Social engineering – How hackers get at your data without programming skills

Social engineering – How hackers get at your data without programming skills

“There’s no technology today that can’t be overcome through social engineering.” (Kevin Mitnick, former hacker and social engineering expert)

Even with the best technical security precautions, every company has a risk factor that is difficult to control: the human one. To get hold of important data or gain access, a hacker needs to understand not only computers but also people. What exactly is social engineering and how can you protect yourself? We will answer key questions about this in the article below.

What’s behind “social engineering”

Social engineering is all about manipulating individuals on an interpersonal level. It involves the hacker trying to gain their victim’s trust and persuade them to reveal confidential information, for example, or to share credit card details and passwords.

The method is not something that only occurs on the Internet, but a scam tactic that has been used for many decades. One of the best-known ploys is the “grandparent” scam, where a fraudster telephones an elderly person and passes themselves off as a relative in desperate need of money (German police program for crime prevention, 2017).

Criminals also regularly use social engineering for financial gain through online dating services. A seemingly young, attractive woman will contact a man who is obviously looking for a new partner. The imposter plays their single-woman-in-love role well enough to win the victim’s trust in a relatively short time. Then the criminal asks the victim to help them with money for something like visiting their “new partner” – after which they often cut off contact.

Social engineering attacks on companies

If social hacking works in the private sphere, then businesses are the next target up for criminals – chiefly because there are often higher sums of money up for grabs here. Hackers follow much the same approach as with private individuals, although obtaining the information needed for a professional attack takes significantly more time. This makes the following information especially relevant for cybercriminals:

  • Who is the head of the company (CEO) and which individuals are in leadership positions?
  • Who is authorized to make bank transfers?
  • When is the CEO on vacation or out of town for a work trip?
  • What business activities are currently happening?

Hackers will usually target an employee who is authorized to carry out financial transactions, sending them an urgent message from a fake email address that looks like it has come from the boss.

Examples of Social Engineering:

Due to the apparent urgency of the request, the email recipient then finds themselves rushing to follow their superior’s instructions without asking any significant questions. Once the data has been sent, the cybercriminal goes straight to work or money is transferred directly to the social hacker’s account. In 2016, large enterprises like Austrian aeronautics supplier FACC and Nuremberg-based cable manufacturer Leoni learned hard financial lessons about this modus operandi when they suffered losses of several million euros.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

But be warned – CEOs and people in accounting are not the only ones who are vulnerable:

“Hey,
Felix from IT here. I’ve noticed a couple of irregularities with your account on our system. Can you give me your login details so that I can check it out?

Regards, Felix”

How would you react to a message like this? Would you reply? You may not know everyone in IT, but Felix appears to be a coworker and looking to help you safeguard internal IT security.

In large firms especially, most employees will not be familiar with the whole IT team. Anyone trusting such an email makes it possible for sensitive data to be stolen and puts many other areas of a business besides IT security at immense risk.

Phishing: the impersonal form of social engineering

A less laborious type of social engineering is the classic phishing email. This usually involves fake PayPal emails containing a link to a simulated website so much like the original that it is difficult to notice any deception. The email will ask people to update or verify their login details on this website, but doing so delivers the data directly into the hands of the scammers.

Unlike a personalized email, these messages are highly generic. The classic phishing email is based on a simple and less costly method, which means huge volumes of emails are sent. Even if only a fraction of the recipients fall for the ruse, hackers will have found the social engineering attack worthwhile..

Social engineering needs no programming expertise

Technical obstacles are overcome simply by employing psychological tricks, with hackers exploiting people as the weakest link in the IT security chain. Even the most secure vault in the world can be opened if the access details are handed over to unauthorized individuals. This saves the criminal a great deal of technical effort and lessens the chance of them being detected by IT security measures.

If you had replied to the email from Felix above, the hacker would have infiltrated the company network within a few minutes. No effort, no programming skill, no great risk. Criminals leverage employees’ fundamental trust and curiosity in order to steal data or money.

How can I protect myself and my company against social engineering?

Organize preventive training sessions on a regular basis to educate yourself and your colleagues about the dangers of fake emails. Regular information emails can also help to raise awareness of the issue.

