By Nick FitzGerald, Senior Research Fellow, ESET
This was a global campaign targetinguniversities around the world as educational institutions hold intellectual
property (IP) that is attractive to cyberattackers. Depending on the
motivations of the attackers, this IP may be sold for financial gain or used by
a commercial or state actor to gain competitive advantage.
These attacks against universities serve as
a reminder that more cross-country collaboration is needed to stop attackers
from gaining an upper hand as cyberattacks transcend national boundaries. More
industries and governments should share information and best practices so that
we have a more coordinated strategy when dealing with attacks on such scale.
a reminder that more cross-country collaboration is needed to stop attackers
from gaining an upper hand as cyberattacks transcend national boundaries. More
industries and governments should share information and best practices so that
we have a more coordinated strategy when dealing with attacks on such scale.
The use of a spearphishing attack here also
reaffirms that people continue to be the weakest link. More needs to be done to ensure all staff are
regularly educated and updated about the latest cyberthreats and how to protect
themselves. In addition, organisations should look to incorporate multi-factor
authentication technology as an added layer of security. This would strengthen
an organisation’s defence, especially against phishing attacks. A simple
password can no longer be relied on as adequate protection against attackers.
Whether it is biometrics, 2FA or other methods of authentication, multi-factor
authentication technology is a stronger deterrent.
reaffirms that people continue to be the weakest link. More needs to be done to ensure all staff are
regularly educated and updated about the latest cyberthreats and how to protect
themselves. In addition, organisations should look to incorporate multi-factor
authentication technology as an added layer of security. This would strengthen
an organisation’s defence, especially against phishing attacks. A simple
password can no longer be relied on as adequate protection against attackers.
Whether it is biometrics, 2FA or other methods of authentication, multi-factor
authentication technology is a stronger deterrent.
Phishing is arguably one of the oldest
online scams in the world but still remains one of the most effective and
commonly deployed by cybercriminals. These are some common signs of phishing
attacks and tips for users to remain safe:
online scams in the world but still remains one of the most effective and
commonly deployed by cybercriminals. These are some common signs of phishing
attacks and tips for users to remain safe:
–
Peculiar
domain names – Users should always place their mouse over a web link in an
email to see if they are actually being sent to the right website as cybercriminals
may use these ‘fake’ sites to steal login credentials.
Peculiar
domain names – Users should always place their mouse over a web link in an
email to see if they are actually being sent to the right website as cybercriminals
may use these ‘fake’ sites to steal login credentials.
–
Shortened
URLs – Cybercriminals often mask ‘fake’ sites using URL shortening services. Be
aware that there are very many more URL shorteners than the well-known few such
as Bitly and TinyURL!
Shortened
URLs – Cybercriminals often mask ‘fake’ sites using URL shortening services. Be
aware that there are very many more URL shorteners than the well-known few such
as Bitly and TinyURL!
–
A
sense of urgency – Cybercriminals know that exhortations to action at very
short notice tend to switch off our critical faculties, as the ‘need to help’
takes hold, so be especially aware of messages with a sense of urgency.
A
sense of urgency – Cybercriminals know that exhortations to action at very
short notice tend to switch off our critical faculties, as the ‘need to help’
takes hold, so be especially aware of messages with a sense of urgency.
–
A
request for personal information – If unsure, users should make an independent
check with the organisation involved.
A
request for personal information – If unsure, users should make an independent
check with the organisation involved.
–
Poor
grammar – Spelling mistakes, typos and unusual phrasing are unlikely in
official communications from a legitimate service provider.
Poor
grammar – Spelling mistakes, typos and unusual phrasing are unlikely in
official communications from a legitimate service provider.
–
Always
double check when unsure – If you have the slightest doubt about the
authenticity of any email, the golden rule is to always check with the relevant
administrators.
Always
double check when unsure – If you have the slightest doubt about the
authenticity of any email, the golden rule is to always check with the relevant
administrators.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
