What Exactly Is a Security Posture & What Does It Mean to Your Business

Our business ecosystems have begun rapidly changing, with cybercriminals evolving rapidly, a new vocabulary is developing. A new addition to the lexicon of many is the concept of “Security Posture.” Another techy-word, referring to the strength and security of your IT infrastructure. Putting an increased presence on internet-born vulnerabilities for business technology. How you manage current hardware and software purchases, policy & procedure generation and controls.

What Makes-Up Your Security Posture

Any of these singular aspects are defined under cybersecurity,  your security posture develops the likelihood of a breach,  and what it would take for hackers to gain access to these critical pieces of network technology, but also the state of your employees, and if they can spot similar threats, making these difficult for many to observe.

In the context of managing cybersecurity, larger organizations, including Directors of IT, Chief Technology officers, and any compliance officer, must make decisions based on the deliberation and analysis of their security posture. Generating a better understanding surrounding certain aspects of your cybersecurity approach, but this is simply not enough anymore. In today’s connected age a more holistic approach is needed to meet regulations and compliance.

What Can You Do with This Type of Information

Business’ will be asked to quantify risk, and the cost associated with a disaster and soon realize, physical, virtual, and human factors all add greater value when combating risks. Your Security Posture can be defined by many experts today as “your business’ stance on cybersecurity and where you land in today’s connected landscape.”

Your cybersecurity posture combined with reliable reporting and analytics will enable you to understand the likelihood of future breaches and attacks.

  • Define the likelihood of a breach instead of the reactive reflection that occurs by many, once a security incident happens.
  • Better control and investigate where risk can be introduced, from those with access to your systems.
  • Determine your budget for risk, and establish a plan to mitigate your risk.
  • Benchmark your cybersecurity posture against your industry.
  • Prioritize assets and investments through their life-cycle to build a realistic point-of-view.

Wish to Better Understand Your Organization’s Security Posture?

Begin understanding how your organization is managing cybersecurity and how prepared your business is for the next attack. Define the cost of an attack, and take away the teeth cyber attacks can have on your network with a Security Posture Evaluation. If your business would prefer an entire analytical analysis by one of our security specialists, we would be happy to assess your network.

Windows Server 2008 End-Of-Life Support Begins Looming as Business Scramble to Act

It seems like we just went through this with Windows Server 2003, but we’ll soon be losing yet another Microsoft flagship product. Windows Server 2008 R2 and Exchange 2010, reached it’s “end-of-mainstream support” on January 13th, 2015 but the final blow will come January 14th, 2020. The exact same date for the end-of-support for Windows 7 Operating Systems. Microsoft will officially end its support for Windows Server 2008 and the 2008 R2 editions. It’s a sad beginning but read on and I will point you towards a few transformative paths for on-site, or cloud use.

Although 2020 seems like its lightyears away, update in an IT Infrastructure is a large task, one that will be here before you know it. So, if you’re still running Hyper-V on a Windows Server R2 platform, or worse your still running Windows Server 2003, then you need to start strategizing now, to ensure your company is protected and infrastructure is secure while moving forward.

0Weeks0Days0Hours0Minutes0Seconds

Extended Support Dates in Effect

Windows Server 2008 and SQL Server 2008 and 2008 R2 variants are already on their extended support phase now. As of July 8th, 2019, will be the final date for SQL Server 2008, while January 14th, 2020 will come shortly after. Once these dates hit, you will be running machines at your own risk in this saturated age of cyber-attacks. The good news is the fate of these dinosaur systems isn’t as bad as it would appear. It’s true this date cannot be moved, changed or deflected, but Microsoft has opened several more, cost-effective paths for businesses to begin their infrastructure evolution.

0Weeks0Days0Hours0Minutes0Seconds

Little-to-No Support Leaves Your Operating System Vulnerable

You can continue to use Windows Server 2008 R2 safely in your environments, at least until the expiration date. By doing so, you stand the risk of missing out of several new features being introduced to the Hyper-V family on any Server 2012 operating systems. These features alone warrant an upgrade to your infrastructure prior to the end-of-life support dates.

