Story image

Thwart phishers and their bait through a total security approach

13 Feb 18

How many phishing emails landed in your inbox today? How many were caught by your filters? How many people clicked on the links and entered their details into dodgy websites? Maybe your CEO was a specific target.

These types of scams are becoming all too common, with many governments and watchdogs doing their best to cut through the noise and educate everyone about the dangers of phishing.

Unfortunately, organisations such as Xero and its customers are being dragged through the mud as greedy cyber attackers create emails and websites that look scarily like the real thing.

Here’s an example. The week of September 28 2017 was a bumper week for phishing emails as criminals masqueraded as both Telstra and the Commonwealth Bank of Australia.

To the untrained eye, both the emails and websites looked almost identical to the genuine sites.

New Zealand is not immune. CERT NZ found that out of a total 390 incidents reported to the watchdogs between April and September last year, 153 were incidents classed as phishing and credential harvesting.

So if emails and websites look genuine, how can you discern the real from the fake?

You should check every email and every link for spelling mistakes and maybe even double check with the genuine organisation about something you’re not sure about.  Security technologies are also more advanced than ever before and they are able to filter out the phony websites.

Before we get to that though, let’s talk about malware.

The CERT NZ report also found that 28 reported incidents were related to malware. Bitdefender recently spotted a custom malware called Operation PZCHAO that was targeting various regions of Asia.

The Ursnif banking Trojan has also been targeting Australia and New Zealand with a disproportionate prevalence. It has been masquerading as genuine brands like Xero and Tax Store Australia.

How can we fight back against malware and phishing attacks? In addition to possessing a healthy dose of cyber hygiene such as not clicking on suspicious documents, cyber protection is more advanced than ever before as it evolves to fight back against cyber threats.

Bitdefender Total Security 2018 is a four-in-one product available for your Windows, Mac, iOS and Android devices. It combines protection, performance and privacy in one product that covers all your security needs.

Bitdefender Total Security 2018 also offers anti-phishing and anti-malware technologies that can secure your organisation, your family - and your CEO.

How does its phishing prevention work? It fights back against phishing by sniffing and blocking websites that masquerade as trustworthy in order to steal financial data such as passwords or credit card numbers. It warns you every time you come across fraudulent attempts.

It also defends against all threats including malware, zero-day exploits, rootkits and spyware.

What else is included? Webcam protection, multi-layer ransomware protection, a password manager, file shredder and social network protection just to name a few.

Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Spark Lab launches free cybersecurity tool for SMBs
Spark Lab has launched a new tool that it hopes will help New Zealand’s small businesses understand their cybersecurity risks.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t.