New & Dangerous Phishing Attack

A new threat has arisen that steals Microsoft Office 365 credentials from an email security company. This is troubling on many levels. For one, people just expect any company in the business of “security” to be immune from these types of attacks. For another, if you are in the business of internet security, and hackers can trick you or sneak in through some weakness, it can ruin your reputation.

How Does It Work?

Cyber thieves attempted to steal Office 365 credentials by spoofing the return path and received email headers of Barracuda.

Email security firm Great Horn comments:

“The attackers crafted the received headers so that it appears to have gone through multiple ‘Barracuda’ steps, before sending the email via a server designed to look like a Barracuda server.”

The phishing emails sent in this case included one allegedly coming from “Email Quarantine” with the message-id: noreply.barracudanetworks.com

“The attack exploits a well-known security flaw in Google and Microsoft’s handling of authentication frameworks such as DMARC,” said a representative at GreatHorn. “While an organization can dictate how it wants DMARC failures and exceptions to be handled, Microsoft Office 365 typically ignores those directives and, at best, treats them as spam or junk instead of quarantining or rejecting them, making it more likely for the user to interact with such spoofs.”

They go on to say that they first discovered the attack recently and that they believe this same strategy could be used to trick other security companies and the most savvy users. Even large security companies like McAfee, KnowBe4 and Symantec could become victims. Security professionals are recommending that everyone keep their admin security awareness level set at high.

Why Does Phishing Work So Well?

Phishing has become a serious problem all over the world, and that’s because it works so well. There are two types of phishing: email spoofing and website spoofing. These are the primary ways that hackers infiltrate your database.

Cyber thieves can get sensitive information from unsuspecting internet users, such as log-in credentials. Though the two can be used separately, they are often used together. First, a spoofed email tricks the user into visiting a spoofed website. There, the user is asked to enter their log-in information or their financial information. Either way, the end goal is to steal from the user.

In spite of so much press and news about hackers and the various ways they steal from consumers, many users are still unaware and unprepared.

How Can Cyber Thieves Get Into My Network?

Businesses are a bit more informed but they do get complacent, and this can lead to a data disaster. A distracted employee clicks on an attachment in an email without thinking, and suddenly a ransomware virus is downloaded. This is often the way it begins. In spite of efforts to educate all workers about phishing, malware and ransomware, this is still the most common way that a hacker will get into your network.

What About Third-Party Vendors?

The second most popular method is through third-party vendors. You might have the best cybersecurity on the planet, but what about your vendors? If the company that emails your utility bills isn’t being proactive about cybersecurity, they can inadvertently cause you to become a victim of cyber theft.

That’s why it’s so important to ensure that vendors only have access to the data they need. Keep that data in one centralized repository that is separate from your main database. Vet, manage and monitor all third-party vendors. Are they fully informed about security risk requirements? There are lots of other little tips and tricks that can help you manage third-party vendors.

Even if a 3rd-party vendor or business partner is responsible for causing a data breach, the business owner is still held legally responsible.

Steve Durbin of the Information Security Forum, comments about this growing problem:

“In our increasingly interconnected workplace, companies must consider not only their own system integrity but also the system integrity of any other party with access to their computer systems. Hackers will seek the weakest link, and that link is often a third-party provider. A company’s robust internal practices and policies may be futile if that company’s vendors are not secure.”

Why Is Cyber Crime Growing?

As cyber thieves continue to steal from people all over the world, they create new ways to do this. After all, many people have become familiar with specific phishing scams so they may not work as well. The solution is to come up with new scams that seem really enticing; things that users may not have heard of before. The more convincing hackers can make their scams, the more successful they will be.

The entire landscape of cybercrime is changing. It used to be mostly young guys sitting in their parent’s basement, trying to find clever ways to pass the time. Unfortunately, this crime has become so successful that the governments of countries are now involved. A large majority of all ransomware scandals originate in Russia. The government employs hundreds of hackers. They have teams of IT experts who work around the clock to create new and more effective hacking scams.

When hackers are backed by a government like China, they have practically unlimited resources. This makes them even harder to stop. If they were simple individuals committing their crimes for personal gain, the authorities could track them down and put them in jail. But today’s cybercriminals are well-organized agencies that are part of a large foreign government, so stopping them is almost impossible. So what can you do as a business owner?

You may have spent years trying to build up your company. You have a huge amount of time and money invested, and yet one cyber-attack could bring your company to its knees.

The first thing you need is knowledge. Knowledge is still power in our world. You need to know how cyber-attacks occur. What are the latest phishing scams? How does ransomware work? You also need to train your employees so they will know as well. Just one careless employee can open the door to thieves and cost you thousands of dollars. It’s much cheaper to train your employees. And this must be done on a regular basis. All employees forget. They get lazy. They may be trying to work and eat lunch. We all get distracted.

You can also talk to Radius Executive IT Solutions about improving your network’s security perimeter. These days, there’s really no such thing as too much internet security.

Did you like this article? Check out Important FBI/DHS Warning: Update On FBI And DHS Warning: SamSam Ransomware, or Threat Advisory: SamSam Ransomware, to learn more.