Remember that once a product reaches its end-of-life, no new features, fixes, or updates will occur. While Microsoft continues to provide what little help for customers with Server 2008 through extending support agreements, they too will no longer be able to receive any form of support from Microsoft come January 14, 2020. Leaving many business systems open and exposed to outside infiltration. All three Windows Server 2008, 2008 R2 (Datacenter, Enterprise, and Standard) will be affected, also including the Hyper-V role.

Post-Upgrade Solutions for Managing Your Old Servers 

  • Path #1:  Seen by many as the traditional evolutionary path, upgrading to a newer version of Windows Server, and SQL Server. This is where you get the most updated features in today’s security landscape. The latest version of Windows Server 2019, and SQL Server 2017.With the only caveat being to host on-premises versions or move to the cloud.
  • Path #2:  Not interested in upgrading to the latest server versions for some reason? We’ve got you covered, with a few options for those who wish to continue using Windows Server 2008 and 2008 R2. To save you money, you could move these workloads into the Azure cloud, using Azure’s Hybrid Use Benefits. The only cost incurred is the computing instance and infrastructure. With the use of Azure Reserved Virtual Machine Instances for Windows Server, you can save further on computing costs.
  • Path #3:  The last path is the most grim for many, it’s the choice to not evolve at all. This leaves many servers including file, or database to receive the updating needed to stop cyber-attackers. For business’ that have already purchased “Software Assurance or Enterprise Subscription,” will receive security updates for a prolonged period of time. We should note, Microsoft has discontinued its assurance agreements, but with more than 90% of affected business’ operating under a “Standard License,” this path doesn’t work for the vast majority of businesses. Once again leaving many without a clear-cut choice.

This is still YOUR Choice

We hope all the information from Clare Computer Solutions, will assist in making sense of the dynamic landscape in technology. If your business wants a second opinion or just a helping hand, any of our team members would be happy to assist you with making your transition as smooth as possible. Reach out today to begin discussing your options in greater detail today.

 

The Scariest New Ransomware Strain Taking Business Networks by Storm

Several security teams have recently discovered the scariest new strain of highly-sophisticated ransomware called MegaCortex. Although this new strain sounds like something out of this world, MegaCortex is a purpose-built threat used to seek and destroy corporate networks, as a whole. Yes, you read that correctly, ENTIRE NETWORKS. What makes this strain on ransomware so unique, is once penetrated, attackers will begin releasing various payloads, infecting your network by rolling out malware to servers, and workstations using your very own domain controller or “DC,” as many know it today.

These attacks have already been detected in the United States, Italy, Canada, France, and a few other European Unions(EU) nations. This comes to many in the cybersecurity community as a recently discovered strain, meaning not much is known about how it’s encryption works, or how they are getting in. Worst of all, we don’t know if the ransom payments are being honored as of yet. This is everything we know about MegaCortex ransomware.

How MegaCortex Strikes

Many security and analytics companies have begun diving deeper into this strain of malware. Findings include similar actions to the RYUK Strain, where attackers use Trojan operators to access infected systems. What this means specifically is, if Emotet or Qakbot Trojans have been present on network devices, there is a growing concern, this could be potential network backdoors.

How MegaCortex Uses Your Own Domain Controllers

Although this case isn’t clear how the bad guys are getting into your network, many victims have reported numerous attacks originating from a compromised domain controller. On the domain controller, Cobalt Strike is being dropped and executed to create a reverse shell back to an attackers host.

Using this shell, attackers take control of your domain controller configuring and distributing a copy of the malware executable and batch-files across your network. This file then executes 44 different processes, including disabling Windows Services.

During the encryption of your system, ransomware will append extension file names, including “.aes128ctr.” We do not know if these extensions are static or created dynamically by each infection, including a secondary payload.

Secondary Payload? What Gives?!

In an effort to deliver the most accurate information, security researchers have also identified what would appear to many as a Secondary Hit, or Secondary Main Component. In plain-English, this means its delivery system is multi-staged and uses multiple payloads on a single device. We are still unclear at this time if the malware is dropping MegaCortex or if it’s maliciously installed.

