Story image

Cyber crime increase means Kiwis must sweat the small stuff

09 Nov 13

A recent email con that cost three Auckland businesses thousands of dollars demonstrates that it is the relatively simple cyber attacks that Kiwi business owners need to be vigilant against.

Ray Delany, CEO of Designertech, believes the example of the recent Albany and Devonport-based businesses con proves this.

The company, which fell victim to a ruse when placing email orders with Chinese suppliers, shows that when it comes to information security, the overwhelming trend is to think of it in terms of protecting against vast conspiracies, sophisticated malware and determined hackers seeking to compromise data and steal money.

“Probably the most important thing when it comes to information security isn’t so much the technology you have in place to protect yourself, but rather vigilance to detect anything out of the ordinary,” Delany says.

In the latest attack by cyber criminals reported in the media, emails between local business owners and their Chinese suppliers were intercepted and the bank account details changed.

“This is a breathtakingly simple attack, but it is so seemingly legitimate, that it works very well for the attackers,” Delany adds.

By grabbing an email order and then responding to it with an invoice identical to that issued by regular suppliers, but with a notice advising of changed bank details, hackers can get paid thousands while the victim suspects nothing – until it is far too late.

“Such an attack doesn’t require any particular sophistication," Delany adds. "Most computer users today are sufficiently aware of the necessity for security that they will, at the very least, have an Internet security suite installed.

“These suites typically provide a firewall, intrusion detection and prevention, antivirus and identity protection. However, most emails today are still unencrypted.”

That means an attacker can intercept them by ‘sniffing’ messages in-flight (while they are being transmitted) or by accessing them when they are spooling at a mail server.

While free and paid-for tools are available to prevent this particular form of compromise – and he strongly advises using them – Delany says management of all security risks is often better achieved through alertness.

“The ways in which attackers can access information that they can turn into cash are practically limitless," he says.

"Through the combination of freely available hacking tools, social engineering techniques and just plain devious ingenuity, hackers can and will find ways to make it through any chink in your armour.

“There’s no question that you should have an appropriate security posture that includes good technology solutions and sound policies and procedures.

“But what remains most important is a mindset that assumes you are likely to be a target, even if you operate a small organisation which may seem completely outside of the interest of hackers.”

In other words, Delany says, be suspicious.

When anything out of the ordinary occurs with email, business systems or even customers behaving oddly at the front counter, it should raise your hackles at least a little.

“Sometimes it is the really simple things that can lead to real, material losses," Delany concludes.

"It isn’t in the typical Kiwi psyche to be automatically distrustful, but that is why New Zealanders are still falling victim to cyber scams.

"Be vigilant, check things out if unsure – sometimes a simple phone call, as in the case reported in the media article, could avoid a whole lot of headache and heartache."

DigiPlex’s data centre heat reuse system wins award
Its solution to reuse heat to warm thousands of local homes took out the accolade at the recent 2018 Energy Awards.
STT GDC to build hyperscale data centre in Singapore
ST Telemedia Global Data Centres (STT GDC) today unveiled ambitious plans for expansion with its largest data centre in Singapore to date.
Golden opportunities for enterprise e-waste reduction
E-waste is a hot topic in tech circles, and Park Place's EMEA MD believes there could be huge opportunities if data centres and enterprises improve their practices.
How Schneider Electric aims to simplify IT management
With IT Expert, Schneider Electric aims to ensure secure, vendor agnostic, wherever-you-go monitoring and visibility of all IoT-enabled physical infrastructure assets.
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Cisco dominates record-high Ethernet switch & router markets
While the market is flourishing, it’s tough-going as Cisco has increased its majority share of the pie.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.