Submitted by CyberHub Summit on Fri, 08/10/2018 - 13:07
You've Got Mail
You've Got Mail

Emails are becoming an unavoidable threat to our security.

Both emails and attachments can be highly hazardous to the health of your business.

Why?

Hackers send emails containing viruses, worms and trojans which when activated, infect the host computer, paralyzing, encrypting key documents or providing remote and silent access to the sender. 

[Cyberhub Summit is Coming back to Atlanta, Ga | October 9-10, 2018 - Cyber Security education for executives and business owners and Powerful Networking. | Get the latest from Cyberhub Summit by signing up for their newsletters. ]

This is nothing new, what is however, a worrying and powerful trend is the frequency and the force that commercial businesses are being attacked.

Unknown senders

Viruses are spread because email account holders open emails from unknown sources and download their attachments.

Sometimes.

If only it was that simple, as people have become warier of unknown senders, hackers have changed shape and will hack into email accounts to send emails to their contacts, so now we must be wary of emails from friends and colleagues – and that's just our personal accounts.

Spear-phishing email campaigns target commercial email accounts all the way up the corporate ladder and into the government sphere to take advantage of security vulnerabilities and unfortunately for business, there simply isn't any easy way to avoid emails, in fact many businesses are dependent on an exchange of documents via email.

A stunning example of this has been the recent takedown of three top operatives from FIN7.

Say Hello to FIN7

Recently in the news are the FIN7 hackers who are thought to have stolen over a billion dollars worldwide, including over 15million credit card details in the US alone.

Using techniques akin to state sponsored attacks, this group has hit the financial sector with full force. The approaches have been varied and whilst private users may be able to avoid opening strangers' email, in the daily workings of many businesses, many have to do just that.  

FIN7 have capitalized on this fact to the extreme and last week, three members of the group Dmytro Fedorov, Fedir Hladyr, and Andrii Kopakov, all Ukranian nationals, were arrested and charged with 26 felony counts each, including conspiracy to wire fraud and identity theft.

An example of their methods shows just how difficult it is to avoid advanced phishing schemes.

Red Robin Gourmet Burgers

Last year, a Red Robin Gourmet Burgers employee received an email compliant with an attachment including 'further details' The diligent employee opened it and the malware began to infect Red Robins internal network.

Timeline

  • 3 days post attack - FIN7 had mapped Red Robin’s internal network.
  • One-week post attack – FIN7 had obtained a username and password for Red Robins POS software management program.
  • Two weeks post attack - FIN7 had uploaded with usernames and passwords for almost 800 red Robin locations with all manner of private data including control panels for alarm systems.

Can you mitigate your risk to hackers like FIN7?

Proceed with caution

With email attachments, be alert and avoid downloading or running an attachment unless necessary. Keep up to date with security patches.  In addition, you should be able to preview attachments, like PDF files without downloading.

If you’re using Gmail or Outlook.com, or Yahoo! Mail, your emails are automatically scanned for malware and flagged for warnings. Following this, your anti-virus, although imperfect, are good indicators of suspicious emails – don't ignore them!

Exercise caution with archived or encrypted files, like zip or rar files. To access these, you need to download the archived files and provide a password to look at the contents, this bypasses antiviruses programs from exploring the documents making it a good place to hide malware.

If you need to open attachments look first and foremostly at the file extension. Microsoft has made it clear that there are only a few file extensions that are safe: GIF, JPG or JPEG, TIF or TIFF, MPG or MPEG, MP3 and WAV. That's because these files actually reflect necessary file types – anything with a different file extension or a double extension such as image.gif.exe, has a high chance of being bogus.

A sample of potentially unsafe file extensions that can run malicious code include: .msi, .bat, .com, .cmd, .hta, .scr, .pif, .reg and js.

If your bank is sending you a file with XLS or TXT at the end, it's worth giving them a call before you open it as these types of documents have a higher frequency of being infected. Unfortunately, this also applies to excel files, heavily used for work-related purposes.

The bottom line is we may have to start using older methods (the phone) to check the safety of many more emails to be sure that we are doing our utmost to avoid scams.