Cyber Attacks - Cube Cyber

Top 7 Cyber Attacks Threatening SME’s (and how to prevent them)

Small and medium sized enterprises (SME’s) frequently underestimate the need for cyber security protection. This miscalculation could end up being a risky strategy for those not willing to invest in the best preventative measures for their business. Just because an enterprise is small, does not mean it is not at risk from the top cyber attacks circulating the web.

In fact, SME’s could have an even greater level of risk against them, as they often will not have sufficient cyber protection. Criminals know this and will take advantage of more vulnerable systems. SME’s can also work with larger corporations too, and hackers will try to get into these large organisations via a vulnerability in the smaller businesses network.

Smaller enterprises may not have the large budgets, the knowledge/ expertise or the time and resources to commit to a decent cyber security plan. This could end up being a deadly mistake. According to the National Cyber Security Alliance small businesses will go bust after 6 months of a cyber breach. Many SME’s simply underestimate the chance of a cyber attack, as well as how a serious data breach could effect the company.

The key? Awareness, knowledge, and prevention. The best way to stay in tune with the current top cyber attacks is to be in the know about what type of attacks are out there. Once you know what to look for, the easier they will be to spot. Ensuring you have a decent cyber security protection is also vital. So, what are the top cyber attacks companies are facing right now?

Phishing attacks

The age-old phishing attack. This one has been around since the beginning and, unfortuanlty, it is not going away anytime soon. In fact, phishing attacks are becoming even more sophisticated with the advance in technology. So, what are phishing attacks?
Cyber criminals will send an email, text message, or message via social media, often imitating a well known company, and request that you click on a link, update payment or login details, or sign-up to something, inadvertently giving away your private details or money.

The messages or emails sent are usually very convincing and create a sense of urgency such as ‘your subscription is almost up, enter your card details to keep this service’, etc. They will use similar wording, colours, logos, and email address as the real site, making it easy for someone to be convinced.

Phishing attacks are the biggest threat to most businesses, with 90% of all data breaches being caused by such attacks. SME’s also need to watch out for spear phishing attacks, similar, but instead of a generic email that is sent out to hundreds of users at a time, a spear phishing email will be sent to a specific person. The attackers will have researched the person they want to imitate (often CEO’s or other executives higher up in the company) and will pretend to send an email from that person.

They may send an email to employees of the company, pretending to be the CEO and saying a payment needs to be sent urgently to such and such. Because the name, logo, wording, everything is in the same style as the real person, users can be easily misled.
Good cyber awareness is crucial to help employees recognise a phishing attack. Installing a next-generation firewall can help to filter out malicious websites and traffic.

Lack of knowledge

You can have all the best security protection you want, but this means little if staff members lack any knowledge of cyber security. As we have seen from the previous paragraphs, phishing attacks are the most common cyber attack out there. Now, if staff members have no awareness of phishing attacks, how much more likely are they to click on a malicious link or send an ‘urgent’ payment? The more employees know about the most common attacks, the easier it will be to spot them before it is too late.

Even the smallest of businesses can still hold a good deal of customer information and financial data, and for this reason, organisations of every size should at least have a basic knowledge of cyber security. Staff members should have training in cyber security practices, attack simulation and be aware of common cyber attacks to watch out for. This training should be ongoing and revised as new attacks emerge.

DDoS Cyber Attack

DDoS stands for ‘Distributed Denial of Service’. These attacks will disrupt a website, server, or network with a huge amount of web traffic, so users are refused access to it. DDoS attacks can be complicated, and the cyber criminal will often start and stop them, to confuse businesses or to hide the fact that an attack is even happening.

Websites may be forced to go offline, which will disrupt online sales, leading to huge losses, particularly as these cyber attacks can last from 6 to 24 hours. Using a good DDoS mitigation service and having a plan of action for this type of attack is a great way to eliminate some of the traffic overloading the site.

Malware

Malware attacks are another common threat facing small and medium enterprises. It is often used alongside other type of attacks, for example a malicious code embedded into a phishing email. Malware can be injected into your system via a malicious website or download, or by connecting to an infected device.

Customer and company data can be easily extracted in malware attacks and it can even damage devices, with expensive repairs to match. With customer data at risk, businesses need to ensure they are complying with relevant government data regulations, or you could be at risk from a costly fine.

Endpoint protection is advised for all devices, including personal devices. This will help protect every access point and stop data being encrypted.

BYOD

Bring your own device (BYOD) is becoming increasing common during the pandemic. With more employees working from home on their own devices, the risk of a malware or virus attack is only increased. Personal devices do not often have the right amount of protection as a company device. This can be seen as an easy way in for hackers.

Personal devices that are not properly protected are prone to cyber attacks, which can lead to the hacker gaining access to your company’s entire network and files.

Setting up a good cyber policy for what employees can work on/ send over the internet is a great start. For sensitive data, ensure staff members are not using public Wi-Fi and are using a VPN (virtual private network) to send those files. This will make sure IP address remain hidden and company data is encrypted.

Inside threats

Rouge employees, contactors, business associates or disgruntled former staff members can actually be a huge threat to a business. They have the means to get into company networks and may have access to sensitive data. Through this access, an insider threat can cause real harm to a business.

Keeping employees trained in cyber awareness will prevent any attacks from ignorance and only allowing access to the most sensitive data to trusted staff members. You should stop any accounts of former employees that may still be active and monitor active accounts for malicious activity.

Ransomware

Ransomware are common cyber attacks that have been around for years. Cyber criminals will hack into a network or device, gain access to private information and then encrypt that data. The only way the business can get the data back is by paying a ransom, after which they will be given an encryption key to secure the files back. A development of the ransomware attack is hackers may now threaten to publish sensitive data online to ensure the ransom money is paid.

This can be a real threat for businesses, particularly if private customer information is released on the dark web and sold. The company will then be liable for a possible breach of data protection laws, and an incoming large fine.