As long as criminals have not gained access to an employee’s or the CEO’s email account, there are several different ways to recognize fake emails:

  • Verify the sender address: Check the sender address carefully. Is the email address really correct? Have any letters been swapped, maybe? Or an upper-case I replaced with a lower-case L? There will often be an automatically generated and untraceable second email address behind the first one. If you think an email is suspicious, you can take a closer look at the header. Information like the actual sender and the server that the message was sent from can all be found in an email’s header. In most cases, the sender is the clearest criterion for identifying a fraud attack.
  • Check first hand: Contact colleagues directly if you’re unsure. Call the person in question or speak with them face to face.
  • Rhetoric: With CEO fraud attacks especially, it is important not to let yourself be intimidated. Ask yourself whether the boss really wants to transfer €20,000 into an unknown account without anyone’s knowledge. Or consider whether your IT colleague Felix could in fact have noticed “unusual activity” and why that would make him require your login anyway. And even as a private individual – if you receive a surprising email from a company where you are a customer, it can help to make a brief call to their support team.
  • Pay attention to spelling mistakes: Phishing emails, in particular, are full of misspelled words; from an incorrectly written name to sloppy language that suggests the text was not written by a native speaker but perhaps translated by automated language software.
  • Don’t click on links directly: If the content of an email leaves you in any doubt, the best thing is not to click on any links inside it and instead to access the website concerned directly through your browser. For example, if Amazon asks you to update your details, then you should go directly to Amazon.com and look for a corresponding message there. If there is nothing to be found, you have likely received a phishing email.
  • Hover over links: Before you open a link, mouse over it. With most browsers, a small window will open in the bottom left. This is the URL which will be accessed when the link is clicked. Checking the URL provides information about the true destination of the displayed web address.

Google phishing quiz: Your free awareness check

A few weeks ago, Google created a security quiz in response to the sharp growth in phishing attacks. This quiz challenges you to try and spot a phishing email. Can you see through any social engineering attack? Find out now!

Additional safeguards with Hornetsecurity Advanced Threat Protection

Classic phishing emails will generally be identified and weeded out immediately by a good spam filter. A personalized social engineering attack, however, is not much different from a perfectly ordinary email. These unwanted emails will therefore end up in your inbox in spite of spam filtering.

Advanced Threat Protection goes a step further: various deep filters and heuristic detection mechanisms will uncover almost any fake email. With the help of AI, the filter learns from every attack and thus improves its detection rate on a daily basis. Advanced Threat Protection covers many of the above points completely automatically.
Ultimately, though, you should always question every email and be cautious about sharing data.

Malware – The Cyber Century’s Growing Threat

Malware – The Cyber Century’s Growing Threat

In the last two years, malicious programs like WannaCry, Petya and Ryuk have made it abundantly clear that malware and cyberattacks are entirely capable of bringing companies with inadequate cybersecurity to the brink of a shutdown and even driving them to bankruptcy.

During 2018, the Hornetsecurity Security Lab noticed a massive increase in emails with harmful attachments. The Emotet, Hancinator, Zeus and Trickbot trojans gave companies particular cause to be wary – in terms of email volume, these were among the biggest malware campaigns of 2018. A breakdown of malware attacks and their monthly incidence throughout 2018 is shown in the infographic. Hornetsecurity has analyzed the individual campaigns and painted a clear picture of what formats and files were concealing malicious software.

Malware is now the biggest threat to businesses, as according to the BSI (Federal Office for Information Security) report on “The State of IT-Security in Germany 2018”, 57 percent of all recorded cyberattacks can be traced back to malware infections. Email communication is the main method of transmission – masquerading as a harmless email, malware may be hiding in an attached Office file, for instance.

Ransomware, cryptominers, and spyware can lurk in Word documents as well as behind web links, and are among the varieties of malware most favored by cybercriminals. While malware sent via indiscriminate mass email (also known as spam) has declined sharply in recent years, businesses in particular are more and more often subjected to targeted and complex attack campaigns. Hackers are increasingly using social engineering and spear phishing to sneak malware onto company operating systems.

