DIY Phishing and Malware Kits Make it Easy to Compromise Businesses in More Ways than One
A recent article in Forbes shined some light into the world of DIY phishing kits and how easy it can be for virtually anyone to become an effective phisher, one of the most effective tactics in a hacker’s arsenal. GDF’s founder talks about how covering cyber security basics can help keep an organization from becoming a victim, or an unwitting accomplice.
On Thursday, February 26th, Forbes published an article titled DIY Phishing Kits Make It Easy For Scammers To Steal Your Data, which stresses the ease with which just about anyone can get their hands on a DIY phishing kit, or any kind of malware kit for that matter. But it also touched on another important point about how everyone’s cyber security is intertwined when it covers some ways these kits are often implemented, “like compromising legitimate content management systems or blogs in order to install the kit on clean servers. They do this by exploiting vulnerabilities such as SQL injection bugs or remote code execution flaws in these sites.”
Joe Caruso, the founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions headquartered in New York City, has seen it all play out first hand many times. “Raising social engineering awareness across an entire organization on how to avoid attacks like phishing campaigns is a basic must in today’s digital society, and we help clients do that all the time. Because in truth, the human element, the user, is almost always the weakest link an organization’s cyber security chain. Some of the biggest breaches in history have started with a simple phishing email, allowing hackers to do everything from stealing credentials for network access, to delivering basically any kind of malware payload you can imagine, be it spyware for espionage, viruses for destruction and chaos, or even ransomware to hold your data hostage until the ransom is paid.”
You’re not alone
“What many organizations don’t realize is even if they are not the targets of a particular phishing campaign, weaknesses in their security can make them an unwitting accomplice in propagating the problem when an attacker uses their compromised site or network to help launch their campaign against others,” says Caruso. “To some degree, every business with an online presence plays a part in the grand scheme of everyone else’s security, and that’s why it’s so important to stress the basics. Getting those down cold will thwart over 95% of the cyber threats out there, and the more businesses that get fully on board with at least nailing down the basics, the better off we all are.”
The power of security basics
“The first steps to getting that done are knowing where you stand right now, understanding the threats you face, and identifying and eradicating any threats which already may be present – regularly; all of which we can help with, from professional vulnerability assessments and comprehensive penetration testing with a focus on social engineering, to deep scanning networks and testing applications to significantly reduce the chances an organization can be exploited. Cyber attacks can cripple any business, no matter how large or small,” says Caruso, “so don’t rely on chance as a security strategy, get professional help today. Otherwise, it may not only be you paying dearly, the digital world connects us all.”
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.