Date icon
Date
16
November 2022
Clock icon
READING TIME
3
minutes

What You Need to Know About Detecting the Latest Cyber Security Threats

The second half of 2022 has been a turbulent time, with several high-profile companies experiencing significant cyber security attacks. This has resulted in company data, which includes personal data of their customers, being leaked to the dark web.

This has impacted millions of Australians, with identity documents being stolen, bank account threats, etc. These cybersecurity attacks have caused great damage to the companies in question, with fines being issued, huge internal investments required for forensic investigations, clean up, and damage control, in addition to massive reputational damage and loss of business.

It may be surprising, but the primary cause of data breaches is stolen or weak credentials and passwords. Companies invest large sums in hardware and software security solutions, but often overlook the best and first line of defense, their people. Providing staff with knowledge and training can not only protect them from identity theft but can prevent compromises of their company device or corporate data.

So, what should we do? A simple and effective tool readily available to all businesses is investment in a Security Awareness Training platform. These are designed to test and train users to detect malicious emails. These platforms generally offer a variety of different cyber security training programs for staff to complete and send out fake malicious emails to staff to see how they respond, testing their capabilities and keeping them alert. Using the results of this testing can help target users who need more training, assisting them in gaining the knowledge to protect themselves.

New Cyber Security Threats

Cyber attackers a real ways coming up with new methods to trick us into handing over our credentials or inadvertently giving them access to our machines. Below are some of the latest techniques they’re using, so you can learn how to better detect them and protect yourself from them.

1. Fake Login Pages

Cyber attackers will create a fake website that looks like the login page of other popular sites, like eBay, Facebook, Xero, etc. The concept to these is simple: make the user believe they’re logging into the real site. Once the user submits their credentials, these sites record the user name and password in a database and now have access to the user’s account at the real site.

How to detect

Check the address of the webpage and make sure it matches the address for the actual site. In the below example, the address is going to ‘ebay-126.com’, where the normal page would be ‘ebay.com’.

How to protect

If you don’t think the address looks right, or you’re not sure, browse to the website manually and login through there instead of logging in with the link. That way you’re avoiding the risk of using a fake site.

2. Office Security Prompt Imitation

Microsoft Office applications like Word and Excel have built in protections to prevent Office documents from executing malicious code and scripts on your computer. When these protections kick in, a yellow security dialogue will appear above the document. New attack documents are imitating these security prompts by making the first column of the document look like these security prompts.

These imitation security prompts will generally include instructions for the user to make the document ‘display correctly’, while what those steps will do is allow the document to bypass the built-in protection rules, allowing it to execute malicious code and/or scripts on your computer.

How to detect

Check to see if the security prompt is above the document, or at the very top of the document. A valid security prompt should always be above the document.

Real Security Prompt

Fake Security Prompt

How to protect

Valid security prompts will never include instructions to copy files into different locations. If you see any security prompts like this, assume the document is malicious, close, and delete the file.

 

Protecting Your Business

The unfortunate truth is that even with various preventative measures in place, cyber criminals are still profiting from successful attacks. So, it’s important to be proactive in building your cyber defenses, so you can be one step ahead.

Contact our team at Cloudwize today on (02) 5733 4000 to discuss how we can help support your business through our cyber security services.

You might also be interested in...

Transferring to the Cloud: The Perfect Storm

With IT equipment having a limited lifespan, it’s important to store your data in a reliable place. These days “the Cloud” is a great resource for clients to stow personal information.

Read Article

Cyber Security 101: Protect Your Business

Some 16 years ago I fell victim to a cyber-attack, and it taught me a lot. The good news is there are a lot of ways people and businesses can protect themselves and their data online from opportunistic attacks.

Read Article

Celebrating NAIDOC Week 2022

On behalf of the Cloudwize team, we particularly celebrate the achievements of our many Indigenous colleagues and friends and vow to play our part; to get up, stand up, and show up.

Read Article
See All Articles

Optimise your business IT

Get in touch with us and we’ll arrange a free initial consultation to talk about how we can help you optimise your company’s IT infrastructure.  

Arrange a Consultation Today
CARL