Over the last two years, the proportion of all recorded email traffic that is infected with malware has risen to around 1.3 percent. When dealing with a volume of 1,000 emails per day, that means at least 13 emails will contain malware; for a company that receives several thousand emails a day, it means that without adequate email security, the risk of falling victim to a malware attack is extremely high. After all, this is a particularly lucrative approach for cybercriminals. The German industry alone lost a total of around EUR 43 million due to malicious software in 2017 and 2018.

Developments such as growing connectivity and changing communication platforms will likely increase malware attacks and associated losses even further. Cyber risks are among the greatest dangers of going digital. Ransomware, one of the most widespread types of malware, is a particularly promising source of profit for hackers. . The fear of negative PR and the potentially far-reaching consequences inadequately protecting internal data is too high.

The last few years show a clear trend in the spread of malware: attacks will continue to proliferate. Until companies consider email and cybersecurity a necessary requirement in safely maintaining corporate communication and operational processes, cybercriminals will keep cashing in at their expense.

Cybercrime: Ruthless, extremely complex and a never-ending story

Cybercrime: Ruthless, extremely complex and a never-ending story

No year before has made more headlines in digital crime than 2018. This is the conclusion of the latest edition of the Hornetsecurity Cyberthreat Report. Not only the quantity of crimes has increased rapidly, but also their quality. According to a spokesman for the State Criminal Investigation Office (LKA) Lower Saxony in response to a request from the German newspaper “Hannoversche Allgemeine Zeitung”, the number of criminal activities via the Internet alone has increased by 30% in recent years.

Cyberattacks such as Advanced Persistent Threats, Malware and Spam as well as the transfer of “typical” criminal activities to the online world are responsible for the rapid increase. These criminal activities include trading of weapons, drugs, illegal pornography and counterfeit papers. “The criminals use the possibilities of digitalization extensively, not only in communication”, says LKA spokesman Marius Schmidt. In particular, the Darknet is becoming increasingly significant.

The number of unreported cases is massive

According to the Cyberthreat Report cybercrime is the world’s third largest threat after environmental disasters and political tensions. In 2017, the Federal Criminal Police Office (BKA) was able to identify almost 86,000 cases of cybercrime in Germany – an increase of four percent compared to the previous year.

The cost of the damage caused by cybercrime increased just as rapidly. Whereas cybercrime in Germany caused economic damage of 50.9 million euros in 2016, 71.4 million euros were lost in 2017. The worst thing about these numbers: These are only financial damages caused by cases registered by the BKA. Experts estimate that this number represents only 9% of the total loss. That means there are more than 90% of unreported cases .

But why is the number so high? Experts assume that cyberattacks are often noticed far too late, or not at all. However, in many cases they are not even reported to the relevant authorities by the companies concerned. This is due to the concern about loss of reputation and image. The latest massive cyberattack on the Marriott hotel chain is a classic example of such an incident. For years, hackers stayed unnoticed in the network of the world’s third-largest hotel group and, among other things, captured credit card data from half a billion customers. The German industry association Bitkom comes to completely different results due to such cybercriminal incidents. It recorded an enormous amount of damage of 55 billion euros.

Advanced Persistent Threats still very popular

As in 2017, the popularity of Advanced Persistent Threats among cyber criminals continues uninterrupted. With the attack on the French construction company Ingérop, the hackers once again proved the significant threat potential of such sophisticated cyberattacks. They succeeded in transferring malware into the IT infrastructure by means of a professionally designed phishing campaign on employees of the Group. This served as a door opener for a large-scale data theft. The hackers captured a total of 65 gigabytes of sensitive data, including construction plans for nuclear facilities and high-security prisons. Furthermore, sensitive personal data of a total of 1,200 Ingérop employees were stolen.

Also, the German armament company Krauss Maffei recently experienced an attack of this kind. Hackers penetrated the company’s IT systems and infected it with malware. The production process had to be shut down for a week afterwards. This was followed by an extortion attempt with a ransom demand.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

Malware remains standard

Compared to Advanced Persistent Threats, malware is far less complex, but still very effective. In general, it is used to perform unwanted or harmful functions to users. The cyber criminals use malware to increase their income, for example. The great variety of malware makes it a very popular tool for hackers.

This popularity is also reflected in its distribution: between 2006 and 2017, the number of malware incidents increased constantly. Email communication is the main gateway to malicious file attachments. Office files are particularly popular as disguise. Every third malware sent disguised itself as a Word, Excel or PowerPoint file, as can also be read in the Cyberthreat Report.

