Story image

Cyber crime increase means Kiwis must sweat the small stuff

09 Nov 2013

A recent email con that cost three Auckland businesses thousands of dollars demonstrates that it is the relatively simple cyber attacks that Kiwi business owners need to be vigilant against.

Ray Delany, CEO of Designertech, believes the example of the recent Albany and Devonport-based businesses con proves this.

The company, which fell victim to a ruse when placing email orders with Chinese suppliers, shows that when it comes to information security, the overwhelming trend is to think of it in terms of protecting against vast conspiracies, sophisticated malware and determined hackers seeking to compromise data and steal money.

“Probably the most important thing when it comes to information security isn’t so much the technology you have in place to protect yourself, but rather vigilance to detect anything out of the ordinary,” Delany says.

In the latest attack by cyber criminals reported in the media, emails between local business owners and their Chinese suppliers were intercepted and the bank account details changed.

“This is a breathtakingly simple attack, but it is so seemingly legitimate, that it works very well for the attackers,” Delany adds.

By grabbing an email order and then responding to it with an invoice identical to that issued by regular suppliers, but with a notice advising of changed bank details, hackers can get paid thousands while the victim suspects nothing – until it is far too late.

“Such an attack doesn’t require any particular sophistication," Delany adds. "Most computer users today are sufficiently aware of the necessity for security that they will, at the very least, have an Internet security suite installed.

“These suites typically provide a firewall, intrusion detection and prevention, antivirus and identity protection. However, most emails today are still unencrypted.”

That means an attacker can intercept them by ‘sniffing’ messages in-flight (while they are being transmitted) or by accessing them when they are spooling at a mail server.

While free and paid-for tools are available to prevent this particular form of compromise – and he strongly advises using them – Delany says management of all security risks is often better achieved through alertness.

“The ways in which attackers can access information that they can turn into cash are practically limitless," he says.

"Through the combination of freely available hacking tools, social engineering techniques and just plain devious ingenuity, hackers can and will find ways to make it through any chink in your armour.

“There’s no question that you should have an appropriate security posture that includes good technology solutions and sound policies and procedures.

“But what remains most important is a mindset that assumes you are likely to be a target, even if you operate a small organisation which may seem completely outside of the interest of hackers.”

In other words, Delany says, be suspicious.

When anything out of the ordinary occurs with email, business systems or even customers behaving oddly at the front counter, it should raise your hackles at least a little.

“Sometimes it is the really simple things that can lead to real, material losses," Delany concludes.

"It isn’t in the typical Kiwi psyche to be automatically distrustful, but that is why New Zealanders are still falling victim to cyber scams.

"Be vigilant, check things out if unsure – sometimes a simple phone call, as in the case reported in the media article, could avoid a whole lot of headache and heartache."

Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Huawei to deploy Open Rack in all its public cloud data centres
Tech giant Huawei has unveiled plans to adopt Open Rack proposed by the Open Compute Project in its new public cloud data centres across the globe.
Beyond renewables: Emerging technologies for “greening” the data centre
Park Place Technologies’ CEO shares his views on innovations aside from renewable energy that can slim a data centre’s footprint.
Interxion’s David Ruberg wins Europe’s best data centre industry CEO
The European CEO Awards took place this week to celebrate the key figures at the helm of corporations that are driving innovation.
Opinion: 5G’s imminent impact on data centre infrastructure
Digital Realty’s Joseph Badaoui shares his thoughts on how 5G will transform data centre infrastructure now and beyond.
EMEA external storage market hits record high, Dell EMC on top
IDC's recent analysis on the external storage market in EMEA has shown healthy results - with some countries performing better than others - largely fuelled by all-flash arrays.
SolarWinds extends database anomaly detection
As organisations continue their transition from purely on-premises operations into both private and public cloud infrastructures, adapting their IT monitoring and management capabilities can pose a significant challenge.
Was Citrix unaware of its own data breach until the FBI got involved?
According to a blog post from Citrix’s CSIO Stan Black, the FBI contacted Citrix on March 6 and advised that international cybercriminals had allegedly gained access to Citrix’s internal network.