This is why backing up your data is absolutely crucial. If you have a backup of your data, then you can rest assured you still have access to it (it being published online is a different matter however). Regular backups should be completed and systematic checks that your backup system is working, are also necessary.

Advanced endpoint protection is also recommended. This will provide protection for devices and help to stop criminals encrypting data.

Conclusion

As said at the beginning of this post, awareness, knowledge, and prevention are the best measures to protect your business from a cyber attack. Having a good all-round security policy, as well as active cyber protection is the best way to ensure your business is protected as it should be.

For more information on how we can help your business, please talk to an expert at Cube Cyber today. We can help evaluate the specific needs for your business.

May 13, 2021/by Sam Topping

How to Prepare A Cyber Defence Plan for Your Enterprise

Cyber Attacks, Incident Response, SME's

No business, small or large is not at risk from a cyber attack. From small businesses to huge government organisations, all companies must ensure they have an excellent cyber defence plan in place. Planning what to do in a cyber attack is just as important as managing active preventative measures.

Many smaller enterprises do not even know where to start with preparing a cyber defence plan or what things are of most importance when creating one. In this post we will address the key components to establishing a good cyber incident response plan.

Risk Assessment

A risk assessment is one of the first things you should look at. You will not be able to say what cyber security measures you need until you know what risks are specific to your business. Whether you are updating an old cyber defence plan or starting from scratch, you should look at all the common cyber attacks especially those relevant to your business. The Australian gov website has good articles for assessing cyber risks.

The most common attacks are phishing and spear phishing attacks, malware, and ransomware, but you should also consider developing attacks such as deepfakes and vulnerabilities with 5G and artificial intelligence (AI).

For each type of cyber threat, you should assess how big a risk it is to your business and how each attack would affect the company. You should also look at each aspect of the busines, example sales, marketing, finance and prioritise which sectors are most vulnerable. Identify the staff members who have access to the most sensitive company information and re-evaluate whether every one of those people needs that access. Only trustworthy staff who absolutely need sensitive company information to do their jobs, should be allowed access to minimise the risk of any accidental (or intentional) breaches.

During the risk assessment, you should not only be assessing the cyber risks to your business but the vulnerabilities already in your company’s network or systems. Are there any holes in your cyber security? Are staff members working from unprotected personal devices? All these weak points can be an easy way for cyber criminals to gain access to your network.

You should determine the likelihood of each attack, how much such attack would impact the business and the threat level of attacks (low, medium, high).

Early Warnings

Your cyber defence plan should include early warnings on how to recognise a cyber-attack. Phishing attacks are the most common attack on businesses (up to 90% in fact), but these are the types of attack we can prevent. Human error is the most common reason behind a data breach. As phishing and spear phishing attacks are evolving to be more sophisticated, the easier it is for employees to become fooled.

However, if staff are professionally trained in the most common attacks, they may become better at spotting a suspicious email. Sometimes it is the smallest of things that will give a dodgy email away, such as a change in just one letter in an email address. If staff members are on the lookout for such details, they are far less likely to open a malicious site or download link. Education and ongoing training should be part of your cyber incident response plan and company culture.

Prevention Measures

First of all, you should be aware of every protection measure in the business and what it does. You need to know which applications are installed on which devices and so on. Keep an account of every piece of software you are using and every update.
Once you know what cyber risks are a threat to your business and the software you are already using, you can re-evaluate. Is it enough, or do you need further protection? Prevention measures should be analysed an implemented within the business.

Common preventative measures are:
– Multi-factor authentication (MFA)
– Firewalls
– Endpoint protection
– Virtual private networks (VPN)
– Email security
– Security monitoring
– Cloud security

Whether you have an in-house cyber security team or you are outsourcing to an expert firm, you will need to make sure the cyber protection systems are secure and up to date. Any system bugs need to be fixed and patch work should be implemented where necessary. Checks of all cyber systems should be tested regularly to ensure everything is running correctly. Proper monitoring of all cyber security measures should be carried out to ensure you are seeing potential threats in real time.

Incident Recovery

Your cyber defence plan should include how you intend to respond to a cyber incident. Communication is key, so there should be a team, or several staff members assigned to deal with an attack. Each person should be assigned a role of how to execute the plan, to avoid confusion and havoc.

If customer data has been breached, then you will probably need to consult data protection laws. For this reason, having a plan for public statements is a good idea. Having these statements written out in advance puts you in a much better, calmer and more controlled environment then quickly whipping up a panicked statement that is not as thought through.

The cyber defence plan should include how you intend to report the breach via event logs, including the time of the attack, how it was implemented and the communications between the team.

Conclusion

A major data breach can be devasting to any size business, but particularly for smaller enterprises. The idea of cyber attacks can be scary, but by having a plan in place will safeguard your data as much a possible and put you in a better position to be able to control the attack.

Creating a cyber defence plan is crucial in preventing cyber crime to your organisation and being organised if an attack does occur. If you would like more information on how an expert team like Cube Cyber can help you, then please check our website for more information.

We are a dedicated team of professionals who provide expert cyber advice to businesses of all sizes. We have many different solutions to prevent cyber attacks and would love to hear see we can help you and your team.

February 12, 2021/by Sam Topping

Cyber Security Australia: Increasing Attacks on Businesses

Cyber Attacks, Cyber Crime Australia, Large Corporation, SME's

Cyber security in Australia is an essential tool to protect businesses both large and small, from advancing cyber crime threats. In this current environment it is vital that no matter the size of the company, everyone is doing what they can to stay secure online.

In the past, businesses only had to really worry about the physical security on their business, easily implemented by security gates and CCTV cameras. In recent years however, there is a new threat. One that we cannot see but it is very real and potentially even more damaging.

Cyber crime is on the rise and attacking Australian businesses. In fact, according to a post by Infosecurity during the first six months of 2020 alone, ransomware payments doubled. With hackers finding new ways to compromises organisations, these ransom demands are likely to increase.

