Friday, October 24, 2014

PHISHING, in capital letters

PHISHING. Neither fising, nor phishing or fishing. Note the capital letters. This will be the topic today for the daily CIGTR’s article. PHISHING is the order of the day. In fact, it is the Trojan Horse of many cyberattacks. Are you ready? Let's start.

Three out of five Spaniards are hit by some kind of digital attack, but only one of them is aware of what is happening. This would be the summary of the "Study on Cybersecurity and Trust in Spanish households" conducted by both ONTSI and INTECO in the framework of the Digital Agency for Spain and the Trust on Digital Environment Plan. These attacks come from different channels (WIFI insecure networks, social engineering, email...) and are usually aimed to gather information to impersonate the user in banking services and social networks.

Moving from Spain to Latin America, let’s have a look to the evolution of botnets on three countries: Colombia, Ecuador and Venezuela. Botnets like VBS and Dorkbot are the most common, both focused on Windows systems. Even though up to 36 different families can be found in these countries. Java, Visual Basic, JavaScript and Perl are the favourite computer languages to cause chaos, keyloggers and PHISHING modules are among most used tools.

OS X, Apple’s desktop OS is another pursued target, and yes, it is also vulnerable. Ventir is a new Trojan hidden on disreputable apps that records any user’s action (eg, keyboarding) and sends it on text files to attacker’s servers. Credentials theft, identity theft. Ring a bell?

User has weaknesses, so attackers usually take advantage of them when a particular situation comes out? A external service for Gmail called Google Inbox, which has been developed by Google, proposes an evolution of the traditional email service. For now users can only access by direct invitation from Google. This has been exploited by a few cybercriminals to send a PHISHING campaign allegedly from Google, which asks users to log into a (fraudulent) page to start using the service.

You may be thinking "This will never happen to me", so you should read these PHISHING cases from two different users who were affected yesterday. The first of them was a self-employed who found out that there was someone impersonating him on his email (and asking to send money to foreign accounts) alerted by  his bank’s risk management department.. The second one was a company which discovered that the payment owed by another company for its services, unfortunately, ended up on the hands of someone else ...

Let’s put an end here listening to the wise words of cybersecurity expert Keren Elazari at a TED talk on the role of hackers: to be the Internet’s immune system. We could not agree more with her. So watch out for PHISHING!


Post a Comment