How to Block MegaCortex Infections All Together

It’s recommended for many and Clare Computer Solutions best practice to have a weapons-grade backup solution, either off-site or in the cloud. As many strands of ransomware target these backups first, and foremost.

In this article “Locking it Down: Remote Desktop Protocol,” we highlighted the need for many businesses’ to secure RDP Services that are publicly accessed via the internet. If your machine MUST run RDP, make sure it’s placed behind a firewall, and only made accessible via a VPN tunnel.

Although this ransomware isn’t being spread by email spam, it’s possible the Trojans listed above, can and will. That is why it’s crucial to always identify and inform you of this phishing, and social engineering attacks, to build greater awareness.

Does It Feel like I’m Speaking Another Language?

If you’re unsure where to begin, our security specialists can help! With over 30 years of experience in information technology, our staff knows what it takes to meet security standards. Get ahead of the bad guys, with a Security Posture Evaluation.

 

Begin Making Your Plans to Migrate, as Windows 7 End -Of-Life Is Coming January 14th, 2020

4 Checkpoints to Make Your Disaster Recovery Plans Bulletproof

If you store larger volumes of files or customer data, your business is always at risk of a data breach or ransomware attack. If you can save your business from being encrypted, the second hurdle comes with meeting the compliance for your industry, as well as the companies you serve. As business’ working in the SF Bay Area, it’s our responsibility to assist in the various data-protection regulations that cost companies, more than money, sometimes it costs a business their reputations.

In this blog, we will discuss the key elements to building your next backup strategy:

1. Determine What Frequency Fits YOU
Most of the time, business’ have a hard time finding a starting point when it comes to disaster recovery and data retention. First, you will need to define how often you should back up, these are based on industry attacks or the amount of data you’re hoping to save. Does it depend on the volume of data that your end-users produce? To maximize both your investment backing up data every 24-hours has become the minimum for most industries, with once a week slowly dying out. Planning today for the worst, especially when coughing-up large amounts of money for ransomware payments are no guarantee that you get your data back.

2. Can Your Backups become Automated
Don’t leave a margin for error to occur, forgetting to run a backup device has no excuse! If you’ve made the mistake of losing large volumes of data or forgot to run your backup rest-assured in knowing, most enterprise-grade backups work to fix the “human error,” by automating the process entirely.

3. Data & Backups Can Scale
In the past, scaling infrastructure was cumbersome and difficult. To avoid the headaches, companies have begun safeguarding data, by taking several routes to backup data. With ransomware becoming more prevalent with encrypting backup devices, a single copy for many larger organizations simply won’t be enough.

Having local on-premises backups (accessible faster) works great when paired with storing data in the cloud. Many businesses’ have begun this process, between Microsoft OneDrive (Excel, Word, PowerPoint) Adobe Suite (Acrobat) and customer information, do you really know where all these copies reside? Does your business have a fail-safe strategy in place for fast recovery?

4. Avoiding the Trial by Fire Mindset
I’m sure many of you have heard that practice makes perfect, but regularly testing backups, and monitoring their alerts daily has become common-place in today’s connected landscape. One of the many famous stories surrounding backup incidents can be found no further than Pixar’s California Office in Palo Alto, CA.

“Back in 1998 the developers at Pixar were creating the movie, Toy Story 2. An animator working late on file cleanup entered a command that accidentally deleted almost all the production files. Recalling the backups taken every day, the animator didn’t panic. However, when the team went to recover the files after coming in the following day, they found a solution that was no-longer working. This was in 1998, so the amount of time needed to properly test these solutions was far-greater, and the procedures have quickly become streamlined. In a sudden turn of events, the technical director for the movie had an offsite backup they used to restore the footage and bring the $100,000,000 Doller film to market.”