Scott Morrison cyber attack

Back in June 2020, an attack on Scott Morrison’s government was carried out by a state-sponsored actor. This attack was not just on the prime minister but on all levels of government from the healthcare industry, education, political sectors, and other primary sectors in the infrastructure.

It is unclear whether these state-actors got what they came for or what they will do with the information. Reasons for foreign state-actors infiltrating other governments could be to send a warning, to spy, find out sensitive information or research, or to steal data for financial gain.

Whatever the reason behind this attack, it only goes to show that even the most high-profile of organisations can be the victim of cybercrime. Whether you are a large government agency or an individual running a small business, cyber security needs to be a priority.

Increasing vulnerabilities in cyber security Australia

Why are there increasing cyber security attacks on Australia? Cyber security in Australia needs to be at the top of every organisation’s priority list. Australian businesses have money to steal. A wealthy economy that makes use of the latest technologies will always be at risk from harmful cyber threats.

In the current situation with the pandemic, we are seeing even more cyber threats to Australian businesses. In April 2020, the Australian Cyber Security Centre (ACSC) reported an increased in the amount of COVID-19 themed cyber attacks. Hackers and cyber criminals are taking advantage of the fear and uncertainty of coronavirus, as well as the increased in people working remotely.

For smaller businesses, where the level of cyber security may be limited, this can put SME’s at a greater risk. For smaller business check out this helpful graphic from the government site on best cyber practices.

The ACSC has recently warned the healthcare industry of the latest attacks that have been seen rising throughout the pandemic. One of these threats is SDBBot Remote Access Tool (RAT). This piece of malware is used by criminals to remotely take over multiple systems within an organisation. Hackers will go through the system and copy any sensitive information they can use to sell or blackmail the victim. Another recent attack is named Cl0p ransomware. Once a hacker has gained access using RAT, they can then use Cl0p to encrypt the organisations files to make them unreadable (in order to charge a ransom).

October 2020 saw German company Software AG fall victim to this attack. The hackers demanded US$20 million in ransom. The company’s data was leaked online after they did not pay the ransom.

Cyber threats are also increased with many staff members country-wide now working from home, often using insecure devices such as smartphones, personal laptops and devices used via the Internet of Things (IoT). When using insecure devices or networks, the chance for a data breach is greatly increased.

The more applications, devices, systems, networks, and Wi-Fi we use, the more chance of malware being infected into businesses. Once a company has been compromised, it is at risk from a ransomware attack, stolen money, damage to internal systems and devices, customer information being leaked, identity theft and more. If personal customer data has been leaked, you may also be facing more hefty fines for breaking data protection laws. Risking a cyber attack is simply not worth it.

What is the Government doing in cyber security?

The 2020 cyber security strategy from the Australian government has said it will invest $1.67 billion in cyber security, over the next ten years. The strategy outlines detailed advice for individuals, SME’s, large corporations, and government sectors.
There are three sectors the report details, where cyber security practices and different approaches need to be put in place: government, businesses, and the community.

Government

• Safeguard essential infrastructure, crucial services, and families
• Tackle cyber-crime, together with the dark web
• Protect government information and systems
• Sharing cyber threat intelligence
• Keep cyber security alliances strong
• Help organisations to implement cyber security practices
• Improve resources for cyber security

Businesses

• Enhance standard cyber protection for critical services
• Advise SME’s of best cyber security measures
• Deliver secure merchandise and services to customers
• Develop trained personnel in cybersecurity
• Monitor and stop attempted malware hacks

Community

• Advise and guide individuals on cyber security
• Make familiar buying choices
• Ensure cyber incidents are reported
• Know how and where the find cyber support

The report documents clear advice and guidance for individuals, businesses, and government sectors. They will do this by providing advice on the latest cyber threats, how to keep your business and devices secure, including the Internet of Things (IoT), and by stating clear obligations for businesses.

Each sector will have a role to play. Governments need to ensure they are protecting the most essential infrastructure and Australian businesses. Business themselves should make sure their products and customer data are made secure. Individuals need to stay vigilant and to understand the cyber threats on the web, before releasing any personal data or buying goods online.

The 2020 Australian cyber security strategy provides all Australian’s and organisations the tools they need to stay cyber secure. The strategy hopes to build trust and awareness of cyber security attacks in Australia and to advise on how to deal with those attacks. By addressing the community and organisations as a whole, this guidance provides a valuable tool for everyone to implement good cyber security measures, whether at home or work.

Cyber Security protection from Cube Cyber

Here at Cube Cyber, we are passionate about protecting businesses of all sizes. We believe in going that extra mile to protect our customers businesses. We build lifelong partnerships and provide the best protection to our customers.
For more information about our services please visit our contact page.

Psstt…we are also on LinkedIn and would love for you to give this article a share!

February 12, 2021/by Sam Topping

Cyber Security Risk: What would it cost if your company could not work for one day?

Cyber Attacks, Cyber Crime Australia, Large Corporation, SME's

Cyber security risk is a problem all companies face, from large corporations to small, independent businesses. But cyber security is much more than a simple IT issue, it can have a huge impact on your revenue…and reputation.

Have you ever thought about what you could lose if your business were to go offline from a distributed denial-of-service (DDoS) attack, or if your employees could not work on files after they have been hacked into and encrypted? What would just one single day of not being able to work cost your company?

You would not leave your house or your car before locking it first, so why not protect the most important aspect of your business- the money making. Cyber security should not be thought of as another chunk out of the budget, but an essential tool to protect the core of the business. Cyber security and revenue really do go hand in hand.

Many companies, particularly small businesses, and SME’s, see cyber security risk as something that may or may not happen to them, perhaps not considering the full implications of what a cyber attack would have on their organisation.

Businesses no matter the size are at a risk of all kinds of cyber threats from phishing attacks (the number one and most common cyber attack), ransomware attacks, DDoS threats, malware attacks and more. These cyber threats are ever-growing and are always being developed to become even more sophisticated. It is vital that whatever the size of your organisation, cyber security risk is taken into account and taken seriously. But how do we do this?

