CS Jan-Feb 2024

More documents

Recommendations

Info

phishing PHISHING FOR THE ANSWERS DOMAIN PHISHING SCAMS HAVE NOW REACHED LEVELS NEVER SEEN BEFORE. CONSTANT VIGILANCE CAN ENSURE THAT THEY DON’T PROVE SUCCESSFUL Businesses, consumers and individuals all profit from advanced technology in various aspects of their lives. However, cybercriminals also reap the benefits of innovative digital tools employing creative domain name phishing methods, points out Brian Lonergan, Identity Digital's vice president of product strategy. "This underscores the importance of domain names in cybersecurity for any business - from international corporations to local businesses. The good news is that there are ample tips and measures to ensure their safety," he states. Security must be a key factor when buying or upgrading a domain name, he adds, and working with the right domain registrar can make all the difference. Different registrars and registries will offer varying security measures, and it's important to review everything they offer to make the best decision for your organisation's specific needs. "For instance, Identity Digital includes Homographic Blocking for any Identity Digital domain to enhance protection against phishing attacks. In this type of phishing, attackers use characters similar to legitimate domain names, like replacing 'O' with '??'. They may also manipulate domain names using plurals or hyphens. "Homographic blocking technology identifies and blocks malicious domain name variants, safeguarding the brand from compromise," comments Lonergan. "Additional practices companies should be vigilant against are domain name system [DNS] attacks, namely cache poisoning. "During a cache poisoning attack, a fraudster sends malicious DNS responses to a DNS server, which can contain false information, associating a valid domain with a malicious IP address, leaving victims vulnerable to spoofing attacks. One way to help prevent this is by working with a domain name registrar that offers Domain Name System Security Extensions [DNSSEC], which, when enabled, add cryptographic security to DNS responses." A quick and simple way to spot an attack, or the possibility of one, is by paying attention even to the tiniest variation in written communications," he adds. "Be it an email, a text or a website's copy, all of that can indicate something malicious afoot. Any deviation in fonts, brand colour schemes or logos, website designs and, of course, grammar and spelling suggest that you might be looking at a poor imitation. Cybercriminals perpetuating phishing attacks do not put the same effort into maintaining the high calibre of branding and visual identity of the businesses they imitate." Security of one's domain name should be part of a business's overall security strategy, he says. "Luckily, we have more helpful means at our fingertips than ever before to stay ahead." Domain phishing scams have now reached unprecedented levels, says Steve Herbert, head of service delivery, Nominet. "However, these are not the phishing scams of old: cybercriminals have evolved their tactics, now meticulously crafting websites that mirror legitimate domains with alarming precision, making it increasingly challenging to distinguish between the authentic and the fraudulent." TACTICS HAVE MOVED ON In the three months prior to December 2023, Nominet identified and blocked more than 450 fake shops using .UK domains, which employed the same fake storefronts selling popular high street brands. "The threat actors got so desperate to reinstate these domains that they attempted to impersonate Nominet staff via LinkedIn," reveals Herbert. "These efforts were unsuccessful, of course, which is a great result for our staff and security procedures." 22 computing security Jan/Feb 2024 @CSMagAndAwards www.computingsecurity.co.uk
phishing Malicious actors who set up fake websites are, of course, hoping to catch users off guard. "The battle against domain phishing scams demands unwavering vigilance," he adds, "as most attacks prey on our busy lifestyles, in the hope we won't notice things are 'a little off', If something seems a little too good to be true, or the website perhaps isn't exactly how you remember it, it's always best practice to double-check the domain URL or the email address and language used in any correspondence." To be really sure, you can contact the company independently to enquire about the communication validity. Legitimate companies will generally have a website accessible from a search engine where anyone can find their details. Taking a proactive approach will stand you in good stead to pick up on anything suspicious, says Herbert. "We would recommend you visit the website of the company that any questionable email claims to be from to see if there are any announce-ments about phishing attempts. Having said that, just because there hasn't been one before doesn't mean there won't be a first! "For businesses, implementing basic levels of cyber hygiene, like technical measures of threat identification and mitigation, is a good first step, but unfortunately this often isn't enough," he continues. "For peace of mind, it's best practice to invest in a positive security culture, regular security awareness training and pen testing - these are simulated phishing attacks that will help you determine the effectiveness of staff awareness training. Deficiencies in process or employee blind spots can then be rectified." STAY VIGILANT Durali Cingit, incident response analyst at Integrity360, states that the important questions to ask when it comes to accessing a website and establishing if it is legitimate or a phishing one are: "How did I get here, directly or indirectly? Did I click on a link from an email? Did I use a search engine to get to this website? Have I been redirected to this website from a link?" These questions will help to keep you safe. "In order to distinguish the real from the fake, there are a few details to look out for on websites," he advises. "First, you want to check the URL of the website; safe and secure websites all begin with 'HTTPS://' and, depending on the browser you use, you will see a green padlock or the URL bar will be green as an indicator that this website is secure. However, threat actors have also adapted and evolved into now making their websites secure to fool users into thinking that the fake website is legit, so it's not enough to rely on this alone." Also, the 'About Us/Contact Us' page should provide a contact form or an email address, which can be a key indicator. "These pages are normally populated with different ways in which you can contact the organisation, whereas a phishing website may only contain one source of contact information." Finally, he suggests, you should ask yourself the 'How did I get here?' question. "The main tactic threat actors use to get users onto a phishing website is either through email or SMS message. Users should be alert and cautious as to who sent the email. If they were expecting an email form the sender, is the email asking them to click on a link or an attachment, which more often than not will redirect the user to a phishing website. "Same procedure with SMS text messages where users fall prey to fake text messages - eg, from the bank with a link that will ask the user to log in, in order to steal their financial login details." He also advises organisations to sign up to programmes that make it mandatory for all employees to take part in being educated on phishing and the signs to look out for. Brian Lonergan, Identity Digital: we have more helpful means at our fingertips than ever before to stay ahead. Steve Herbert, Nominet: in just three months, his company identified and blocked more than 450 fake shops using .UK domains. www.computingsecurity.co.uk @CSMagAndAwards Jan/Feb 2024 computing security 23
Page 1: Computing Security Secure systems,
Page 4 and 5: Secure systems, secure data, secure
Page 6 and 7: news Bernard Montell. HORNETSECURIT
Page 8 and 9: news Sukru Ilker Birakoglu. SUPPORT
Page 10 and 11: 2024 predictions THROUGH THE ‘LUR
Page 12 and 13: 2024 predictions Aaron Kiemele, Jam
Page 14 and 15: training SAFEGUARDING HR IN THE AGE
Page 16 and 17: cybersecurity THE TOP-LEVEL FIBRE B
Page 18 and 19: artificial intelligence AI - WHERE
Page 20 and 21: artificial intelligence Gareth Lock
Page 24 and 25: ansomware WE SHALL NOT BE MOVED! SE
Page 26 and 27: ansomware Raja Patel - Sophos: cybe
Page 28 and 29: attack… attack POINT OF IMPACT IN
Page 30 and 31: attack… attack Amit Sinha, DigiCe
Page 32 and 33: cybercrime STAYING ABOVE THE WATER
Page 34 and 35: cybercrime crisis is behind us, the
Page 36: Computing Security Secure systems,

CS Jan-Feb 2024

Create successful ePaper yourself

Delete template?

Save as template?