As you and I both know, the movie was produced but this story highlights one of the MOST common ways a business suffers from not having a backup solution, and a plan to compliment it. Building a solid strategy should be mission critical to businesses currently going without. Bring together your solutions arsenal and align your backups, ransomware protection. Staying protected from such attacks as ransomware, 24 hours a day, 7 days a week, 365 days a year, can be tough, but making sure your business is prepared, cannot be ignored, learn a better methodology to alerting your staff of backup success, and status.

Tax Season is Ending, Clean Up Your Sensitive Information Before the Criminals Do

If you’re anything like me, your tired of picking up the phone just to hear someone’s terrible recording of a tax collector, IRS agent or CPA demanding some outrageous sum of money. According to the IRS, in their latest security bulletin, they have formulated 2019’s “Dirty Dozen.” Keeping employees and end-users in mind, many will have sensitive data leftover on their devices, making your business a prime target.

With highly targeted attacks plaguing many of us today, it’s not uncommon to see Business Email Compromised or more-commonly, CEO Fraud. Reaching $12.5 Billion in total known losses, these attacks have bad guys trying to convince end-users, typically in Accounting, Receiving, HR, and sometimes IT to release information or funds based on their faked email address or title. Typically, this results in many unknowing employees making some form of payment or releasing the information as they view their job could be at stake.

We’ve even seen these “Fake CEOs” attempt to send out emails regarding W-2 issues. Once opened, the payload can be delivered from these attacks at any point in time. In most cases, we’ve witnessed malware laying low in systems for 90 days. With tax season closing, we wanted to shed some light on the technology aspects of the “IRS’ Dirty Dozen.”

Here’s a recap of this year’s ‘Dirty Dozen’ scams:

1. Phishing: Business’ filing on their own behalf this year, should be alert to the potential for faked emails or websites looking to steal personal information. The IRS notes, “The IRS will never initiate contact with taxpayers via email about a bill or tax refund.” Don’t click any links or attachments from someone claiming to be from or on behalf of the IRS. For more information from the IRS website see here: (IR-2019-26)

2. Phone Scams: Phone calls from criminals or on behalf of them impersonating IRS agents remain an ever-growing threat to end-users during tax season. It’s these same calls your employees receive that contain outlandish threats including police arrest, deportation, or my personal favorite license revocation. For more information from the IRS website see here: (IR-2019-28)

3. Identity Theft: During tax season, businesses will have taxpayer information on-hand for one of the few times all year. This means for the period between March to May, the IRS warns that identity theft will rise, although the security industry has made several large strides in protecting employees currently. The IRS warns business’ as they continue perusing these criminal actions. For more information from the IRS website see here: (IR-2019-30)

6. Tax Return Preparer Fraud: Unfortunately for some business’ the amount of fraudulent Tax Preparer has also grown in stride. As we all know, the vast majority of tax professionals are there to provide honest, high-quality services but others will operate during the filing season and it’s these scams that continue to push refund fraud and identity theft further. For more information from the IRS website see here: (IR-2019-32)

8. Inflated Refund Claims: Alert the IRS or the police of anyone whose promising inflated refunds or credits. Be alert to anyone promising large returns or asking for credits. This falls on local law enforcement to assist as these frauds will use flyers, fake storefronts, and community groups to infiltrate your trust. For more information from the IRS website see here: (IR-2019-33)

Continue staying diligent, as the typical end-user and employee has sensitive information nearby. Maybe it’s an email of your tax return or that W-2 from human resources. Regardless, having it near anything business related can be an area for concern, for cybercriminals and frauds they will have hit the jackpot.

Learn how to secure your end-users and employees, educating them on how to handle sensitive information, how to interact with strange emails.

Cyberattacks Using SSL Encryption Swells the Success Rate of Malware to 400%

Utilizing Microsoft’s latest partner release of the 2019 Security Intelligence Report, a report put together to inform Microsoft and Office365 Partners of the latest threat-analytics to hit the landscape. Of the 470 billion emails analyzed, the year-to-date trend was well over 250% since it’s last publication in 2018. As phishing attacks continue to trend upwards, attackers are beginning to leverage more sneaky tactics to accomplish their end goal, including blackmail, extortion and worst of all, data corruption.