Spam emails – threat potential increases

Spam is no longer as popular among cybercriminals as it was ten years ago. The Hornetsecurity Cyberthreat Report concludes that in 2018 not even every second email was a spam email. The situation was different back in 2009: At this time, it was almost 100 percent of all emails. Anyone who thinks that this trend is positive is unfortunately mistaken. Whilst ten years ago almost no spam email contained malware, today this is quite different. More and more emails are packed with malware such as viruses, Trojans, Ransomware or spyware.

To summarise: The battle is far from lost.

Even though the damage caused by cybercrime is steadily increasing and it is becoming increasingly difficult to cope with the complex threat situation, the final “battle” has not yet been fought. More and more companies are aware of the current threat situation and are implementing intelligent IT security concepts as well as effective Managed Security Services to prevent sophisticated cyberattacks.

While expenses for Managed Security Services added up to 4.27 billion US dollars in 2016, this amount will be doubled to 8.26 billion US dollars in 2021. Companies have realized that they need to prevent cyber threats from the very beginning. Once the threat has invaded the IT infrastructure, it’s already too late.

In our latest Cyberthreat Report you can find out in detail which trends and developments are currently particularly affecting the world of cybercrime and which dangers result from this.

Phishing emails – on a fishing trip at the data flow

Phishing emails – on a fishing trip at the data flow

The email from the principal bank came completely unexpected, its design very authentic, the content unsuspicious at first glance: ” We’ve detected a security breach in our systems. Please log into your account immediately to verify your identity”. – many recipients of such an email are not able to see its hidden fraud. That is because this is not a security breach or a well-intentioned advice from the credit institution, but a classic phishing email.

But how does phishing actually work and is a non-expert able to see through the scam? What happens after I fall for the fraud? Why are phishing emails called that way and how can I protect myself from these attacks? Questions about phishing are a dime a dozen. This blog post aims to shed some light on the abysses of phishing and shows not only how to uncover phishing emails with a few simple tricks, but also how not to let them into your mailbox in the first place.

The name says it all

The word “phishing” established itself in the USA in the 1990s and has less to do with the open sea and its inhabitants, but parallels to the English word “fishing” can still be drawn. Because in phishing, cybercriminals literally “catch” the personal data of their victims in a fraudulent way.

The word “Phreaking” also influences the naming process. It describes the sneaking of free telephone calls by generating a 2600-hertz tone played into the handset that could mislead certain switching centres in the USA, France or Japan, for example, to set up telephone calls.The amusing thing about this is that exactly this 2600-hertz sound can be produced with a toy pipe that was once a promotional item for the “Captain Crunsh” cereals. However, modern switching technology no longer allows this method, although this procedure is the beginning of today’s well-known “hacking”. The term “phishing” is a neologism of the two words “fishing” and “phreaking”.

How does phishing work?

A phishing attack is a digital identity theft. The hackers send fraudulent emails, which for example imitate the design of well-known Internet service providers such as Amazon or PayPal as well as leading financial institutions.

With the help of insidious pretexts, the partly appearingly fraudulent messages try to lure their recipients to fake websites to have them reveal their personal data. They claim, for example, that there has been a hacker attack and that the supposedly affected account is no longer secure. Only if the user verifies his personal data on the website which can be reached via a link, the security of the account will be ensured.

The link embedded in the email is often very difficult to expose as a fraud. This is simply because the cyber criminals put a lot of value on the fact that the implemented links look as authentic as possible. By buying domains, such as “amazn.com”, which look almost similar to the original, the fraud is successful in most cases. According to the Anti-Phishing Working Group (APWG), nearly 114,000 of such phishing sites were online in March 2018.

In order to make the fraud perfect, this obviously also applies to the sender addresses of the phishing emails. The actual Amazon sender address moc.n1563470729ozama1563470729@ylpe1563470729ron1563470729 will then be changed to moc.n1563470729ozma@1563470729ylper1563470729on1563470729.

