Story image

Spear phishing

01 Nov 2010

You probably have heard about ‘phishing’ attacks, where cyber criminals attempt to penetrate a business network to steal valuable information. But ‘spear phishing’ is a more recent phenomenon, in which a specific company, or individual staff, are targeted. If your company has developed a unique product which has serious money-earning potential, then you could be subject to a spear phishing attack, and you need to take special precautions.What the phisher is trying to do is penetrate your computer network, and a common way of doing this is to entice you to let them in. They can do this by looking at the names and email addresses of employees that are often listed on company websites. Social networking pages, either those of the business or those run by individual employees, are also favoured. They may even start with a phone call, in the guise of a potential customer, seeking information (this is known as ‘vishing’ or ‘voice phishing’). The next step is to start sending emails to their ‘targets’. They may contain attachments with special offers or links to places where useful information can be obtained. The aim is to get those attachments and/or links opened inside the company firewall; then the malware they contain can be downloaded on the employee’s computer, creating a gateway to the server. Phishers can be quite patient and subtle in their approach, taking time to build a rapport with the unsuspecting employee. But once in, they will work quickly, lifting information wholesale with a view to selling it to the highest bidder, before the breach is detected.The way to foil such attacks is twofold: firstly, if your data is sensitive and valuable, you need to protect it appropriately. If you’re still managing your own server security, it may be time to graduate to a managed security system maintained by experts, who can monitor it for possible intrusions and keep protection up to date. The second, but no less important step, is to educate staff about requests for information from previously unknown sources. Any such approaches should be checked for their bona fides before any information is given out. Extra care should be taken with incoming emails, and software that scans attachments and links should be mandatory.

Edge computing market to provide ‘lucrative opportunities’
The market is set to skyrocket in the coming years, paving the way for emerging market players.
Opinion: 3 ways cloud & colocation providers can use renewables
Schneider Electric’s John Powers discusses the renewable revolution that is underway and how providers can jump on board.
Former CBRE data centre head joins EkkoSense board
Data centre expert Mark Acton will be strengthening the board as a non-executive director.
$50b modular data centre market driven by edge computing
Findings from a new research report have been released by Global Market Insights that show a burgeoning market.
Telia Carrier launches new PoP in SUPERNAP Italia data centre
Today Telia Carrier announced a new Cloud Connect PoP in the SUPERNAP Italia data centre near Milan, Italy.
Verizon makes major step towards Multi-Access Edge Compute
In a trial environment in California, the wireless provider achieved full virtualisation of baseband functions.
Interview: Edge computing - the force powering hyperconverged infrastructure
Scale Computing CEO Jeff Ready talks offerings, plans for the future, and a look as edge computing as the next tech innovation.
Symantec, Ixia combine efforts to secure hybrid networks
Ixia’s CloudLens and Symantec Security Analytics now feature complete integration, which allows Symantec customers to gain real-time visibility into their hybrid cloud environments.