For many businesses, encryption has become the norm as cyber-criminals begin looking to disrupt operations to turn a quick profit.  One of the largest goals behind any cyber-attack is stealth, the longer a malicious activity goes on unnoticed in your systems, the greater the chances of their attack succeeding. One popular avenue has begun involving SSL encryption to disguise the transmissions of the attack from your local anti-virus or malware agents.

As previously warned, these attackers are persisting to utilize website encryption to provide users with a false sense of confidence while surfing or researching something on the web. As we have mentioned here, Security Awareness Training can assist in informing your employees of the perils found in today’s connected businesses. Begin scrutinizing the sender’s domain name, and the content they want from you.

  • Phishing – 2.7 Million phishing attacks occur monthly, a 400% increase since we’ve been tracking these states in 2017.
  • Content is King – 196 Million instances of “malicious content” including websites, malicious scripts, and malvertising we all found on some of the most well-known websites this year.
  • Botnets – 32 Million botnet callbacks were performed and blocked on average each month since 2018
  • Domains – 32% of all spoofed domains or websites were using SSL to deliver content.

Most Phished Brands through HTTPS:

  1. Microsoft Office365 or OneDrive – 58%
  2. Facebook – 12%
  3. Amazon – 10%
  4. Apple or iTunes – 10%
  5. Adobe – 4%
  6. Dropbox – 4%
  7. DocuSign – 2%

By preparing your employees with a security mindset, we broaden business’ stance on security, to better prevent things like SSL attacks from reaching your end-users. Each of these acts leverages more ways for cybercriminals to establish credibility, and the context needed to fool business.

Recently, I received an email from one of our clients in the North Bay, and they copied me on an email that was dressed up to represent a Microsoft Office 365 notice. Now, this notice contained links to an “invoice” that were crafted and carefully coded, to send the staff to a fake Russian URL, where Office365 logos were plastered everywhere. Even more conveniently, was the willingness for this HTTPS encrypted website to take down ANY information relating to my own personal Office 365 account. Thankfully, this partner reached out to our staff to double-check the status of their Office 365 account and wouldn’t you know it, no issues were reported.

(Email Pictured Below)

7 Cybersecurity Tips That Give Your Business an Unfair Advantage in 2019

Clare Computer Solution’s partner and security experts, Webroot, revealed the findings on their 2019 Threat Report, displaying many “tried-and-true” attack vectors or methods are still at the top of the list, with new threats emerging every day. It would appear the attackers are innovative, to say the least. This comes just in time, as many of our partners spoke to these very claims at the 2019 RSA Conference hosted just last week in San Francisco, California.

Hal Lonas, Chief Technology Officer at Webroot reports:

 

“We wax poetic about innovation in the cybersecurity field, but you only have to take one look at the stats in this year’s report to know that the true innovators are the cybercriminals. They continue to find new ways to combine attack methods or compromise new and existing vectors for maximum results. My call to businesses today is to be aware, assess your risk, create a layered approach that protects multiple threat vectors and, above all, train your users to be an asset—not a weak link—in your cybersecurity program.”

Clare Computer Solutions Couldn’t Agree More; Here are some from Webroot’s 2019 Security Report highlights:

  1. A staggering 40% of malicious URLs were found on “good” or “safe” domains. Legitimate websites are frequently compromised to host malicious content. To protect users, and employees data cybersecurity needs URL-level visibility or domain-level metrics to accurately showcase these dangers. Far too often, standard antivirus or endpoint protection can lack the capabilities, leaving these links in an employee inbox.
  2. Phishing attacks have increased by 36%, with the number of malicious sites swelling to 220% from last year. We’ve even seen phishing sites use SSL Certificates, and HTTPS to trick unknowing users into believing they’re secure and legitimate. Microsoft’s latest Security Intelligence Report, confirms this with analytics reporting 250% increase in phishing messages being sent through Office 365.
  3. 77% of spear phishing attacks impersonated financial institutes, and most likely to use HTTPS over other types of target. With over 80% of financial institutions finding compromised links residing on an HTTPS page.
  4. Google followed by Microsoft, and UPS/FedEx ranked among the most impersonated brands in phishing overall for 2019.
  5. Security Awareness Training reports from Webroot and KnowBe4 both show an average of 80% less likely to fall for phishing attempts, especially with phishing simulations, and on-demand training.
  6. One-third of all malware makes attempts to hide inside of %appdata% folders. What makes these locations price for hiding, is the commonality between paths. Every user directory, with full user-permissions, will install here and are hidden by default in most operating systems. Although malware can and will hide almost anywhere, the most common locations are as follows:
    – 29.4% in %appdata%
    – 24.5% in %temp%
    – 17.5% in %cache%
  7. Devices using Windows 10 are at least 2x more secure than those systems still on Windows 7. Webroot has reported a steady decline in malware on Windows 10 machines in the business space.