With certain email clients it is also possible to use a display name to cover up absurd sender addresses, such as moc.n1563470729imaod1563470729@rekc1563470729ah1563470729, which have nothing to do with – in our case – Amazon. Visually, this fraud can only be detected with a precise look and most victims do not notice the fake at all or at least when it is already too late. Once the victim has entered his or her personal data on the malicious website, the information is transferred directly to the cybercriminals.

Phishing and its varieties

Regular phishing emails, like spam emails, are intended for mass mailing. Cybercriminals purchase large amounts of email addresses for this purpose or use data they have captured. These fraud messages are then usually sent to millions of different people. Even though for some phishing emails the focus is not on details, they can often achieve significant success rates – at least when you look at total figures. The situation is quite different with so-called spear phishing.

The method relies mainly on the traditional phishing scam, but in this case “spear phishing” is a targeted email fraud.It can be adapted to a specific company as well as to a specific person. The purpose is to steal sensitive financial or login data. Through social engineering, cybercriminals find out as much personal information about their tagret as possible in advance so they can fake deceptively real-looking email communication. In best case, the victim does not notice the fraud and is directed to a fake website, where he or she then reveals his or her data.

What do the digital pirates want to achieve?

In most cases, the information “obtained” by the cybercriminals is access data for online banking accounts or other web-based banking services, as well as credit card information in general being a popular target.

The motivation of the attackers can be quite different and ranges from financial enrichment in the sense of account robbery or the selling of data, up to hacker attacks on companies, which are accomplished by the information of the captured data.

I have been a victim of a phishing attack – what should I do now?

Despite all the security measures, it happened and you became the victim of a phishing attack. Often one notices this only when it is already too late. Now it’s time to stay calm and react quickly! It is best to inform the operator of the affected account about the phishing attack immediately so that he can initiate appropriate measures and make the fraud public. In some cases, you can also become active yourself by changing the access data of the relevant account or by locking it if possible.

How can I effectively protect myself from phishing?

The success rate of phishing emails is very high. In 2017, Trojaner-Info.de even reported about an extremely complex phishing attack against frequent flyers, which had an immensely high success rate of 90 percent. Becoming a victim of a phishing attack can happen faster than you think.This makes it all more important to be prepared in advance for potential phishing attacks. We have therefore listed the most important recommendations in the following section.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

1. Sensibilisation

First of all, the right sensibilisation to the defence against phishing emails is a good base.. Many users are not sufficiently aware of dangers hidden in their email inbox, such as phishing attacks.It is therefore difficult for them to identify malicious emails as such. However, the risk of a phising campaign can be reduced with a little prior knowledge.

If phishing is suspected, the first thing to be checked is whether the sender address actually matches the original domain or whether it contains additions or spelling mistakes. If this is the case, it may be a first indication of a phishing attack. A further hint may be impersonal greeting, such as “Dear Ladies and Gentlemen”. For example, a bank would always start its emails to customers with a personal salutation. In addition, you should never click on links or buttons placed in emails, since as a “normal user” it is unfortunately very difficult to check if the supposed link destination is actually correct.

If the address is similar to the original domain and seems unsuspicious at first, you can check this by matching both URLs. In addition, you should never reveal personal information in any email communication.

2. Active protection

Beyond awareness, there are things that can be done to actively defend against phishing attacks. In the email client, for example, the “run active content” function should be deactivated, as this can lead to harmful content being automatically run unnoticed.

If you don’t want phishing emails to be delievered to your inbox the first place, you shouldn’t miss out on a spam filter service. Hornetsecurity’s Managed Spam Filter Service reliably filters 99.9% of all email threats, including phishing emails.

Hornetsecurity Advanced Threat Protection is designed to detect even the most sophisticated phishing campaigns through a bundle of security mechanisms such as Fraud Attempt Analysis, Identity Spoofing Recognition or Targeted Attack Detection. This ensures that no employee accidentally falls for a phishing email – even with the most advanced security measures.

Example of a phishing email:

Phishing email example

Classic phishing email in which cybercriminals disguise themselves as credit institutions. Using the pretext that there have been unusual login activities on the account, the target person is forced to verify their account details. The design is indistinguishable from the regular design of the bank. The email does not contain any spelling mistakes and the formatting is correct. Advertisements in the email with links to the real website and the QR coder for the banking app round off the overall picture. Since it is a credit institution from South Africa, even the sender domain “abSaMail.co.za” is quite credible. Only the prefix “xiphaMe” looks strange and indicates a fraud.