How businesses can calculate the risks

A cyber security risk assessment is a vital start for any business looking to purchase cyber security. Before you know which solutions will work for your company, you must first assess the risks. Every organisation should individually access their own risks, as this of course will vary from business to business. The Gov website has more information here.

By looking at the risks and performing a security assessment, you can determine the strengths and weaknesses of your systems, any weakness or vulnerability holes in your systems and how effective your current cyber security plan is working. From here, you will be in a better position to implement practical solutions in the right areas.

When calculating the cost of potential cyber security solutions, you should ask yourself what it would cost if your company went down for just one day. What would you lose in sales, revenue, potential new customers, even reputation? Work this out, and you may find that the cost of a single day is the same or greater than the yearly cost of cyber security protection. Those not willing to invest in the right cyber security solutions are taking a huge risk, particularly for SME’s who often find it hard to even recover at all from a cyber incident.

When completing a cyber security risk assessment, you need to identify the main cyber threats to your company. Most businesses all have the potential to be a victim of common cyber attacks, such as phishing, malware and ransomware attacks, but some organisations may be more likely to face other types of attack. For example, a government organisation may be at extra risk from cyber espionage or the healthcare industry may be at risk of advanced domain hijacking or DDoS attacks.

Once you have a list of the most vulnerable threats, you will need to determinate how each of those attacks would affect your business.

If your files were encrypted in a ransomware attack, would you have backups of that data?
And what would the implications be if any sensitive files were to be uploaded to the dark web?
How would you deal with data protection laws?
If hackers were able to take your ecommerce site offline for a day, or even a few hours, what would you gain to lose from loss of sales?
If any of your machines are physically damaged, what would the costs be to replace them?
How will you regain trust back in any customers who have lost faith in the reputability of your organisation?
Do you have a recovery plan for a data breach, do your staff know what to do in the event of an attack?

These are all questions which will need to be answered. Once you have an idea of the threats to your business and how they will affect you, you can start to determine the right solutions to protect against each threat. Order the threat list in terms of the highest priority or threat level, to the lowest, putting security in place for the biggest threats first.

How a cyber security risk assessment can help

The biggest benefit, other that being protected from cyber threats, is the long term cost for an all-round cyber plan. The cost of cyber security will likely be lower than the cost of recovering from an attack. Applying a risk reduction point of view can help protect your businesses revenue and most valuable assets.

A complete cyber plan will protect your organisation against data breaches, comply with data protection regulations, prevent the loss of sensitive files, and help prevent malicious activity from entering your network. If you think that the cost of an annual cyber subscription may be the same as a day’s revenue, then it is really a no brainer.

At Cube Cyber, we can help both SME’s and large corporations come up with a complete cyber protection plan. We do all the hard work, finding the vulnerabilities in your systems, implementing advanced cyber solutions, and then monitoring and reporting back to you.

For any questions or details, please ask one of our cyber experts via our website.

February 12, 2021/by Sam Topping

Microsoft Office 365 Security Tips for Small Businesses

Cyber Attacks, SME's, Threat Protection

Microsoft Office 365 is one of the most used cloud-based systems worldwide, with over 70 million users and counting. But with all cloud-based systems, comes with a level of vulnerability. Office 365 security measures need to be considered to make sure your team is working safely.

By employing good simple Office 365 security methods, your company will be placed in a much better position from a cyber security point of view. As more and more staff members are working online and via cloud-based systems, it is important now more than ever to implement a good cyber security policy. By securing Office 365, you are helping to keep your data as safe as it can be online.

Below are some helpful Office 365 security tips and ways to keep your business secure.

Why Office 365 is a target

Firstly, why is Microsoft Office 365 a target for cyber crime? Well, being a highly popular cloud-based (and particularly email) application, Office 365 is a prime target for phishing attacks. Millions of user’s log-in to Office 365 everyday, which makes it easier for cyber criminals to hack into this one system. With so many people using the same system, the rewards for hackers can be just too tempting.

Back in 2016, Skyhigh Networks research reported that out of 600 enterprises and 27 million customers, 71% of corporate Office 365 users had at least one account compromised every month. As technology advances, so does the sophistication of phishing and other cyber attacks.

Every organisation is at risk of a security breach, but particularly small and medium sized enterprises (SME’s), who may have only limited security measures in place. Office 365 security measures may not be good enough, unless you pay extra for additional add-ons, such as the Advanced Threat Protection (ATP). This is available under the enterprise subscription or users can pay for each additional security measure separately. You can imagine this can become fairly costly, quickly.

For users wishing to add advanced cyber security measures for securing Office 365, hiring an expert firm to go through your individual needs could be a better option. Many businesses opt for managed security to help keep their customer and company data safe and secure.

Microsoft Office 365 security tips

Secure passwords

Having strong passwords is essential. Instead of getting staff members to change their passwords regularly or using complex passwords such as ‘!$4763&-(37653@’, you should encourage the use of passphrases. Although complex passwords such as the previous example are strong, there is always the chance for a computer system to generate millions of random letter and number sequences. Although it is unlikely that these complex passwords will be hacked, it is likely however that these passwords will be written down or saved somewhere by the user.

A passphrase is a series of random words, such as ‘fool foil village gravy2’ is much harder for computers to guess, and much easier for users to remember.

Staff training

There is no point in having added security measures if your staff do not know how to use them. Staff should be aware of the most common cyber security threats, the best Office 365 security measures, how to create a strong password and how to use the systems security measures on their devices.

Securing Office 365 should include training how to spot phishing attacks, as these are commonly reported. If staff know the signs to look for when spotting a phishing attack, it is far less likely that they will click on a malicious email link.

Use Multi-Factor Authentication (MFA)

Using multi-factor authentication is one of the best Office 365 security measures you can initiate. Staff members will have to enter another form of login (usually a code sent to their phone), as well as their usual password and username.

