" cybercrime Archives - LuxSci

Posts Tagged ‘cybercrime’

AI Threats to Email Security

Tuesday, October 17th, 2023

Artificial intelligence is a buzzy topic in the tech industry right now. Many experts are looking to AI to help solve some of the complex challenges of our times. However, besides this technology’s helpful and practical applications, there are some concerns that AI can be used for malicious purposes. In this article, we review some of the top threats to email security posed by AI and what you can do to prevent them.

person using ai tool

AI Threats to Email Security

In general, the biggest threat artificial intelligence poses to email is the ability to easily scale and increase the effectiveness of existing threats. The power of AI can be used to craft more effective phishing and business email compromise attacks and potentially cost businesses billions of dollars. Let’s review how artificial intelligence can increase the success of these types of cyberattacks.

AI and Phishing Attacks

In today’s world, phishing emails are often easy to identify. They are typically launched by criminals outside of the United States and use poor grammar, contain misspellings, or are poorly formatted in other ways. As a result, they are straightforward for the average email user to avoid. Artificial intelligence can help correct some of these common errors and make it easier for cybercriminals to create more convincing emails. As a result, we could see more phishing attacks succeed, wreaking havoc on our online security.

Let’s look at an example. Say a hacker from Russia wants to launch a ransomware attack on an American hospital. To do so, they need an email recipient to click on a link in the email that will install malware on their computer, enabling the hacker to gain access to restricted systems. The hacker does not speak English but has been able to launch attacks on other systems using an email drafted to resemble a password reset. Previously, he may have taken this email, ran it through an online translator, and then hit send on the email, unaware of any typos or strange translations that made it into the text. With AI, he can craft a much stronger email that will fool a busy hospital administrator into clicking on the link.

Some AI text generators have taken steps to prevent people from entering prompts that directly ask for prewritten phishing emails. However, artificial intelligence makes it incredibly easy to translate text from other languages in a grammatically correct manner. Scammers can create unique messages at scale that are more likely to fool email recipients.

AI and Business Email Compromise

Business email compromise attacks are one of the most effective email security threats. Still, because of the time and research they take to deploy, they don’t garner as much attention as phishing and ransomware. Artificial intelligence can help speed up essential research about a target to craft business email compromise attacks.

Let’s take another example. Say an individual wants to steal from a major corporation. The attacker decides to impersonate a company vendor and fool them into routing payments to the attacker instead of the legitimate contact. Artificial intelligence can reduce the time it takes to identify potential targets and possible attack vectors. Cybercriminals can use AI prompts to identify profitable companies, locate lists of vendors, and even research individuals in the roles that are likely to interact with the target.

AI can also use prompts like “generate an email asking for payment on a business invoice” to create legitimate seeming business emails. Using these technologies lowers the barriers to executing a successful business email compromise attack, meaning that more cybercriminals will likely attempt them more frequently.

How to Prevent AI Email Attacks

The good news is that the introduction of AI technology has not changed how we fend off these attacks. The first place to start is with policy and training. Business email compromise thefts are easily thwarted by having policies and procedures in place to prevent unusual cash transfers to unauthorized individuals. Ensuring your staff knows the types of threats and raising awareness of the risks can help protect your business.

Secondly, you can implement email filtering technology to help protect your inboxes from emails sent from suspicious sources. Although scammers can craft persuasive messages, they can’t hide their origin. Organizations can use email filtering software to quarantine or stop suspicious messages from reaching employee inboxes. This technology can prevent email domains without SPF or DKIM records from passing through your inboxes, alleviating a common spam tactic.

Conclusion

The threats to email security posed by artificial intelligence are quite serious. Nevertheless, organizations can take steps to protect themselves by implementing the proper defenses. Contact LuxSci today to learn more about our advanced email filtering solutions.

The Cybersecurity Risks of Mergers and Acquisitions

Thursday, February 2nd, 2023

In tough economic times, many businesses go through mergers and acquisitions to improve their financial prospects. However, this process can put organizations’ sensitive data at risk. In this article, we discuss the cybersecurity risks of mergers and acquisitions. According to a report by Forescout, 62 percent of participants agreed that their company faces significant cybersecurity risks by acquiring new companies and expressed that cyber risk is their biggest concern post-acquisition.

cybersecurity risks of mergers and acquisitions

Before M&A: Assess Cybersecurity Risk

Even before mergers and acquisitions are announced, it can be a vulnerable time for a company’s data. Leakage of sensitive company data, like confidential financial information, can be catastrophic to negotiations. As a result, this makes companies considering a merger or acquisition highly susceptible to hacking.

Internal threats are also likely to increase. Employees not involved in negotiations may learn about merger talks and have some incentive to leak data to the press or to criminals to stop the process. It is essential to protect all communications relating to merger discussions.

The most significant risk of a merger is not doing cyber due diligence on the company being acquired. Risk analysis needs to be a part of negotiation talks. Most organizations being merged or acquired are smaller, with low levels of sophistication, and may lack mature cybersecurity programs. You need to understand the potential risks your company may be inheriting to prepare to address them properly. Security personnel need to be included in M&A talks to ask the right questions, audit systems, and prepare for integration.

