8 major technology security risks for your business
Technology has spawned a dizzying array of new security risks with complicated names such as phishing, social engineering and pretexting. Knowing about these new technology security risks is already half the battle… Continue reading
Phishing and spearphishing are threats to your business
While security professionals focus largely on identifying and patching vulnerabilities in software, the weakest security link typically ends users. Phishing is a social engineering method to fraudulently obtain information by disguising communication… Continue reading
Major technology security risks for your business
Technology has spawned a dizzying array of new technology security risks with complicated names such as phishing, social engineering and pretexting. Knowing about these new technology risks is already half the battle when trying to avoid these pitfalls.
1. Phishing – a technology security risk
Phishing is the use of fraudulent emails or phone calls to get sensitive information, such as bank account numbers, credit card information or passwords. Here is how it works:
If you’ve ever gotten an email that says your account has been locked or that irregular activity was detected in your account, you may have been the target of a phishing attempt. These messages typically include a link to a legitimate-seeming website, where you’re asked to give account information or download malware (see more on that below).
A phishing email or phone call may ask you to call a number to discuss a problem with your account. You might then be asked to reveal account details over the phone.
Phishing is a type of social engineering, which is an attack that uses misrepresentation to get sensitive information.
2. Pretexting – a technology security risk
Pretexting involves the creation of a fake identity or scenario to fool a person into disclosing information.
For example, a fraudster may email or call your company claiming to be a supplier, survey firm, municipal inspector or insurance company to get sensitive data. A pretext attacker could also pose as a computer technician responding to a call for service to access your network.
“They may ask for little bits of information that don’t raise red flags,” Abdulmughnee says. “But over time, bit by bit, they’re trying to build a profile that could let them steal your identity.” Continue reading
Keylogger campaign returns, infecting 2,000 WordPress sites
Over 2,000 WordPress sites are infected with a malicious script that can deliver both a keylogger and the in-browser cryptocurrency miner CoinHive. – Keylogger
Researchers at Sucuri who made the discovery said the recent campaign is tied to threat actors behind a December 2017 campaign that infected over 5,500 WordPress sites. Both incidents used a keylogger/cryptocurrency malware called Cloudflare solutions. The name is derived from the domain used to serve up the malicious scripts in the first campaign, Cloudflare solutions.
Cloudflare solutions – Keylogger Campaign
Cloudflare solutions are in no way related to network management and security firm Cloudflare.
“While these new attacks do not yet appear to be as massive as the original Cloudflare solutions, the reinfection rate shows that there are still many sites that have failed to properly protect themselves after the original infection,” wrote Denis Sinegubko, a senior malware researcher at Sucuri who authored research blog this week. Continue reading