This extra step (or multiple steps) adds another layer of security, even if passwords are not particularly strong. Hackers will find it hard to gain access to the user account, as they will not have the use of the user’s phone, which the code is sent to. MFA is one of the most effective ways to secure your organisation.

Protect against malware

Microsoft Office 365 does come with malware protection included; however it is worth going one step further by blocking attachments with file types frequently used by hackers. You should block any file types which are commonly used to inflict malware on systems, so the email is blocked before it even reaches a user’s account. Common suspicious filetypes usually come in the forms of EXE, CHM, CMD, COM, JS, BAT, CPL, VB and VBS.

How to block certain file types from your Office 365 application:

1. Go to the Security & Compliance Centre and go to the left navigation panel. Click ‘Threat Management’ then ‘Policy’, then ‘Anti-Malware’.
2. Click on the default policy and edit.
3. Click Settings.
4. Go to ‘Common Attachment Types Filter’ and switch to ‘On’. Below this, you are able to add or remove file types that are blocked. Then click save and you are done.

Protect against ransomware threats

Ransomware attacks are one of the most common attacks on businesses. Files will be encrypted by hackers, who will then demand a ransom (usually in a cryptocurrency such as Bitcoin), or even threaten to publish your files online. The files will be compromised until the ransom is paid and you are given the encryption key.

To help prevent ransomware, you are able to set up rules for email which will block the common file types associated with a ransomware attack. For a helpful video on how to do this, please see Microsoft’s training video.

You should also ensure that there is a warning given to staff members before they are about to open an email which contains macros (ransomware is often hidden within these). Be sure to install next-generation endpoint protection for added protection.

Use spam notifications

If a hacker is able to gain login credentials during a phishing attack, they may send out many emails to a user’s contacts. These emails will often contain spam or malicious links. Office 365 security measures should include setting up a notification for when an email has been sent out excessively from a user or contains spam. This will give you a heads up on suspicious activity and a chance to warn your staff members not to open an email sent from the compromised employees account.

Stop email auto-forwarding

If a cyber criminal has gained access to a user’s login credentials, they can easily set up auto-forwarding of that user’s emails. Malware can be attached to these emails, which will be sent out to other employees around your organisation.

To stop this, you can set up an email flow rule which prevents emails being automatically forwarded to an external network. Here is how to set up a mail flow rule:
1. Go to Exchange admin centre.
2. Click ‘mail flow category’ and then ‘rules’.
3. Click the t ‘+’ icon, and ‘create a new rule’.
4. Go down to ‘more options’ to see the full list.
5. Apply the settings you want in the table. Unless you want to change anything else, then leave the rest as the default option. Then save your settings.

At Cube Cyber we have a friendly and dedicated team of experts to help with Office 365 security, and much more. To talk to one of our security experts, please call 1300 085 366 or visit out contact page.

January 2, 2021/by Sam Topping

Which Industries Are Most Vulnerable to Cyber Attacks in 2021?

Cyber Attacks, Large Corporation, SME's

Any organisation, whether large government corporation, a small enterprise, an individual running a small business, or even the general web user, are vulnerable to cyber attacks. With the rise in cyber crime in 2020, it is vital that ALL companies enable the best preventative measures they can.

That being said, there will always be organisations more vulnerable to cyber attacks, simply because the nature of their business and the amount of data they hold. Here is a list of the most vulnerable sectors to cyber attacks.

Healthcare

According to Black Book Market Research in 2019, the cost of data breaches within the healthcare industry cost around $4 billion US dollars. The healthcare industry continues to be one of the most vulnerable to cyber attacks and often the healthcare staff are not fully aware of cyber security measures.

The healthcare sector stores millions of medical records electronically, including personal customer details and financial data. Records will contain, names, addresses, medical history, national identity numbers and billing information. This of course, is a magnet for cyber criminals. Worryingly, there has been an increase in COVID-19 related attacks throughout the pandemic. Scams include fake apps or websites and pandemic-related phishing emails.

IT

Man in the middle attacks can be used to target IT companies and cloud service providers, which can store personal information of customers ad staff. Hackers can intercept communications, gaining access to the network. From here, they are able to impersonate suppliers, and get their hands-on sensitive customer information.

Finance

Financial organisations are always going to be at risk due to the large amount of sensitive data they hold, such as customer bank account and credit card details. A Clearswift report in the UK in 2019, said that over 70% of financial organisations had been the victim of a cyber attack. Financial institutions face threat of targeted attacks from organised crime and state-sponsored actors. Employing advanced cyber security protection, it vital for banks, and other financial organisations. They need to stay up to date with payment methods and new technologies to stay secure.

Construction

With sensitive data such as blueprints, financial information, and personally identifiable information (PII) being stored in company systems, construction companies can be a target for ransomware and malware attacks. If all this information is available and stored on the same system, hackers can easily gain access to a wealth of private information to be used for a ransom.

SME’s

Small and medium sized enterprises (SME’s) often underestimate the need for cyber security. This lack of knowledge, expertise, or willingness to invest in cyber protection can leave enterprises vulnerable to cyber attacks.

Smaller companies may not realise the risks, they may not think a cyber attack will happen to them or they may not have the budget or large teams to control cyber security. Hackers are drawn to SME’s as it is often easier for them to gain access to their systems, which can still hold a large amount of customer data and personal information.

HR

HR and recruitment companies can be vulnerable to cyber attacks because of the customer data they hold. HR systems can often hold details such as names, addresses, employee bank details, and other sensitive information. They can use this information to steal money through payroll fraud or gain customer credentials through a recruitment scam. HR sectors can be at risk of a ransomware attack if the hackers encrypt customer and employee personal information.

Government

Local, state, and federal governments can be particularly vulnerable to cyber threats because they are high profile, holding huge databases of information. Large government organisations are often targeted by foreign state-sponsored actors, as well as hacktivists looking to make a statement or release company secrets. Cyber criminals are also drawn to the amount of personal information there is to be gained by hacking into a government entity.