Furthering your Security Measures

While ransomware was less of a problem in 2018, it has become more targeted, and companies, customers, and employees will fall victim to ransomware. In 2018 many attacks saw the use of Remote Desktop Protocol (RDP) as an attack vector. Leveraging tools to scan systems with inadequate RDP settings. It’s these unsecured RDP connections that hackers can use to gain access to a given system and browse through all its shared data. Further providing criminals with sensitive information that ransomware can exploit.

Begin furthering your security measures today, with the use of a cybersecurity assessment. Easily track your current security posture, and rely on the experts to build you a roadmap for securing your business. Dive-deeper into your network than ever before, with the use of our Security Posture Assessment from Clare Computer Solutions. If you wish to view the Webroot report, you can find that here.

Domain Name System DNS does not mean Do not Secure network infrastructure for IT Support with Clare Computer Solutions

Domain Name System: DNS Doesn’t Mean “Do Not Secure”

Recently, the U.S. Department of Homeland Security(DHS) and Cybersecurity & Infrastructure Security Agency(CISA) have begun the tracking of a Domain Name System (DNS) hijacking campaign. With using the following techniques, cybercriminals can redirect user traffic to attacker-controlled infrastructure, access valid encryption certificates for agencies’ domain names and launch attacks keeping your organization as the man-in-the-middle, including:

  • Compromised credentials or obtained via account w/ with to make changes to Domain Name System records.
  • Modifying any of the original addresses, mail exchange, name servers, and other Domain Name System records.
  • EstablishDomain Name System records value and falsy-obtain encryption certificates for the executive branch.

How Staff Can Address these Domain Name System Attacks?

  1. Audit Your DNS records – By reviewing business records associated with services offered to users and the public to verify their location.
  2. Update DNS account passwords – Begin to modify your passwords on every account that has the power to make changes to agency Domain Name System records. Utilizing a password manager can assist in providing better passwords to secure this even further.
  3. Leverage multi-factor authentication (MFA) – Implement MFA for all accounts on systems that can make changes.
  4. Track certificate transparency logs – Monitor certificate transparency log-data for certificates issued by CISA OR DHS.

So, What Exactly is at Risk Here?

Software or SaaS applications have become more prevalent than ever, with threats associating with data theft beginning to soar, with a record of 28% increase on attacks related to Office 365 and Googles GSuite. By utilizing these three key strategies, you can begin securing your business and turn Domain Name System from Do Not Secure, into another fortified line of network defense. By shielding your network with a filtered Domain Name System and utilizing browsing policies, you can successfully keep users safe from malicious sites, and their downloads. This keeps networks secured, with minor tweaks to an Office 365 environment, also preventing harmful attachments out of email inboxes.

