" cybersecurity Archives - LuxSci

Posts Tagged ‘cybersecurity’

How to Avoid Business Email Compromise Attacks

Tuesday, July 5th, 2022

Business email compromise (BEC) attacks are on the rise and are poised to eclipse ransomware as the biggest threat to cybersecurity. Since 2016, $43 billion has been stolen through BEC. Even more concerning, there has been a 65% increase in BEC from 2019 to 2021. This article explores what business email compromise scams are and what steps organizations can take to avoid them.

business email compromise

What are Business Email Compromise Attacks?

In business email compromise scams, attackers infiltrate or impersonate a legitimate corporate email account. They then send phony invoices or initiate contract payments that trick unsuspecting businesses into wiring money to criminals.

These scams rely on humans making the wrong choices. Some examples of business email compromise scams include:

  • A criminal impersonates a vendor and sends a fake invoice to the accounting department.
  • Someone who appears to be the company CEO asks an assistant to make a wire transfer to an unknown account.

Some of the tactics used include:

  • Domain name spoofing: Domain name spoofing involves changing the sender’s “From” address to match the recipient’s domain in the message envelope. Criminals can also use a legitimate domain as the “From” address and a spoofed “Reply-To” domain in the message header.
  • Display name spoofing: The attacker registers a free email account to impersonate a vendor or employee. The attacker would configure the display name to match the employee’s name and then send phishing messages from this account. This technique is effective because recipients often only look at the display name, not the email address. In fact, many email clients will only show the display name when viewing the message, making it easier to hide the sender’s real identity.
  • Lookalike domain spoofing: The attacker may register fake domain names that contain characters that look similar to those in the actual domain name. For example, replacing the lowercase “l” in luxsci.com with an uppercase “I.” The criminal will send phishing emails from this domain to trick the recipient into thinking the message is legitimate.
  • Email Account Compromise: Another common tactic is taking over legitimate email accounts that have been compromised through malware or social engineering to steal data or funds.

How to Prevent Business Email Compromise Attacks

One of the reasons that business email compromise attacks are increasing is because they are often successful. Email filters and content scanning can do little to stop sophisticated social engineering attacks. Nevertheless, there are steps that organizations can take to stop BEC scams.

SPF, DKIM, and DMARC

Implementing technical controls can help prevent BEC scams from succeeding. As discussed above, many attacks use display or domain name spoofing to impersonate company accounts or individuals.

Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC) are anti-spoofing email authentication techniques that use DNS records to validate the sender of an email. Ensure the organization’s domain has valid SPF, DKIM, and DMARC records. Make sure the email provider analyzes all inbound email traffic using these tools.

Viewing the headers of a suspicious message is also an excellent way to detect fraudulent domains. See Gmail, Outlook, Apple Mail, and More: How to View Headers in Email to learn how to see these in the most popular email clients. This can help reveal the actual sender of someone using a spoofed domain or display name.

In addition, implementing email filtering and scanning tools can help flag suspicious links and protect against phishing attacks.

Employee Training

Helping employees recognize business email compromise scams is essential to avoiding them. All employees, not just those with access to sensitive data or financial information, should understand the tactics used by cybercriminals in BEC scams.

Employees should be aware that attackers can use the information they share online via social media against them. Birthdates, pets’ names, nicknames, and information about time off can be used to impersonate others and trick individuals.

Ensure employees are implementing strong passwords and using multifactor authentication to prevent account compromise and stop them from changing account credentials.

Policy and Procedures

Creating clear policies and procedures can help alleviate confusion and prevent individuals from taking action without thinking. For example, organizations should have clearly defined procedures for how and when vendors will send invoices and be paid. That way, when an unexpected email comes in from a “vendor,” employees will know what to do. It’s also essential to keep up-to-date contact information for vendors and employees. Many BEC schemes ask recipients to call a phone number with account credentials or payment information. If the number differs from the contact information on file, it’s wise to pause and call the contact through established channels to confirm the message’s accuracy before proceeding.

By creating clearly defined and enforced policies and procedures, it will be very obvious when deviations occur. Empowering employees with the tools they need to identify business email compromise scams will help protect your company and keep financial information secure.

Improve Account Security by Enabling Multifactor Authentication

Tuesday, May 17th, 2022

This month, the Cybersecurity and Infrastructure Security Agency (CISA) launched an initiative called MFA May to encourage individuals and businesses to enable multifactor authentication for their accounts. This article defines multifactor authentication and explains why organizations should implement it to improve the security of their accounts.

multifactor authentication

 

What is Multifactor Authentication?

Multifactor authentication requires users to present two or more credentials to log in to their accounts. Multifactor authentication is sometimes called two-factor authentication for this reason. The first factor required is a typical username and password. The second factor is usually a code contained within a text, email, or push notification. The user must enter this numerical code to confirm that they are logging into the account. Sometimes an authenticator application is used to generate the code. Instead of a numerical code, the second factor could be a biometric marker like a thumbprint scan.

By requiring a second piece of information to log in to an account, multifactor authentication increases the security of accounts. Even if a hacker gets ahold of your password, they will be unable to log in to an account without the second piece of authentication.

