Daily Cyber News 09 Aug 17

  • Destructive Ransomware – Organisations should be prepared for more cyber attacks like what we have witnessed recently in regards to the WannaCry and Petya/NotPetya attacks. Rather than looking to encrypt and demand payment the new trend seems to be for the cause of destruction within computer networks. With the cyber tools/exploits released from the US National Security Agency, hackers are looking at news ways to develop and combine malware capabilities (i.e. ransomware and worm-like ability) for the most destructive result.Now more than ever must organisations ensure they have regular back ups for the critical data and Data Recovery Plans in place for if they are affected by a future attack.
  • Fake Tech Support – Scammers are now using phishing emails to lead potential victims to fake tech support websites. Masquerading as well-known brands (Amazon, Microsoft and LinkedIn), the fake emails pretends to be an invoice, cancelled order or a social media message that lead to a fake tech support sites that use various social engineering tactics (security popups, blue screen of death) to trick victims into calling and paying for unnecessary technical support. Train your users and note that Microsoft or any of the big brands will never proactively reach out to you to offer unsolicited tech support.
  • Cyber Security Policy and Your Staff – With companies struggling with the latest cyber attacks and trying to be prepared for the next attack it can seem difficult if not impossible to plough enough resource into your security department. However, you can make your cyber security policy work for you rather than against you if you follow these 9 do’s and don’ts for being cyber resilient. Follow the link for more information.1. Dont Blame the Victim in a Cyber Attack
1. Dont Blame the Victim in a Cyber Attack
2. Don’t cultivate a sense of paranoia about attacks and disconnect from the internet
3. Don’t shackle your team based on cyber fears
4. Don’t make excuses for not implementing the latest safeguards
5. Do encourage communication within your organisation when something happens or seems suspicious
6. Do testing and auditing of your security system so that you make sure people’s awareness is high
7. Do make sure that usability is central to your security posture
8. Do make sure your security measures are as invisible, automated and integrated as possible
9. Do remember that you have many opportunities to stop bad guys and prevent successful cyber attacks