  1. Domain Name System (DNS) – Begin switching towards a Domain Name System (DNS) service that can actively monitor and block known malware sites to begin reducing the risk of exposure to malware. Unless you’ve custom-configured some settings, it’s likely that a site’s DNS provider is your current Internet Service Provider. DNS providers can block this type of access in two methods. Blocking a request made from a user, or by preventing malware from “phoning back home” with your data.
  2. Internal Policies – These style of filters work to block harmful sites and downloads at the browser level. Similar to the DNS provider at the network level, these systems calculate the risk and based on the amount of potential harm done, will flag these malicious downloads for greater review. Most that need the power to download from harmful websites do receive notifications, although they can go ignored in some cases.
  3. Email Filtering – In the latest statistics from WebRoot, Microsoft, and Sophos, report ransomware’s #1 attack-vector is still email delivered payloads. Far too often, recipients open files without realizing it wasn’t a file, but instead a malicious application. Microsoft does give Office 365 administrators the ability to block any of the 100 different file types. Although in most cases, businesses need attachments to be sent via email, that’s when the use of Microsoft Ondrive to view files can assist your organization.

If your business feels this is out of the scope of your current provider, or would like another expert opinion, give us a call to schedule a time to chat with one of our technology specialists, or have us visit your site. Reach out to us, and let us know if you need DNS help.

ccs anti spear phishing help and fixes sf bay area

The Latest Spear Phishing Scams to Pass-Through Your Email Filter

Unfortunately, everything malicious isn’t always caught by your email filtering or anti-virus. Because of the rise in email born attacks over the last few months, we’ve begun debunking some of the most well-known spear phishing emails sent to local business owners. With an estimated 91% of successful data breaches started by spear phishing, this type of scam has garnered a lot of media attention. Once reserved for the C-level executive, spear phishing has grown, targeting managers and other employees as an essential component of a social engineering attack.

Did You Know That 91% of Successful Breaches Start with a Spear Phishing Attack?

1. “Funding for Your Business DocuSign Scam”

One of our partners here at CCS sent this brilliant example of a spear phishing scam, that can get past ANY email or web filtering.

This message sails through filters and protects devices as it’s presented as a close-to-real document. Utilizing Adobe DocuSign, this example is built to grab your information, not to deliver a malicious payload.

DocuSign IT Support Company finds Phishing email example

By reviewing documents, and clicking the entirely legit DocuSign page, it will spawn what appears as a loan application. By completing this form, it will send your information directly to the hackers. Making it even easier for them, towards the bottom of this application there is a place to upload your last three paychecks or pay stubs.

Spear Phishing Email Form Top 1

If someone in your account’s receivables, accounting, or finance department were to submit this information, the damage could be extensive, and bankruptcy has unfortunately become a harsh reality for small-to-medium sized businesses due to the potential repercussions.

Spear Phishing Email Example Form 3

2. Unwitting Job Applicant Victims to Malware Ad Attacks

The way spear phishing works is by evoking trust and credibility to entrap victims into providing information that grants them access to personal records, employee information, and company data.

Like many professionals in the SF Bay Area, I’m on LinkedIn, where thousands of people are searching for employment opportunities. Given you’re on a website that knows your job title, industry sector, GPS Location, etc. it wouldn’t raise suspicion in most cases.

That’s exactly what these hackers were counting on when they hosted several malicious LinkedIn Ads to target a bank employee. The victim was a financial company employee that was contacted by, and even held a Skype call with the potential “new-employer.” Once the interview was conducted, and the employee’s defenses are down, cybercriminals asked the employee to install a program called “ApplicationPDF.exe” that would generate his application.

Because this program was able to bypass anti-virus and suspicion, it’s believed the hackers were attempting to gain access into the network of financial records, debit cards, and control over localized ATMS.

We often begin seeing employees as the easiest line of defense in your cybersecurity. It’s stories like these that continue to keep our clients vigilant with security and elevate the awareness employees have to surround these malicious threats and looking for red flags. In this case, the PDF application was the scam that allowed access into localized network operations.

 

Steps Towards a Spear Phishing Remedy:

By focusing on the unique needs of your network, and it’s users there are low-cost solutions for making major strides in stepping up spear phishing prevention. With the implementation and setup of policies, permissions, and email filtering, begin minimizing the risk your business can incur. As part of our commitment to the SF Bay Area Community, we have begun offering Security Awareness Training for companies looking to strengthen their security posture. We understand the uniqueness of your business, and so do each of our employees. Leverage our staff, and knowledge to toughen-up security today.