Expert(s):
CEOfeature_status*/ ?>
Tessian

Comments Dotted : 6
January 11, 2021

Response Comment: Hackers Post Hackney Council’s ‘Stolen Documents’
Educating people will help but advanced attacks like this require advanced security solutions.

Although it's unclear how this particular group delivers its ransomware payload, it's likely that phishing has played a role. Figures from last year show that distributing ransomware attacks via email is quickly coming "back into fashion", while our own research found that a third of IT leaders have experienced a rise in ransomware delivered by phishing messages since companies started working fully remotely last year.

 

As hackers continually look for ways to hack humans in order to hack

.....Read More

Although it's unclear how this particular group delivers its ransomware payload, it's likely that phishing has played a role. Figures from last year show that distributing ransomware attacks via email is quickly coming "back into fashion", while our own research found that a third of IT leaders have experienced a rise in ransomware delivered by phishing messages since companies started working fully remotely last year.

 

As hackers continually look for ways to hack humans in order to hack organisations, businesses must find ways to secure their people, especially as they continue working remotely. Educating people will help but advanced attacks like this require advanced security solutions. Often, hackers will build trust with their targets over time, and across multiple emails, before sending the tell-tale malicious payload link or attachment. Solutions need to be in place to automatically detect this threat, and alert employees, at the very start of the email chain to avoid valuable data being stolen and extorted.

  Read Less
November 23, 2020

Experts Reacted On MPs Hit With Nearly 3 Million Malicious Emails Every Month
Hacking humans on email is still the easiest way for cybercriminals to hack into organisations and institutions.
These findings highlight the sheer scale of the threat that all businesses are facing. With millions of malicious emails being sent, the odds that one might work are high - especially if they are carefully crafted to evade detection. It just takes one busy and stressed employee to miss the cues or one very convincing message for cybercriminals to breach an organisation's security and access highly sensitive information. Hacking humans on email is still the easiest way for cybercriminals to.....Read More
These findings highlight the sheer scale of the threat that all businesses are facing. With millions of malicious emails being sent, the odds that one might work are high - especially if they are carefully crafted to evade detection. It just takes one busy and stressed employee to miss the cues or one very convincing message for cybercriminals to breach an organisation's security and access highly sensitive information. Hacking humans on email is still the easiest way for cybercriminals to hack into organisations and institutions. Governments, therefore, need to protect their people from falling for phishing attacks, putting solutions in place to automatically detect threats and educating employees on threats like social engineering attacks. Failure to do so and the fallout could be disastrous, as cybercriminals get their hands-on sensitive data and gain illegal access to officials' email accounts. Consider the damage that could be caused should a hacker successfully take over an MP's email account. The threat of phishing isn't going away any time soon, but organisations can find ways to proactively prevent their people from falling for the scams.  Read Less
September 18, 2020

NCSC warns of ransomware attacks against UK universities – experts reaction
While DMARC is a necessary first step to preventing domain impersonation, it has its downfalls and hackers will find ways around it.
It’s important to remember ransomware attacks are often delivered via phishing emails, so it’s concerning to see that nearly all of the top 20 UK universities do not have DMARC policies in place to protect their domains from being spoofed by scammers. We have seen hackers capitalise on key moments throughout the pandemic using phishing attacks, so it’s likely they will use this ‘back to school’ momentum to their advantage too, impersonating trusted universities to try and steal.....Read More
It’s important to remember ransomware attacks are often delivered via phishing emails, so it’s concerning to see that nearly all of the top 20 UK universities do not have DMARC policies in place to protect their domains from being spoofed by scammers. We have seen hackers capitalise on key moments throughout the pandemic using phishing attacks, so it’s likely they will use this ‘back to school’ momentum to their advantage too, impersonating trusted universities to try and steal valuable personal and financial information. The problem is that without DMARC records in place, or without having DMARC policies set up to ‘reject’, hackers can easily impersonate a university’s email domain in phishing campaigns, convincing their targets that they are opening a legitimate email from a colleague, fellow student, professor or administrator at their university. If you receive an email from your university asking for urgent action, question the legitimacy of the request and if you’re not sure, contact the university directly to verify. It’s also important to note that while DMARC is a necessary first step to preventing domain impersonation, it has its downfalls and hackers will find ways around it. For example, DMARC won’t stop lookalike domains, and hackers can register domains that look similar to an organisation’s domain, betting on the fact that people won’t notice the slight change. Given that DMARC records are also inherently public, an attacker can use this information to select their targets and attack method simply by identifying institutions without an effective DMARC record. So as universities start to welcome students back - and inundate inboxes with updates about online learning and social distancing — it’s critical that they take action to build robust security measures that can protect their staff and students against email scams.  Read Less
July 20, 2020

Experts On The News: Tesco ‘Free 4K TV’ Phishing Scam Targets UK Shoppers
They know people are struggling financially during this pandemic, so the offer of a free TV could be very attractive.
As the lines between people in our 'known' network and our 'unknown' networks blur on social media feeds and in our inboxes, it becomes incredibly difficult to know who you can and can't trust. Hackers prey on this, impersonating a trusted brand or person to convince you into complying with their malicious request and they will also prey on people's vulnerabilities. They know people are struggling financially during this pandemic, so the offer of a free TV could be very attractive. But as the.....Read More
As the lines between people in our 'known' network and our 'unknown' networks blur on social media feeds and in our inboxes, it becomes incredibly difficult to know who you can and can't trust. Hackers prey on this, impersonating a trusted brand or person to convince you into complying with their malicious request and they will also prey on people's vulnerabilities. They know people are struggling financially during this pandemic, so the offer of a free TV could be very attractive. But as the saying goes, if it looks too good to be true... it probably is! Question the legitimacy of these messages and always verify the request or offer before clicking on the link.  Read Less
May 28, 2020

CEO On Research: Half Of Workers Are Less Likely To Practice Safe Data Practices While Working Remotely
The Covid-19 crisis has triggered a tidal wave of challenges for businesses.
The Covid-19 crisis has triggered a tidal wave of challenges for businesses. Whilst they adapted fast to the abrupt shift towards remote working, the challenge businesses now face is keeping data secure from risky employee behaviour as working from home becomes the norm. Our research shows that people will cut corners on security best practices when working remotely and find workarounds if security policies disrupt their productivity in these new working conditions. But, all it takes is one.....Read More
The Covid-19 crisis has triggered a tidal wave of challenges for businesses. Whilst they adapted fast to the abrupt shift towards remote working, the challenge businesses now face is keeping data secure from risky employee behaviour as working from home becomes the norm. Our research shows that people will cut corners on security best practices when working remotely and find workarounds if security policies disrupt their productivity in these new working conditions. But, all it takes is one misdirected email, incorrectly stored data file, or weak password, before a business faces a severe data breach that results in the wrath of regulations and financial turmoil. During this time, protecting people has to be all businesses’ top priority. IT decision makers, therefore, must establish clear guidelines on security best practices, enabling all staff to work efficiently and safely when away from the office.  Read Less
April 03, 2020

Industry Leaders And Cybersecurity Experts Insight On Marriott International Data Breach
Contact the hotel directly to verify whether the request is legitimate.
Marriott customers should now be alert to the fact that they could receive targeted phishing scams from hackers impersonating the hotel group, leveraging the information they have stolen to steal payment details or account passwords. If you receive a suspicious email that asks you to carry out an urgent action, do not comply with the request, click the link or download any attachments. Contact the hotel directly to verify whether the request is legitimate.