Addressing Risk During Integration

Once a company merges with another, the risks to sensitive data increase. Highly sophisticated threat actors target M&A activities because, with operations in transition, high-value data is often vulnerable. 

The Technology Risks of Mergers and Acquisitions

In 2019, the IBM Institute for Business Value surveyed 720 executives responsible for the merger and acquisition functions at acquirer organizations. More than one in three said they experienced data breaches that can be attributed to M&A activity during integration.

IT changes may be extensive and cannot all take place at once. It’s essential to take time to fully understand inherited policies, equipment, and procedures before making rapid changes. Enterprise IT projects take time to plan and complete without disrupting day-to-day operations.

IT teams will deal with a new mix of assets, technologies, processes, and organizational culture during integration. Risks continue to evolve during the initial period of change as they learn more about inherited systems and processes. They may also be overwhelmed by integration tasks integral to day-to-day operations, so that security tasks may be a lower priority. It’s incredibly important to prioritize security and have a well-organized transition to ensure that sensitive data is not exposed.

The Personnel Risks of Mergers and Acquisitions

Changing personnel can also create gaps in your security program. Employees with institutional knowledge may leave the company, meaning crucial processes and procedures must be re-documented and updated. If teams are understaffed in essential areas, they may take shortcuts that leave sensitive data exposed.

Staff burnout and uncertainty from the transition can also lead employees to make mistakes. Phishing and business email compromise threats are prevalent in the early days of a merger or acquisition. People may report to new managers and fall prey to social engineering-style attacks because of their unfamiliarity with new reporting lines and company hierarchy.

It’s important to prioritize security training and update all employees on policies after a merger occurs. Clearing up ambiguity helps to reduce risk and builds trust in the organization.

How to Reduce Cybersecurity Risk During a Merger or Acquisition

Utilizing basic email security features like filtering and message encryption can go a long way to protect sensitive data and limit risks. Whenever confidential information is shared, it should occur through secure or encrypted channels. Leaked information can lead to negative consequences and volatility.

The best way to reduce risk is to plan for it. It’s critical to thoroughly understand the risks you will inherit by merging with or acquiring another company. This should include thoroughly reviewing risk assessments and IT systems and even bringing in a third-party to assess their cybersecurity. The time to find out about these liabilities is before the merger occurs, not on day one. 

How to Avoid Business Email Compromise Attacks

Tuesday, July 5th, 2022

Business email compromise (BEC) attacks are on the rise and are poised to eclipse ransomware as the biggest threat to cybersecurity. Since 2016, $43 billion has been stolen through BEC. Even more concerning, there has been a 65% increase in BEC from 2019 to 2021. This article explores what business email compromise scams are and what steps organizations can take to avoid them.

business email compromise

What are Business Email Compromise Attacks?

In business email compromise scams, attackers infiltrate or impersonate a legitimate corporate email account. They then send phony invoices or initiate contract payments that trick unsuspecting businesses into wiring money to criminals.

These scams rely on humans making the wrong choices. Some examples of business email compromise scams include:

  • A criminal impersonates a vendor and sends a fake invoice to the accounting department.
  • Someone who appears to be the company CEO asks an assistant to make a wire transfer to an unknown account.

Some of the tactics used include:

  • Domain name spoofing: Domain name spoofing involves changing the sender’s “From” address to match the recipient’s domain in the message envelope. Criminals can also use a legitimate domain as the “From” address and a spoofed “Reply-To” domain in the message header.
  • Display name spoofing: The attacker registers a free email account to impersonate a vendor or employee. The attacker would configure the display name to match the employee’s name and then send phishing messages from this account. This technique is effective because recipients often only look at the display name, not the email address. In fact, many email clients will only show the display name when viewing the message, making it easier to hide the sender’s real identity.
  • Lookalike domain spoofing: The attacker may register fake domain names that contain characters that look similar to those in the actual domain name. For example, replacing the lowercase “l” in luxsci.com with an uppercase “I.” The criminal will send phishing emails from this domain to trick the recipient into thinking the message is legitimate.
  • Email Account Compromise: Another common tactic is taking over legitimate email accounts that have been compromised through malware or social engineering to steal data or funds.

How to Prevent Business Email Compromise Attacks

One of the reasons that business email compromise attacks are increasing is because they are often successful. Email filters and content scanning can do little to stop sophisticated social engineering attacks. Nevertheless, there are steps that organizations can take to stop BEC scams.

SPF, DKIM, and DMARC

Implementing technical controls can help prevent BEC scams from succeeding. As discussed above, many attacks use display or domain name spoofing to impersonate company accounts or individuals.

Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC) are anti-spoofing email authentication techniques that use DNS records to validate the sender of an email. Ensure the organization’s domain has valid SPF, DKIM, and DMARC records. Make sure the email provider analyzes all inbound email traffic using these tools.