Education

Schools and universities store many types of personal information of staff and students, such as addresses, phone numbers, financial details, enrolment data and so on. University research sectors can also be vulnerable to cyber attacks due to the current research data they store. A constant turnover of students can make it hard to ensure good password measures and may make the education sector prone to phishing attacks.

At Cube Cyber, we have helped companies from a variety of different sectors, to implement an advanced and continued cyber security plan. We can help you to see where the vulnerabilities lie in your organisation and find practical security measures to help protect you from advanced cyber threats.

To find out more about how we can help your organisation, at a cost-effective price, then talk to one of our experts today. We are here to help you.

January 2, 2021/by Sam Topping

Maze Ransomware Group Shuts Down But is the Threat Still Real?

Cyber Attacks

The Maze ransomware group, notorious for high profile data stealing, has announced it is closing its doors. The bizarre announcement (spelling mistakes included) made on their site using the dark web states “The Maze Team Project is announcing it is officially closed. All the links out to project, using of our brand, our work methods should be considered a scam”.

It goes on to say “The Maze Cartel was never exists and is not existing now. It can be found only inside the heads of the journalists who wrote about it”. But who were they and is this really the end?

Who are the Maze Ransomware Group?

The Maze ransomware group became known in 2019 after a series of high-profile attacks and threats to expose sensitive files from large organisations on the net. The Maze ransomware group were the first to blackmail users with threats to publish the victim’s data and information online, unless a ransom was paid.

Prior to this, ransomware groups would typically encrypt files with malware and then use ransom demands in order for the victim having to pay to get the files back. In this case the victim could either pay the money or risk losing the file and have to clear up the mess the cyber attacker caused.

The Maze ransomware group took this way of working a step further with the threat of publishing the sensitive and personal files online.

Organisations that have had documents published online include Canon, LG, Xerox, Southwire, Cognizant, Pensacola city government, the big pharmaceutical company ExecuPharm, Chubb cyber security, Tesla, Visser and many more.

This double layered tactic quickly became popular with other ransomware groups on the dark web, who again, used the threat of publishing files online to receive huge amounts of money from ransom. A wire manufacturer in Georgia was claimed to have been threatened to pay $6 million USD, even going up to $15 million USD for another unnamed organisation.

The Maze ransomware group’s earlier attacks consisted of exploit kits and various spam operations to take advantage of unsuspecting users. They then began to step up their game and specifically target high profile organisations, using virtual private networks (VPN) and remote desktop (RDP) servers to find vulnerabilities in big-brand companies. Failure to pay the ransom would end with large amounts of files being uploaded to the dark web, including personal information on employees and internal source codes.

Is the Maze Ransomware Group Really Shutting Down?

In their closing down statement, the Maze ransomware group says “Our world is shrinking in the recklessness and indifference, in laziness and stupidity. If you are taking the responsibility for other people money and personal data then try to keep it secure. Until you do that there will be more projects like Maze to remind you about secure data storage”. The group could indeed have made enough money for them to be able to shut down and close all operations, but as this statement suggests, ‘there will be more projects like Maze’.

The Maze group ran on an affiliate operation, meaning individual threat actors were able to cash in on a small percentage of the rewards. Maze affiliates are likely to simply move on to other ransomware groups, such as Egregor, thought to be a by-product of the Maze ransomware group.

This same group were emerging just as reports were starting to circulate around the closure of the Maze group- coincidence? Probably not. These ransomware criminals are likely to move on to better opportunities and the Maze group could potentially just be rebranding. There is no way to tell for sure. What we do know is that when one group shuts down, another one will open.

What New Threats are on the Rise?

With remote working becoming ever popular the risks of unsecure domains, weak passwords, more data sharing over the cloud, unprotected remote desktop protocol (RDP) and VPN’s, phishing attacks and malware threats are all on the rise.

Phishing attacks are becoming more sophisticated, fake COVID-19 related sites and scams are on the increase, networks are becoming less secure with people working from their kitchen tables and ransomware tactics are evolving.

The sophistication of such attacks is only ever going to increase, and cyber attackers will always be evolving their techniques. The time to update your security system is now.

At Cube Cyber we have a knowledgeable team of cyber experts to help you and your business. We have helped many organisations implement cost effective and advanced cyber security, to help stop these kinds of attacks.

For more information please get a quote with us today.

December 9, 2020/by Sam Topping

Phishing Attacks: What Exactly Are They?

Cyber Attacks

Phishing attacks… you have probably heard of them, but do you really know what they are and how they can affect your business?

What are phishing attacks?

Phishing attacks are one of the most widespread ways cyber criminals use to attack Australian businesses. Scammers will use email, text messages, social media, phone calls or instant messenger apps to deceive you into giving away your personal details.

They may trick you into giving away your passwords, personal security numbers, user data, login details and credit card numbers. Once they have this information, typically when a user clicks on a malicious link, the scammers can gain access to your bank accounts, email accounts and any other accounts that could be financially beneficial to them.

Attackers can use this information to commit identity fraud, make unauthorised payments or steal money from your bank account. Phishing attacks can be extremely devastating to small businesses, as well as individuals and as we have seen, cyber crime is on the rise in 2020.

How do Phishing Attacks Work?

Emails and messages from these cyber criminals can look extremely convincing and will replicate messages you generally receive from banks, online shopping sites, credit card companies, and other companies you trust.

These messages will usually have the same look and feel to the real thing, often replicating the same font, presentation, logos, and wording used by a legit company. They will frequently involve some sort of call to action from the unsuspecting user, that is ‘urgent’, leaving individuals unknowingly giving away personal information or money.

Typical wording for phishing attacks include:

There is a problem with your payment information or account details
Suspicious activity has been noticed on your account, click to update your details
Fake payment requests or invoices
Your personal information needs to be updated
You have won in a free prize draw
There is a problem with your subscription billing information

What is Spear Phishing?

