You can’t accuse cyber criminals of being lazy. Online fraud, theft and techniques to infiltrate business networks keep getting more innovative and sophisticated. The FBI says professional cyber thieves can now find each other easily online to join forces and pull off capers — it’s a very effective business model.
Here are some new tactics for you and your employees to watch out for:
If there’s more than one dot in a web address, pay careful attention. Someone can set up a Doppelganger Domain to steal emails or go on phishing expeditions.
If, for example, a company’s web address is us.company.com, then the Doppelganger Domain would be uscompany.com — identical except for the dot. The criminal who owns the Doppelganger Domain sets up a catch-all email server to receive mistakenly dot-free emails and can send imposter emails from uscompany.com if they want to go phishing for specific information. It takes a discerning eye on the part of the recipient to catch the missing dot.
How many Fortune 500s have an extra dot in their web address? About 30%.
Malware remains one of the most effective ways to steal information and use your own computers against you. A more (?) insidious example is a highly encrypted “worm” that makes itself at home in your operating system and hangs out there until it’s called into action.
Conficker is one such nasty worm. It’s self-replicating and has infected as many as 12 million computer operating systems worldwide over the past three years, thereby creating a gigantic “botnet.” A botnet is a collection of compromised computers that can all be controlled by a single remote source. Botnets can be used to steal and, in the hands of the epically vicious, to take down major systems like those that run banking, security, electrical grids and other critical services.
But sometimes botnets just send spam (which may or may not be loaded with malware). When two major botnets were recently brought down, Microsoft reported 64 billion fewer spam messages intercepted by its Forefront Online Protection for Exchange service each month.
The next time you hear a faint humming sound outside the office window, why not take a look? While it may sound far-fetched, using drones — or remote-controlled toy planes — to infiltrate business networks is actually an innovative twist on a tried-and-true strategy: detect and compromise wireless networks.
By loading the toy planes with tech equipment that can find and compromise networks and mobile devices, criminals can position their gear in all kinds of places they wouldn’t otherwise be able to access. The planes only cost about $400, are relatively quiet and can hover for a long time if they have solar-powered batteries. Researchers have even shown that drones can be used to create and control botnets, plus the “air gap” makes them harder to trace.
So remind your team that whether they’re working at their desks, in a hotel, at Starbucks or any other place, always follow your security policy when transmitting data. And if for some reason they must use email or a cloud-based service like Dropbox, encrypt the data first. You never know who may be hovering around.