How Multifactor Authentication can Stop Cybercriminals

As you can tell, multifactor authentication is an effective tool for limiting account access. A study by Microsoft found that users who enable multifactor authentication for their accounts will block 99 percent of automated attacks.

It is easier than ever before for hackers to acquire users’ passwords. Data breaches compromise millions of account credentials each year, which can be purchased on the dark web for pennies. Hackers can also use dictionary attacks to guess simple passwords using computer technology. Lastly, users may unwittingly hand over their credentials to a malicious actor during a phishing attack.

However, administrators can stop these attacks by enabling multifactor authentication. Even if a hacker knows your password, they will be unable to access your account without that second piece of information.

How to Enable Multifactor Authentication

Many vendors now offer multifactor authentication. We recommend enabling it as often as possible, especially for sensitive accounts like email, financial accounts, and medical records.

LuxSci has offered options for multifactor authentication to our users for over a decade. Users have the flexibility to choose the second option for authentication. They can choose to send a token to an alternate email address or enable a third-party app like DuoSecurity or Google authenticator to validate their identities. Please contact our support team to learn more about enabling multifactor authentication on your LuxSci account.

Conclusion: Why Use Multifactor Authentication

Cyber threats are increasing across all industries. Although HIPAA does not yet require users to implement multifactor authentication, security experts strongly recommend it. Enabling multifactor authentication is an inexpensive and effective way to improve your security posture. Although users may object to the extra step, enforcing multifactor authentication as an administrator is a smart move.

What is Cyber Insurance?

Tuesday, March 1st, 2022

As cyberattacks are increasing in frequency, many organizations have come to view them as inevitable. Even organizations that have a strong cybersecurity program can be impacted by a zero-day vulnerability or employee errors. Cyber insurance helps limit the impact of a cyberattack by helping organizations recover the costs. Cyber insurance is not a replacement for a comprehensive cybersecurity program. In fact, many cyber liability insurance policies require organizations to take steps to secure sensitive information.

cyber insurance

Who Needs Cyber Insurance?

In the 1990s, the earliest forms of cyber liability insurance were created to help address data processing errors. California’s passage of the Security Breach and Information Act in 2003 led to increased demand for insurance policies. Under this law, California companies were required to notify customers if their information was accessed or stolen by unauthorized persons. As other states passed similar laws and instituted financial penalties for data breaches, cyber insurance policies grew in popularity.

Historically, financial information and credit card numbers were prime targets for cyber criminals. As ecommerce and online banking took off, large financial institutions and retail chains were likely to have cyber insurance because of their increased risk. More recently, cybercriminals have expanded their scope to go after sensitive information collected by other industries. The healthcare, education, and manufacturing industries have become frequent targets for cyber criminals. As a result, more organizations are buying cyber insurance. According to the Government Accountability Office (GAO), cyber insurance sales increased from 26 percent in 2016 to 47 percent in 2020.

This means that any business transmitting or storing sensitive data online is vulnerable to a cyberattack. Sensitive data is not limited to financial information or medical records. Intellectual property, customer or lead lists, and other types of company data could all be at risk.

What Does Cyber Insurance Cover?

There are many types of cyber insurance policies and different coverage options. However, most plans reimburse companies for expenses caused by cyberattacks. Common coverage options include:

  • data recovery costs
  • system forensics to discover the cause of a cyberattack or location of a breach
  • customer notification and reparation costs
  • system repairs
  • legal fees

Some cyber insurance policies may even cover the cost of paying a ransom if compromised by ransomware. Although, it’s tempting to pay a ransom and resume operations quickly, organizations should not count on insurance reimbursement. Law enforcement also discourages companies from paying ransoms and these fees can be quite hefty.

What Doesn’t Cyber Insurance Cover?

Unfortunately, cyber insurance can’t help a company recover from the reputation costs of a data breach or security incident. Many organizations suffer from a loss of business in the aftermath of a cyberattack or breach. Cyber insurance does nothing to defray those costs.

Can I Ignore Cybersecurity?

On that note, it should be obvious that cyber insurance is not a replacement for a strong cybersecurity program. In fact, most insurance providers require organizations to meet minimum security standards to qualify for coverage. Failing to meet these standards may cause the company to void insurance policies.

In addition, lowering the organization’s risk profile by implementing a security program can also help lower insurance premiums. Demonstrating that the organization takes privacy and security seriously can help make these premiums more affordable.

Conclusion

In conclusion, any organization that transmits or stores sensitive information online or is reliant on internet-connected devices to perform vital tasks, should explore coverage options.

5 New Year’s Resolutions to Improve Your Cybersecurity

Tuesday, January 4th, 2022

Happy New Year! Start the year off by making a New Year’s resolution to improve your cybersecurity. Here is LuxSci’s list of what your organization needs to do to prepare for the new year.

cybersecurity new year’s resolution

Read the rest of this post »

Looking Ahead: 3 Cybersecurity Predictions for 2022

Tuesday, December 28th, 2021

We’ve been busy crunching the numbers and analyzing industry trends to bring you our cybersecurity predictions for 2022. Here’s what you should expect in the following year:

2022 Cybersecurity Predictions

Read the rest of this post »