Spear phishing is a more advanced technique than general phishing attacks, which target the masses and are sent out to random unsuspecting users. Spear phishing will target a specific person or organisation, using targeted knowledge and research about the company’s structure and way of working.

Scammers will identify and target high-valued individuals within an enterprise, using methods such as researching annual reports, press releases, shareholder information, social media sites and other publicly available information.

The attacker will send a fake email to employees, posing as the director for example, that could trick the recipient into sending over a payment or logging in to a secure password protected document. The style of writing, font and company’s logo will all look extremely convincing, leading to data being compromised and scammers having access to sensitive information.

Across the media, cyber attacks on small and medium enterprises (SME’s) is on the rise, particularly during the COVID-19 pandemic, where scammers are taking increasing advantage. Since the start of the outbreak the Government’s Scamwatch has obtained 3060 reported scams, in relation to coronavirus, with losses of over $1,371,000.

Cyber security tips for individuals

Cyber security is just as important, whether at work, home or on the go. Tips for individuals to help protect yourself form the most common cyber attacks include:

Reduce the amount of personal information there is about yourself or your friends and family as much as possible. Only give out personal details if you really have to and to companies you can be sure to trust.
Password protect all your devices and do not allow others (you do not know well enough) to access your computer or laptop.
Turning on two-factor authentication (2FA) is a great way to reduce the risk of cyber crime. This will ask you for two ways to authenticate your account whilst logging in. For example, a password and a code that is sent to your phone.
Be aware of possible fraudulent emails and do not click on links in an email to update your information, always go directly to the main website.
Check the full email address of who is sending you the email. These addresses can look obviously spammy or can look quite realistic, double check if you have suspicions.
If shopping online, research seller websites that appear to be selling products at rates surprisingly cheap, or of companies you have not heard of/ used before.
Change passwords regularly and update old passwords.
Be careful when using public Wi-Fi, as the connections are not secure, and people may be able to see what you are doing.
Keep your devices and software up to date.

Preventing phishing attacks on small and medium businesses

SME’s often underestimate the need for cyber security until it is too late. Here are some steps to help small and medium businesses protect their organisation from phishing attacks.

Two-factor authentication (2FA) is one of the best ways for stopping phishing attacks in their tracks. It provides an added layer of protection when logging in to documents and systems that hold sensitive information.
Educating staff members on cyber security and preventive measures can limit of opportunity for employees to be tricked into giving away secure information.
Ensure all employee passwords are strong, changed regularly and people are not using the same password for multiple functions.
Invest in a complete security software system.
Keep regular backups of company data and information.

Phishing attack protection from Cube Cyber

Here at Cube Cyber, we offer cost effective advanced security solutions for small to large sized businesses.

We use Cisco Email Security with Advanced Malware Protection (AMP), which blocks spam, phishing emails and malicious email attachments and websites.

Our Next Generation Firewall service offers malware and intrusion protection, website filtering, network activating and log retention, 24/7 incident response, and more.

If you are looking to install advanced protection for your business, update an older system or would simply like a quote, please get in touch with us today. You can also try our free 21-day trial for your business.

December 9, 2020/by Sam Topping

Data Breaches and Cyber Crime in Australia

Cyber Attacks, Cyber Crime Australia

Cybercrime is a widespread threat, targeting Australia and our businesses, country wide. Small to medium enterprises (SME’s), government organisations, large corporate companies and individuals are all at risk from increasing threats from the latest cyber threats and data breaches.

The Australian Competition and Consumer Commission’s (ACCC) Targeting Scams 2019 report identified Australians lost over $634 million to scams in 2019. This however might not be the true figure as the real cost of cyber attacks is hard to estimate. It is believed to be more likely in the billions every year.

Cybercriminals are attracted to the wealth of Australia and the enormous amount of online activity, that is ever-increasing. Cyber criminals will only take advantage of the increase in online networks, especially with the pandemic forcing more businesses to go online. The opportunity is there for criminals to make even more profits than ever before.

During March 2020, cybercriminals quickly adapted their phishing methods to take advantage of the COVID-19 pandemic. A current report from Avast indicates that individuals have around a 5% higher chance of a cyber-attack than the previous year.

Australian businesses need to protect themselves even further from data breaches and cybercrime now, more than ever, as COVID-19 related scams are on the rise. Framework from the Australian Government’s Australian Signals Directorate (ASD) suggests safter ways to work online for enterprises.

Types Cybercrime that can Occur

Types of cyber scams that are out there:

Cyber abuse – Cyber criminals may bully, harass, or stalk you or your business online.

Online Image and Blackmail – Images of you have been shared online without permission or someone is blackmailing you with the threat of posting certain images (including personal/ intimate images or videos).

Online shopping scams or persuasive fraud – When users are duped or convinced into sending money or supplies to somebody online.

Identity theft – Your personal or business identity information is stolen, and someone is accessing your online accounts with that information.

Email scams – Receiving an email including false information, or imitating a company, that has led you to send money online.

Internet fraud – When money has been taken from your account, after clicking on a malicious link or allowing remote access to your computer.

Data breaches from malware – Your system or device have been hacked from someone you may then demand money.

Data Breaches in the last 12 months

In the last year, we have seen a number of cybercrime incidents of Australian and New Zealand businesses. One of which was the attack on 47 Service NSW staff member’s email accounts, which resulted in data breaches of 186,000 customers and staff.

Resulted data breaches had to be analysed over around 3.8 million documents and 738GB of data (including transaction receipts, scans, notes and forms), over the course of a 4-month investigation.

Then there was the disruption to the New Zealand stock exchange, which halted activity over the course of four days. Surprisingly, the DDoS attack that coursed the disruption is a fairly straightforward type of cyber-attack. A sizeable collection of computers will attempt to connect to an online service at the same time, overpowering its capacity, and disrupting the system. Devices used for the attack will usually have some sort of malware attached.