Example of a spear phishing email:

Spear Phishing email example

Example of a perfidious spear phishing email*. The fraudsters used social engineering to find out the names, email addresses and most likely the relationship between two employees. They then used the captured information to recreate an email communication that was as authentic as possible. Trust is built through personal salutations and insider knowledge of the company’s lawyer. The email address of the alleged sender is also entered in the name field. This is to suggest that it is actually the correct sender address. The actual sender address only follows after this.

*The example shown is a real spear phishing email. For data protection reasons, all personal information has been changed.

Emotet: Comeback in a new guise

Emotet: Comeback in a new guise

+++ UPDATE 05.12.2018: The Hornetsecurity Security Lab is currently observing an immense increase in the number of dangerous emails, which come with the malicious malware “Emotet”. Also the BSI informs about the growing threat, by the current Phishing and Spam campaign, which spreads “Emotet”. The affected companies suffered from failures of their entire IT infrastructure, which resulted in immense capital damage.

Disguised as an Office Word document attached to a legitimate email, the malware is installed on a computer when opened and reads contacts and email content from the mailboxes of the infected system. Furthermore, Emotet has the ability to reload additional malware that allows hackers to read access data and provide remote access to the system.

In September this year, Hornetsecurity already published a report about the appearance of the malware as an invoice disguised as a PDF document, which reloads a banking Trojan when executed.+++

New Emotet version

Since Christmas last year, no major offensives by the banking Trojan Emotet have been observed. Now it appears in a new shape and is distributed by an insidious blended attack.

The malware specialists from our security lab found a new type of the banking Trojan Emotet on Thursday, 06.09.18 and investigated the attacking method in more detail.

Earlier versions of Emotet were mainly distributed directly in email attachments or through links in email bodies. This new type uses a more complex delivery method: it is hidden in the form of a PDF document disguised as an invoice and attached to a phishing email.

Emotet phishing email

Phishing email with attached PDF document

Emotet PDF document

PDF document with link to Office file

The content of this PDF document contains a link to download an Office file.

Emotet office document

Office document

Once the user opens the file, a macro is executed that downloads the dangerous malware.

Statische Analyse Emotet Code-Fragment

Static analysis – code fragment

Emotet uses this cover-up technique to circumvent virus filters and sandbox analyses. So far this seems to work well, because not even a third of the antivirus programs listed on VirusTotal classify the file as dangerous.

On the safe side with Advanced Threat Protection

The URL scanning feature of Hornetsecurity’s Advanced Threat Protection detects files, however well hidden they may be, and protects customers’ IT from this persistent blended attack even before the phishing mail arrives.

Malware – Cybercriminal’s favourite

Malware – Cybercriminal’s favourite

When the question is brought up as to what the term “malware” is all about, most people do not understand what the term is about. Often words like “virus” or “Trojan” are used. This is not necessarily wrong, but also not actually right. After all, the topic is much more complex and is not just about viruses and Trojans.

This blog post gives an insight into the world of malware and explains what the term actually stands for, why cybercriminals use malware and what kind of security measures are available.

More than just viruses and Trojans

“Malware” is a neologism composed of the two English words “malicious” and “software”. Mistakenly, malware is often used synonymously for the words virus or trojan, but the world of malware is much larger and more complex. In fact, malware is simply a collective term for various malicious programs, which in addition to viruses and Trojans also include “exploits”, “backdoors”, “spyware”, “worms” and “ransomware” – to name just a few of the most important representatives.

According to a study by av-test.org, trojans made up the majority of widespread malware on Windows with 51.48 percent. Far behind rank viruses with 18.93 percent followed by scripts with 10.56 percent. All other types of malware, such as ransomware, only play a minor role in the frequency of their occurrence.

Percentage of malware types

%

Trojans

%

Viruses

%

Scripts

Viruses, Trojans and worms – what are the differences?

Computer viruses are the classic type of malware and were already developed in the early 1970s. They are designed to infect other files and can spread from one computer system to another and contaminate it as well. Viruses cannot be activated without human intervention because the compromised file must be executed first.

