Cyber Aftershocks from Nepal’s Earthquake Can Cripple Businesses Right Here at Home
US-CERT recently issued an alert about cyber scams popping up in the aftermath of Nepal’s deadly earthquake, which is just more proof businesses have to be extra vigilant against social engineering attacks which could end up compromising their entire network. The founder of Global Digital Forensics talks about the threats scammers like these can pose to businesses and the importance of bolstering social engineering awareness enterprise wide.
It’s a pattern that won’t relent anytime soon – when a deadly natural disaster strikes anywhere on this planet, cyber scammers will immediately be thinking up ways to leverage human sympathy and compassion for their own personal gain. And on April 30, 2015, US-CERT (United States Computer Emergency Readiness Team) issued an alert titled “Nepal Earthquake Disaster Email Scams,” warning users “of potential email scams citing the earthquake in Nepal. The scam emails may contain links or attachments that may direct users to phishing or malware infected websites.”
The worst kind of scoundrel
“It only takes one successful phishing email for an entire network to become compromised,” said Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions headquartered in New York City. “People tend to let their guard down a little bit when confronted with a tragic, heart-wrenching event. That’s why all those emails start circulating with fictitious charities and aid groups every time a natural disaster takes place. They play on people’s innate goodness to further their own devious ends. It makes me mad on two fronts; one, reputable organizations which are really helping people get readily dismissed for fear it is some kind of scam, and two, they victimize people that are trying to do something good. The victims don’t only get swindled out of a donation, but they probably also gave the attacker valuable information or further access in the process, depending on the malware payload, which can lead to further problems down the road, both at home, and at work.”
For many attackers, it’s go big or go home
“Many times the prize an attacker is after is just not a quick, dirty buck, it’s much bigger than that,” warns Caruso, “it’s about gaining a foothold in corporate networks which they can leverage in hopes of finding an even grander opportunity to milk for all it’s worth, whether through theft, espionage, or extortion. All they have to do is design a clever phishing email and maybe even a matching website in the aftermath of a disaster event and wait for human decency to compel someone to take the bait by clicking on a link, opening an attachment or entering credentials. From there it obviously can have devastating consequences for any business, from getting spyware, ransomware or any other kind of nasty malware you can think of past perimeter security, whether directly or piggybacking on a mobile device like a smartphone or tablet, which many organizations now allow as part of the BYOD (Bring Your Own Device) explosion we’ve seen over the last couple of years.”
Cyber-based social engineering attacks have to be a main focus
“When we do cyber penetration testing for businesses, we also offer a thorough social engineering component. And by that I mean we design phishing emails, set up dummy sites and go through all the same steps an attacker would to show businesses where their weak points are on that front and just how serious a threat it is, so that employees can be better educated and trained, and policies and procedures can be updated, revised and refined. It’s not uncommon for us to get 70% or more of our targets to fall for our social engineering tactics, which are modeled after real-world attacks in use every day. Add a disaster element, and it just makes it that much easier,” says Caruso. “At that point it’s just about watching and counting how many people just gave us complete access to the business network, to steal, deliver a malicious payload, or do whatever else we would want to do if we were actual attackers.”
While GDF penetration testing and vulnerability assessments are invaluable before an attack occurs, sometimes attackers will find that one weak link in the chain and get through. Again, it just takes one employee to unlock the gates. So if an intrusion event does occur, how a business responds will likely make the biggest difference in just how damaging the aftermath of the intrusion or data breach will be. Global Digital Forensics has emergency incident response teams ready to answer the call 24/7, and with responders positioned strategically across the country, and the globe, GDF’s response times are unrivaled in the industry.
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. GDF’s emergency responders are also standing by to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.