Valentine’s Day cyber-attacks could well be the beginning of an APT for enterprises!
It is that time of the year again. Cupid comes out to play with his arrows, love is in the air, pink takes over everything, roses are everywhere, and people hope to find their soul mate. When excitement is in air, cyber-criminals work overtime, get creative, and launch sophisticated attacks to empty your bank accounts, steal debit and credit card data, deploy spyware and malware, and ultimately, leave people heartbroken.
This year, cyber-attacks have assumed such grave proportions that the FBI has issued a Valentine’s Day advisory. It explains how cyber-criminals use social media platforms, mobile devices, emails, chat rooms, online shopping websites, and online dating sites to perpetrate scams to make quick money and to harvest online identities and credentials.
The criminals use a variety of techniques, and the most common are phishing attacks through emails, delivering malware through e-cards, flower and chocolate delivery services at attractive rates, fraudulent advertisements on online shopping sites and social media, bogus promotions, fake gift cards, iPad lucky draws… The list is endless.
In their quest to grab special occasion offers, people jump online to make purchases. Cyber-criminals capitalize on this shopping spree to rob unsuspecting users and hijack them to scam websites. They also perpetrate smishing attacks – sending SMS messages that contain links to malicious websites – and harvest all personal data entered therein.
Attacks affect individuals and enterprises alike
Some of the attacks perpetrated during special occasions like Valentine’s Day do not end immediately. They have long term repercussions. Phishing attacks especially can prove to be highly dangerous and lead to disasters not just to individuals, but also to the organizations they work for.
Three years ago, RSA, the security division of EMC, faced the worst security data breach in its history. The breach resulted in a loss of $66 million to the organization and colossal damage to its reputation. The attack originated through a simple spear-phishing email sent to a small group of employees, whose contact details were harvested from social media sites.
A phishing email with the subject line “2011 Recruitment Plan” containing a spreadsheet titled “2011 Recruitment plan.xls” was sent to the group of employees. The email had been crafted well enough to trick one of the employees to retrieve it from the spam folder, and open the attached excel file. The spreadsheet contained a zero-day exploit that downloaded a trojan through an Adobe Flash vulnerability.
The attackers then harvested credentials and managed to reach the computer of an IT administrator, which enabled them not only to steal top secret data, but also to transfer the stolen data to a compromised machine.
Most recently, during the 2013 holiday season, Target Corp., the third largest retail chain in the USA, fell victim of a similar attack, which is believed to have originated through a simple phishing attack on one of its contractors. The attackers delivered malware on Target’s payment system and siphoned off credit card and debit card data belonging to 40 million customers.
Valentine’s Day attacks could well be the beginning of an APT: Stay vigilant, review logs
Going by the present day threat landscape, the attacks perpetrated through various vectors on special occasions like Valentine’s Day may well be the beginning of an advanced persistent threat (APT) for many organizations. If an employee or a contractor falls prey to a simple phishing attack at the workplace, enterprise data might just be at risk.
Enterprises should sensitize end users and warn them to remain extremely cautious and vigilant. Users should transact only with trusted sites and should never open attachments on suspicious mails or respond to offers that arrive in a spam email, SMS, or instant message.
Security administrators of enterprises should diligently review sever access logs and firewall logs, which will help identify zero-day attacks through abnormal server behavior, network traffic, failed logins, multiple access attempts, user access, unusual data transfer, suspicious access routes, and other suspect activity.
Modifying end user and security administrator routines may not be the most romantic Valentine’s Day suggestion you’ll hear today. But it’s one that will fortify the security of the organization you work for and the people you work with. Think of it as your way of sharing the cyber-love.