصلب بأكمله) ويطلب المال من الضحية مقابل كلمة مرور قد تعمل أو لا تعمل. 

تطور فيروسات الفدية 

فيروسات الفدية ليست حديثة كما يعتقد الكثيرون، ولكن تطورها أدى إلى ظهور تنبيهات أمنية في جميع أنحاء العالم. في السابق، كانت هذه البرامج الضارة تقوم فقط بضغط الملفات (في ملف مضغوط على سبيل المثال) ثم تقوم بتطبيق كلمة مرور على هذا الملف، مما يجعل استعادة الملفات سهل نسبياً. ولكن مؤخراً أصبحت برامج الفدية نفسها تشفر البيانات مما زاد صعوبة استعادة الملفات بشكل كبير.  

علاوة على ذلك، في عام 2016، ظهرت فيروسات الفدية المتنقلة، مما رفع مستوى خطر هذا التهديد لأن هذا النوع من البرامج الضارة قادر على الانتشار عبر الشبكة ولا يعتمد بالضرورة على التدخل البشري لحدوث ذلك. قبل ظهور هذا النوع من برامج الفدية، كان انتشارها يعتمد بشكل أساسي على الروابط الموجودة في رسائل البريد الإلكتروني أو الشبكات الاجتماعية أو على المواقع ذات السمعة المنخفضة. 

نصائح سريعة وفعالة لحماية نفسك من برامج الفدية 

فكر في الوقاية في جميع الأوقات وارفع مستوى وعي موظفيك- 

نقاط الضعف في البرمجيات والشبكات ليست ثابته، فحين يتم العثور على نقطة ضعف تستغلها البرامج الضارة، يقوم المبرمجون بحلها، فيبدأ البحث عن نقاط ضعف أخرى لإستغلالها. لذلك يتوجب التيقظ والدراية بصورة دائمة لمخاطر الهجمات السيبرانية من قبل جميع الموظفين. كما تعتمد الحماية من برامج الفدية بشكل اساسي على الإجراءات الوقائية لا العلاجية، لذا تأكد من أن جميع من حولك على علم بهذه النصائح. 

تأكد من وجود سياسة أمن المعلومات في شركتك 

تصف سياسة أمن المعلومات الممارسات المرغوبة بالاضافة الى الموارد التكنولوجية والتوجيهات بشأن عمليات أمن المعلومات المعتمدة من قبل المنظمة والسلوك الذي يجب على الموظف اتباعه في مواجهة المواقف التي تشكل خطرًا على المعلومات.  

مراجعة إعدادات جدار الحماية واستخدام مكافح فيروسات جيد. 

عادةً ما تقدم أنظمة التشغيل الحديثة جدار حماية مضمنًا. استخدمه بشكل صحيح. ولا تنسَ الحاجة إلى وجود ميزات التحكم في أمان المعلومات في جميع قنوات نقل البيانات. بمعنى آخر، يعد وجود جدار حماية جيد على شبكتك إذا كان لديك أكثر من جهاز كمبيوتر مرتبط بها أمرًا ضروريًا.  

 ابحث عن خدمة بريد إلكتروني مع خاصية الحماية من الفيروسات و البريد المزعج

كما وضحنا أعلاه في تطور فيروسات الفدية، بدأ انتشار هذه البرامج الضارة تلقائيًا مؤخرًا فقط. بما معناه أنه لا تزال هناك عدة أنواع من برامج الفدية النشطة التي يتم نشرها بالطرق التقليدية كالروابط في رسائل البريد الإلكتروني وحتى الروابط في ملفات  PDF. لذلك، يوصى وبشدة أن يكون لديك خدمة بريد إلكتروني احترافية مع خاصية  Antispam و Antivirus 

النسخ الاحتياطي خارج نطاق شبكتك  

أخيرًا وليس آخرًا ، احصل على خدمة نسخ احتياطي سحابية. في حالة فشل أي من النقاط المذكورة أعلاه ، فإن الاحتفاظ بهذه النسخة الاحتياطية المخزنة خارج نطاق شبكتك المخترقة هو ما سينقذك. طبق سياسة احتفاظ بالنسخ الاحتياطية لمدة 30 يومًا على الأقل حتى تتمكن من استعادة البيانات من فترة ما قبل أن تصاب أجهزتك ببرنامج الفدية. 

نصيحة هامة: تحقق بشكل دوري من تقارير النسخ الاحتياطي وقم بإجراء اختبارات استعادة متكررة حتى تتأكد من أن كل شيء يعمل كما هو مطلوب. 

الآن بعد أن عرفت ما هي برامج الفدية ومخاطرها، وأصبح لديك المام ببعض الطرق لحماية نفسك وشركتك من شرها، ينبغي عليك وضعها في حيز التنفذ. ولا تنس أبدًا النصيحة الأولى، الوقاية وتوعية من هم حولك. يمكنك أن تبدأ الآن بمشاركة هذه المقالة مع أصدقائك وزملائك في العمل. 

read more

Secure password protocols

Your organization can take every precaution to prevent a cyber-attack – firewalls, antivirus, antimalware, spam filter, etc. - but their greatest vulnerability is not lurking in the cyber shadows, they are sitting in your office. The failure to adhere to the employee password policy requirements could put your whole business at risk. 

7 technical password policy requirements 

How to Enforce Password Policies for Your Business 

Putting a password policy in place for your staff is only the first step towards ensuring a higher level of security. If this policy is not enforced, your staff could still be reverting to out-of-date password rules. 

Fortunately, you don’t need to spend hours educating your team on password best practices to get peace of mind. You can enforce technical password requirements using the server located in your office or in the cloud. 

7 technical password policy requirements 

To protect your company data, your technical password policy should include the following: 

1. Rethink password expiration policies 

Studies have shown that requiring employees to change passwords often could do more harm than good. When forced to update passwords regularly, people tend to choose weaker and more predictable passwords that hackers can easily crack. 

There are many cases where passwords need to be updated. For example, if passwords may have been compromised, ask your employees to update them. 

2. Protects against hashing and duplicate passwords 

Make sure team members cannot repeat previously used passwords. This includes password hashing, where the letters of old passwords are replaced with symbols and numbers. Algorithms can now guess hash patterns with impressive precision. 

3. Do not allow passwords containing usernames 

Including your name in your password is weak and predictable. Be sure to establish rules that do not allow this practice. 

4. Enforce the length rules 

Passwords must be at least 8 characters long. Give employees helpful tips to create even more secure passwords, such as using phrases or sentences. 

5. Require password complexity 

Strong passwords include an uppercase letter, a lowercase letter, a number, and a special character. Set these prerequisites for all employee passwords. 

6. Use passphrases 

Choosing phrases for your password that have a personal connection to your life, rather than words, is more difficult for someone to hack. 

Use phrases like “I love puppies,” but make it unique by altering some of the letters to be numbers or symbols to get “Il0ve the Cub $ 2017”. A phrase about a sports team that you like is easy to remember and creates the required complexity. 

7. Use two-factor authentication 

Not only does it require a username and password, but multi-factor authentication also requires information that only the user knows. For example, the user will enter their username and password and then they will be asked to enter their phone number. The system will then send a unique code to the user’s phone and ask them to enter that code into the system before login is granted. This means that a hacker would need the credentials for the user’s mobile phone and account. 

read more