Back in February, the transport company Toll had to shut down all computer systems across several sites, due to a ransomware attack, leaving customers waiting for undelivered parcels.

The Office of the Australian Information Commissioner (OAIC), reports information from the Notifiable Data Breaches (NDB) scheme to help small and medium size business and enterprises, as well as individuals, understand the statistics of data breaches and cyber attacks. A report for the period from 1 January 2020 to 30 June 2020 shows that human error is the cause behind 34% of data breaches and the health sector is one of the hardest hit industries, reporting 22% of all breaches, 115 during that period.

The finance sector fell second behind healthcare for the amount of date breaches from January to June 2020, reporting 75 breaches; education had 44 breaches during the 6 months, insurance 35 and legal 26.

The same report shows that malicious or criminal attacks were the most common, accounting for 61% of all reports. This includes phishing attacks, malware, and ransomware scams. The OAIC report also shows ransomware attacks are on the rise from the previous 6 months, with an increase of 150%.

Out of all cases reported, 84% of personal information was breached, including home addresses, phone numbers and email addresses. Over a third of breaches involved identity information, which incudes government identity numbers, passport numbers and driving licence numbers.

Australian businesses now have to comply with Notifiable Data Breach laws in order to help protect the personal information of individuals and the organisation. Failing to comply with disclosing data breaches can result in big fines for companies.

Organisations have to but vigilant against cyber attacks and make the necessary changes in order to protect themselves and their customers. This can be done in a number of ways from making sure staff are educated on cyber awareness, performing cyber security audits, and investing in a complete security system.

If you are part of a small or large organisation, and are worried about your levels of cyber security, then why not talk to one of our experts at Cube Cyber.

Chat to our friendly professionals for a free assessment of your cyber security needs at 1300 085 366 or book in your free assessment here.

December 9, 2020/by Sam Topping

Types of Cyber Threat Actors and Their Motivations

Cyber Attacks

For those in business wanting to gain a greater understanding of cyber security terms and methods, it can be quite confusing with all the various names flying around. Often the word hacker is used interchangeably although there are actually many different types of cyber threat actors, and they all have different motives. It is important for businesses to be able to identify these types of criminals in order to prevent attacks before they take hold.

What are cyber threat actors or bad actors?

So, what exactly are cyber threat actors? Bad actors in cybersecurity are individuals, groups or states who intend to gain illegal access to private data, applications, devices, and networks, through the use of malicious activity. Cyber threat actors can range from amateur individuals seeking a thrill, all the way to sophisticated state-sponsored actors who wish to spy on other governments. Cyber threat actors will have varying levels of resources and experience, and often motives.

Types of cyber threat actors

State-Sponsored Actors

State-sponsored attacks are usually the most sophisticated and targeted, with criminals having dedicated tools and the most advanced software available. They have the funds, the time, and the knowledge to complete the most high-value attacks out there. State-sponsored actors are often employed just for the purpose of completing a cyber attack and will have numerous resources and dedicated time to research and carry out an advanced attack. They are funded by their nations to spy on foreign agencies, steal sensitive information or other intellectual properties.

The motivations behind these attacks, which are usually on large organisations or government agencies, is to gain insights that will benefit their nation.

Cybercriminals

Cybercriminals are a type of cyber threat actor who will use tactics such as ransomware, phishing attacks or malicious software to steal sensitive information, financial records, person credentials, bank account details and more. These attackers are usually motivated by financial gain and businesses data will often be found on the dark web or sold on to a third party. These types of cybercriminals will have a good amount of knowledge and can cause severe damage to businesses.

Script Kiddies

Script Kiddies refers to individuals who are novices to hacking and are still learning the basics. These amateur hackers will often make multiple attack attempts, using a variety of methods, while experimenting in the field. This could make them a hazardous threat as they will typically continue their actions until they are successful. Theses type of bad actors are usually out for the thrill and for the challenge of breaking into networks illegally.

Hacktivists

Hacktivists are motivated by using their findings ‘for good’. Their aim is to hack into government agencies or businesses and expose or draw public awareness to things they believe the organisation is doing wrong or covering up. Well known hacktivist groups like WikiLeaks will leak classified documents, private company information, sensitive data, and government information. Their motivation is ideological and to expose ‘the truth’, secrets or awareness to the public.

Insider Actors

Insider actors are usually either current or past employees that can use their authorised access to gain company information. They can also be contractors or other third parties that have access to your workplace networks. These bad actors have the access to the networks, devices, and applications, which makes it easier for them to find incriminating information or to inject malware into online systems. Their motivations are usually derived from discontent, revenge, or financial gain.

Cyber Terrorists

Cyber terrorists can target a whole range of businesses and will do so by causing disruption and harm. These types of attacks are on the rise and will generally harass and stop businesses running efficiently. They want to cause destruction to organisations to bring awareness to their cause, for recruitment purposes, propaganda, financial gain or for political reasons.

What can your company do?

Knowing the types of cyber threat actors and understanding their motivations can help in identifying cyber incidents and how to deal with them efficiently. By knowing who is most likely to be a cyber threat to your business, you can identify the type of information they may be after. Then you will be able to find any weakness in these areas of your organisation and fix any security issues.

It is important to encrypt your company data, so even if a cyber threat actor is able to gain access, the data will be unreadable. You also need to be protecting data as it is sent over the internet, something which is becoming commonplace. Using a Virtual Private Network (VPN) will encrypt files and hide IP addresses, making remote working much safter.

Limiting access to company data can also be an effective way of reducing the risk of insider threats. Only those employees who absolutely need to have access to sensitive data in order for them to do their jobs, should be authorised. Also, the fewer accounts that have access to private company information will reduce the information a hacker will gain if they are able to compromise an employee’s account.

If you found this article insightful, then please share along to anyone you may think will benefit. If you are interested in cyber security for your business, then we at Cube Cyber have a wealth of experience and personalised services for your business.

December 9, 2020/by Sam Topping