Intro: As modern day technology advances, so do the techniques of those who wish to exploit it by gaining unauthorised access to data or material. This is known as ‘hacking’ and the perpetrators as ‘Hackers’. The art of hacking has now developed with the times; as more stringent security methods are put into place, hacking methods evolve.
Challenge: Data is now a huge commodity and is sought after by some of the largest companies such as Google, Microsoft, Tesla and Apple; to name a few of the more known entities. But why? How has something that is contained within circuitry be considered by some to be more profitable than oil?
Tech giants get paid, whether directly or indirectly, to get you to see something; whether that be information or a product. For example, have you noticed that you’ve browsed a pair of shoes once, and now the same shoes pop up as an advert on various unrelated websites you visit? That is a single example of your data being processed and being manipulated into targeted adverts, based on your browsing and conversations (Yes, they can monitor them too).
There are however, and unfortunately, more unsavoury characters who will wish to gain access to your more private data. This can be inclusive of login information and passwords, banking information, details and address, work information, access codes or any and all of the private and confidential information you have access to. The motives and goals of the Hacker may vary, some may wish to steal data or infrastructure, some may seek ransom or payment and some may wish to disrupt service and sabotage.
Within Bibby recently, it was found that a previously deactivated email domain had sent an email with attachments to a department within Bibby Maritime. An eagle-eyed member of the team noticed the changes in the email, as they were outdated and not the same as the current email assigned to the individual. It was swiftly dealt with, and IT informed the department of the attempt. This is an example of Phishing and impersonation. With Phishing, here is a list of the five most common cyber-attacks today;
- DDOS Attacks
- Computer Viruses
- Attack Vectors
Phishing is the fraudulent practice of gaining sensitive information by disguising oneself as a trustworthy entity. Bibby was quick to act and prevent any information leak from the aforementioned Phishing attempt. Unfortunately Phishing is not contained to a singular media, one example being email. It has developed to accommodate the variety of devices that may be used in today’s society.
Vishing – This is ‘Voice Phishing’, conducted by phone and the scammer will try to obtain information such as PINs, payment details and account details.
Smishing – This is ‘SMS Phishing’, which is an increasingly more popular means due to our increased reliance on smartphones. Had a text about a tax rebate? A prime example of Smishing.
Spear Phishing – Unfortunately this does not involve free diving and spear guns. This is when a hacker will specifically target someone or a company with the intent of financial gain or insider information.
This type of hacking relates to malicious software that is designed to deny access to files or a system or the threat of releasing information of the victim, unless a ransom or payment terms are met. There is no guarantee of gaining access back, or if data won’t be destroyed by the hacker, paid or not.
This is a Distributed Denial-of-Service, which means the hacker will overload or disrupt a website with more site access requests than it can handle. This is usually done as an act of revenge or as a distraction to take focus away from another attack.
This is a malicious code or program that is written to alter the way a computer operates and is designed to spread from one computer to another without the victim’s knowledge by:
Opening an infected email attachment
Clicking an infected file
Visiting an infected website or clicking an advertisement
Plugging in an infected USB
USB’s may also contain other spyware such as key-logging abilities that record information typed onto a keyboard.
The following attack vectors are used to gain access to a network or computer to infect it with malware or gain information:
Driveby – This is when a victim will access a website or link, legitimate or not, that has been infected.
MITM – This is when a hacker will alter the line of communication between two persons, essentially becoming the ‘Man in The Middle’. They will impersonate one or both of the victims to gain access to their data, whilst the victims are unaware that they are in fact talking to a hacker, and not their intended recipient.
Zero-day attack- This is when software contains vulnerabilities due to a lack of an update or a patch that has yet to be released by the developer.
Solution: After software and firewalls, educated and informed employees are the best line of defence against the above attacks. Bibby held a short seminar regarding cyber security and how we must be vigilant in our computer usage. To reduce the risk of the aforementioned occurrences happening, we concluded that simple yet effective methods such as the following should be practised;
Passwords – a good password with a varying degree of letters, numbers and characters is a strong start. Many persons use a blanket password for all their devices or a password that is related to their family, pets, or sports teams. Passwords should be changed at regular intervals and should not be repeated.
Emails – Emails are easily mistaken to be something they are not, therefore, it is imperative to always check the legitimacy of the sender, the tone of the email, be aware of attachments and links.
Websites – Do not enter websites which are deemed to be unsecure by your firewall, and do not click links or images which seem suspect.
Software – IT Technicians should ensure all software and systems are up to date and data is backed up. Personnel should not try to download or change software settings.
Phonecalls – Do not give any personal or corporate information over the phone to someone unverified. If in doubt, hang up and call an official number off an official document or media from the company.
Devices – Do not leave your computer or laptop unattended or open to viewing from the public. If you leave your desk, lock it before leaving.
If in doubt about security related matters, speak to your department head and report any suspicious activity or emails to your IT department.
Bibby Maritime is happy to promote safe practises for internet and device usage, whether that be for company or personal reasons. We look forward to what next month brings.