A Trojan, on the other hand, is not a virus, but a malicious program that disguises itself as a good-natured application – which is why it is often referred to as a “Trojan horse”. Unlike viruses, Trojans do not replicate themselves. They allow hackers to take control of the infected system via a so-called “backdoor”.

Computer worms differ from viruses in their ability to spread without any intervention. By using a data interface, the malicious program can spread automatically. Since the worm can replicate itself within the system, there is a danger that not only one worm but hundreds or even thousands of copies will be sent. In the final instance, this can result in a system having to provide so many resources that no response or only extremely slow feedback occurs.

Spyware – The Spy in the System

spyware is considered the spy among malware types. It is out to record and steal entered user data. For example, it records logins in social media accounts or spies on account data during online banking. The captured data is then transferred to the hackers, who either resell it or misuse it for their own, mostly financial, interests.

Spyware can appear in different ways. On the one hand, it is possible that a so-called “keylogger” is used, which records keystrokes. On the other side, “Screencast” can be used to monitor the user’s screen activity. Hackers can also use a “browser hijacker”

 

Ransomware – When the computer demands ransom money

Ransomware is a form of malware that is able to prevent access to all data stored on a computer. The hackers encrypt the files stored on the hard disk and after a successful infection usually leave a message on the screen of the victim with the demand a ransom. If this doesn’t happen, it is threatened that the encrypted files – depending on the implementation of the Ransomware – will not be decrypted or even deleted.

There are plenty of ways to infect computers with ransomware. By far the most common gateway, however, is email communication. The cybercriminals often use social engineering to impersonate a well-known organization or a familiar person in order to suggest trust.

to impersonate a well-known organization or a familiar person in order to suggest trust.
In many cases, the Ransomware is contained in an Office document that is sent as an attachment. A pretext is used to persuade the recipient to open the file. In this case, all data on the hard disk is encrypted. Especially in recent years, there have been massive Ransomware attacks, known as „WannaCry“ or „Petya“. Even if Ransomware only appears rarely in the frequency of occurrence: The damage that can be caused by the aggressive cryptotrojans should never be underestimated! Measured in absolute figures, one percent of total malware worldwide is still a significant number.

 

 

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

 

Exploits and Backdoors – The ace up the sleeve

Exploits are a popular tool used by hackers to exploit vulnerabilities or security gaps in software and use them to enter computer systems. An exploit can be a simple theoretical description of a vulnerability or a directly runable program code.

The range of different types of exploits is so wide that there is the right exploit for almost every occasion. They differ not only in the type of attack, but also in their effects. Depending on its type, the malicious program can write or read data, for example, or even crash a system. Well-known exploit types are the zero-day attack and the denial of service exploit (DoS exploit).

 

 

A backdoor, on the other hand, represents an alternative, mostly hidden access to a software or hardware system. This enables the provider and its partners (e.g. secret services) but also hackers to circumvent the access protection and gain access to the system. As already mentioned, Trojans also have a backdoor, but it has to be clearly defined: The Trojan only serves as a means to an end, since it pretends to be a useful program and ensures that the computer can be compromised via the built-in backdoor. The backdoor ifself does not require a Trojan, as it can be installed in the system from the very beginning.

 

 

Many types of malware, one solution?

The professionalism of malware attacks is increasing day by day. In particular, attacks through ransomware are very popular among cybercriminals. Those who think that there is THE solution to the problem of malware are unfortunately mistaken. Rather, a company should have a sophisticated security concept with many different measures. In the following we will describe in detail which measures can be considered.

Many components must work well together to achieve an optimum of protection against malware. However, the most important point is to increase the awareness of employees against cyber attacks. A company’s employees must be conscious of the threats caused by malware. Information about the various malware distribution channels should therefore be integrated into the daily work routine in regular training courses, for example.

To be on the safe side, companies are advised to use a spam filtering service to prevent malicious emails from reaching employees’ email inboxes in the first place. In the unlikely event that a malware program should ever be able to infect an employee’s computer, then an antivirus program is still a useful method of defeating the invader.

Also updates should not only be common for antivirus programs. It is advisable to establish a process that regularly reviews the actuality of the programs used, in order to update them if necessary. Those who stick to these tips are at least less likely to become a victim for cybercriminals.

 

 

Additional information: