Twitter Feed
Mobile device security: A new frontier for hackers
Recent security breaches have heightened our awareness of cybersecurity issues. The hack and other security breaches have resulted in unprecedented damages. However, the majority of mobile device users have yet to be sensitized…
Learn How To Buy Cloud From GovLoop & ViON
“Government IT managers must accept that cloud computing services are services, not the purchases of technology. This usually represents a fundamental change in how technology is acquired and managed. Since…
A VETS 360 BENEFIT – LATINO FILM INDUSTRY POST OSCAR PARTY
GUESS WHO SUPPORTS VETS 360? You can support them too at the: THE OFFICIAL LATINO FILM INDUSTRY POST OSCAR PARTY The Veterans 360 mission is to support our young combat…
South Asia’s Biggest Tech Event – “Digital World 2015”
I am proud and honored to announce that I have been added as a speaker at SouthAsia’s biggest tech event “Digital World 2015” , 9th – 12th February, 2015 at…
Fear Hackers? First invest in an IT security culture change
by Kevin L.Jackson With all the news these days about cyberterrorism and hacking the cloud may seem like the last place you would want to put your precious information. Pew…
CloudCamp Bangladesh In Dhaka! – February 11, 2015
Did you know that….. Goldman Sachs recognized Bangladesh as one of the Next Eleven (N-11) – a list of eleven countries having strong potential for becoming the world’s largest economies…
Agile is not the absence of ITIL!
by Jodi Kohut ITIL (formerlyknown as the Information Technology Infrastructure Library) has been the best management practices framework of choice for world class IT Operations organizations. The 5 stage framework:…
Cloud Security: Understanding the Cloud Computing Threat Landscape
In the last two years, IT security breaches have hit the White House, the State Department, the top federal intelligence agency, the largest American bank, the top hospital operator, energy…
Federal Cloud Computing Summit on January 14-15, Washington, DC
The Federal Cloud Computing Summit will be held on January 14-15, 2015 at the Marriott Metro Center in Washington, D.C. (Complimentary government and academic registration) This educational symposium will feature cloud computing…
CONGRATULATIONS! Inaugural Cloud Computing Class at Mira Costa College Graduates!!
Anthony Dorrah, Jose Chapman, Mike Chatelain, Lisa Heiden, Ginelle Johnson, Robert Minson, Alfredo Morales We are so proud of the success of out first cloud computing training class. This group…
As a business communications tool, email is the dominant option, and many corporations have policies that allow the use of personal email on corporate computers. In a recent Adobe Systems commissioned online survey of 400 U.S. white-collar, adult workers, more than 90 percent of them admitted checking personal emails at work. The workers questioned in the poll estimated they spend 6.3 hours a day checking emails, with 3.2 hours devoted to work emails and 3.1 hours to personal messages. Nearly half of the respondents also said that their use of emails for work will increase in coming years with 19 percent saying it will go up substantially.
Employers generally have the discretion to monitor and restrict employees’ personal computer usage as they see fit and, in most cases, email messages are not subject to any personal privacy laws. But even with these stipulations, Dell SonicWall channel partner Michael Crean, President and CEO of Solutions Granted, says that allowing personal email on corporate PCs is just not worth the risk. Solutions Granted, a small veteran-owned business, is certified as a SonicWALL Managed Security Service Provider. According to Crean, the threat of malicious attacks and subsequent remediation cost far outweighs any gain from allowing personal email access. “If your employees need to check their email in the car, they use their personal phone. So why can’t they do the same at work?”
Email phishing, the attempt to acquire sensitive information for malicious reasons by masquerading as a trustworthy entity, is a significant cybersecurity threat.
“In one incident investigated by Dell SecureWorks, attackers phished an employee at a manufacturing company to obtain the login credentials for the company’s Citrix platform. The attackers were able to use the credentials to connect to internal corporate resources, then move laterally through the network and harvest intellectual property using the company’s Altris platform, which remotely distributes new software and patches to all the endpoints.”
The most sophisticated attacks are grouped in two categories:
- Indirect Phishing Attacks –attackers direct a series of emails, usually in combination with organizational information from other sources such as LinkedIn, that add up to a successful phishing campaign. An example would be an employee being tricked into giving away Yahoo credentials as part of an attack, which can give access to contact or calendar information. Another example would be an employee with a cloud-based company email (i.e. Office 365 or Gmail for Business accounts) could be successfully phished. This could give the attacker a platform for sending malicious emails that appear safe.
- Direct Phishing Attacks – Cybercriminals seek login credentials for actual business systems. During Q2 2015 security analysts found multiple examples of phishing attempts on Outlook credentials. Aside from email access, these credentials are frequently used for domain logins, providing an attacker with access to other cloud-based services, such as Dropbox or Salesforce. This sort of breech could also provide an attacker with direct access to corporate proprietary information.
Phishing is often described as spam and, according to Secure List, generally followed the same template:
- Very little text (the email generally contains a typical header consisting of several words which is exactly repeated in the body of the message)
- One or more links which load a brightly decorated picture (sometimes in parts) with all the necessary advertising data (a more detailed advertising text plus contacts: website address, phone number, company name)
- Another long link that leads to a resource that corresponds to the content of the email
- Additional ‘white noise’ text to bulk out the email
The white noise text consists of random phrases or single words in any language which may not be the same as the language of the mass mailing. This text is generally invisible to the reader of as it is written in white or pale color on a standard white background. Email is also often used to distribute malicious attachments in Microsoft Word or Excel.
Phishing is an equal opportunity threat with “Global Internet Portals”, which include email and search portals taking the brunt of the attacks. As a trusted advisor to their customers, Solutions Granted recommends the following:
- Severely restrict or eliminate employee access to personal email via company-owned assets;
- Don’t let preferences of your human resources team overrule the need for IT security; and
- Use industry proven cybersecurity technologies and best practices.
This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.
( Thank you. If you enjoyed this article, get free updates by email or RSS – © Copyright Kevin L. Jackson 2015)
Cloud Computing
- CPUcoin Expands CPU/GPU Power Sharing with Cudo Ventures Enterprise Network Partnership
- CPUcoin Expands CPU/GPU Power Sharing with Cudo Ventures Enterprise Network Partnership
- Route1 Announces Q2 2019 Financial Results
- CPUcoin Expands CPU/GPU Power Sharing with Cudo Ventures Enterprise Network Partnership
- ChannelAdvisor to Present at the D.A. Davidson 18th Annual Technology Conference
Cybersecurity
- Route1 Announces Q2 2019 Financial Results
- FIRST US BANCSHARES, INC. DECLARES CASH DIVIDEND
- Business Continuity Management Planning Solution Market is Expected to Grow ~ US$ 1.6 Bn by the end of 2029 - PMR
- Atos delivers Quantum-Learning-as-a-Service to Xofia to enable artificial intelligence solutions
- New Ares IoT Botnet discovered on Android OS based Set-Top Boxes