Viewing the headers of a suspicious message is also an excellent way to detect fraudulent domains. See Gmail, Outlook, Apple Mail, and More: How to View Headers in Email to learn how to see these in the most popular email clients. This can help reveal the actual sender of someone using a spoofed domain or display name.

In addition, implementing email filtering and scanning tools can help flag suspicious links and protect against phishing attacks.

Employee Training

Helping employees recognize business email compromise scams is essential to avoiding them. All employees, not just those with access to sensitive data or financial information, should understand the tactics used by cybercriminals in BEC scams.

Employees should be aware that attackers can use the information they share online via social media against them. Birthdates, pets’ names, nicknames, and information about time off can be used to impersonate others and trick individuals.

Ensure employees are implementing strong passwords and using multifactor authentication to prevent account compromise and stop them from changing account credentials.

Policy and Procedures

Creating clear policies and procedures can help alleviate confusion and prevent individuals from taking action without thinking. For example, organizations should have clearly defined procedures for how and when vendors will send invoices and be paid. That way, when an unexpected email comes in from a “vendor,” employees will know what to do. It’s also essential to keep up-to-date contact information for vendors and employees. Many BEC schemes ask recipients to call a phone number with account credentials or payment information. If the number differs from the contact information on file, it’s wise to pause and call the contact through established channels to confirm the message’s accuracy before proceeding.

By creating clearly defined and enforced policies and procedures, it will be very obvious when deviations occur. Empowering employees with the tools they need to identify business email compromise scams will help protect your company and keep financial information secure.

What is Cyber Insurance?

Tuesday, March 1st, 2022

As cyberattacks are increasing in frequency, many organizations have come to view them as inevitable. Even organizations that have a strong cybersecurity program can be impacted by a zero-day vulnerability or employee errors. Cyber insurance helps limit the impact of a cyberattack by helping organizations recover the costs. Cyber insurance is not a replacement for a comprehensive cybersecurity program. In fact, many cyber liability insurance policies require organizations to take steps to secure sensitive information.

cyber insurance

Who Needs Cyber Insurance?

In the 1990s, the earliest forms of cyber liability insurance were created to help address data processing errors. California’s passage of the Security Breach and Information Act in 2003 led to increased demand for insurance policies. Under this law, California companies were required to notify customers if their information was accessed or stolen by unauthorized persons. As other states passed similar laws and instituted financial penalties for data breaches, cyber insurance policies grew in popularity.

Historically, financial information and credit card numbers were prime targets for cyber criminals. As ecommerce and online banking took off, large financial institutions and retail chains were likely to have cyber insurance because of their increased risk. More recently, cybercriminals have expanded their scope to go after sensitive information collected by other industries. The healthcare, education, and manufacturing industries have become frequent targets for cyber criminals. As a result, more organizations are buying cyber insurance. According to the Government Accountability Office (GAO), cyber insurance sales increased from 26 percent in 2016 to 47 percent in 2020.

This means that any business transmitting or storing sensitive data online is vulnerable to a cyberattack. Sensitive data is not limited to financial information or medical records. Intellectual property, customer or lead lists, and other types of company data could all be at risk.

What Does Cyber Insurance Cover?

There are many types of cyber insurance policies and different coverage options. However, most plans reimburse companies for expenses caused by cyberattacks. Common coverage options include:

  • data recovery costs
  • system forensics to discover the cause of a cyberattack or location of a breach
  • customer notification and reparation costs
  • system repairs
  • legal fees

Some cyber insurance policies may even cover the cost of paying a ransom if compromised by ransomware. Although, it’s tempting to pay a ransom and resume operations quickly, organizations should not count on insurance reimbursement. Law enforcement also discourages companies from paying ransoms and these fees can be quite hefty.

What Doesn’t Cyber Insurance Cover?

Unfortunately, cyber insurance can’t help a company recover from the reputation costs of a data breach or security incident. Many organizations suffer from a loss of business in the aftermath of a cyberattack or breach. Cyber insurance does nothing to defray those costs.

Can I Ignore Cybersecurity?

On that note, it should be obvious that cyber insurance is not a replacement for a strong cybersecurity program. In fact, most insurance providers require organizations to meet minimum security standards to qualify for coverage. Failing to meet these standards may cause the company to void insurance policies.

In addition, lowering the organization’s risk profile by implementing a security program can also help lower insurance premiums. Demonstrating that the organization takes privacy and security seriously can help make these premiums more affordable.

Conclusion

In conclusion, any organization that transmits or stores sensitive information online or is reliant on internet-connected devices to perform vital tasks, should explore coverage options.

Why the Healthcare Industry is a Target for Cybercrime

Tuesday, September 21st, 2021

Healthcare data seems mundane- but in the hands of a cybercriminal it can be quite valuable. Medical records contain private information that can be used to blackmail or impersonate others. Even if you aren’t a public figure with a sensitive medical condition, the financial and personal identifiers found in medical records make them a target for cybercrime.

healthcare cybercrime

Read the rest of this post »