‘Invoicing’ Phishing campaign detected.

‘Invoicing’ Phishing campaign detected.

Quorum Cyber have received and remediated a number of attempted phishing attacks into our Big Red Button service within the last 24 hours. All of the emails have contained similarities suggesting a new campaign or at least a newer breed of attack is now being attempted.

For those who have not heard of it before, our ‘Big Red Button’ service provides complete coverage against phishing. We analyse potentially malicious emails, detect attacks and shut down malicious campaigns against our customers.

The attacks of the last 24 hours, like many other phishing attempts, requested the user clicked a link; however, in these instances the user was explicitly told that the link was to a JavaScript file. This file would then have to be run or saved and opened for the payload to execute. This is a change from more conventional phishing attempts wherein the attacks are masqueraded in the background and hidden from the user. Each of these attacks tell the user that code will be run in an attempt to alleviate concern and suspicion when they are asked to run a JS page rather than open a PDF of word document.

All of these emails also stated that they were ‘invoices’ for services, which can cause users to worry that they may have been a target of fraud aiding in the phishing attempts effectiveness.

Furthermore, at least two of the phishing attempts, both of which shared no links, are part of the same campaign, this is obvious due to the wording and the existence of the same Unicode character, ‘Â’, that had no reason to exist in that context (it is likely that this is an automated campaign and when converting text to html an error has occurred).

Most phishing attempts contain three things:

Trust/intrigue - Stating it was an invoice intrigues the user

Urgency - The user worries they may be a victim of fraud and are therefore careless in their haste to find a solution.

Request - The user is asked to click a link.

If you receive this kind of email:

  • please do not click any links if you are not certain of their origin;
  • alert co-workers and other members of staff to minimise the spread of the campaign;
  • if you have clicked the link alert a member of the IT staff for further assistance. It’s always better to be open about the potential threat and therefore part of the solution.

If you’re worried about Phishing attacks within your company we would be more than happy to talk you through your Cyber Security options.

The phishing tactics that are targeting your employees.

The phishing tactics that are targeting your employees.

Criminal activity now constitutes 86% of all reported cyber-attacks, and their techniques and tactics are becoming increasingly creative and sophisticated.

Here are examples of just two types of common attacks that are happening to businesses daily.

Spear Phishing

Spear phishing is a targeted type of phishing attack that targets an individual or group within an organisation and is one of the most prevalent now. In a survey conducted by Cloudmark, almost two-thirds of IT decision makers interviewed said spear phishing ranks as either their organisation’s top security concern or within the top three. In this type of attack, a hacker will attempt to gain an organisations confidential information through malicious emails that look like they come from someone that the recipient recognises and therefore trusts. When the recipient clicks on links or attachments this allows the attacker to enter and exploit vulnerabilities in your system.

CEO Impersonation Fraud

A recent report from the City of London Police’s National Fraud Intelligence Bureau (NFIB) shows that over £32 million has been lost to CEO fraud alone, a very generic low-tech type of phishing attack. This is particularly widespread in professional services firms where transferring large sums of money is not out of the ordinary. In this type of attack, a hacker posing as a high-level company executive will contact the company’s finance department or similar requesting a payment be made. Because the attackers spoof the executives actual email address the recipient is less likely to be suspicious of the malicious email and a large sum of money can be lost before anyone notices the mistake.

We Have a Solution

The security industry has traditionally focused on the two first steps of the solution: user training and testing, teaching employees how to spot a phishing scam. However, this does not help with dealing with a tailored phishing campaign and misses the chance to offer real protection and response. This has proven to be insufficient, as threats continue to slip through, leaving you open to attack.

Quorum Cyber was committed to solving this problem, so we developed Big Red Button, a service that provides complete coverage against phishing. We analyse potentially malicious emails, detect attacks and shut down malicious campaigns against our customers, helping businesses fight back.

Contact us to discuss your requirements http://www.quorumcyber.com/contact/

Threat Intelligence: What you need to know to stay secure

Threat Intelligence: What you need to know to stay secure

Threat intelligence is all the knowledge you can gather that will help you to identify and solve security threats.

It encompasses up-to-date information on security threats, new technology, new vulnerabilities; whilst also applying this to your specific company. Intelligence is holistic and then directive on what that means for you, how you can be proactive about securing your company against future threats, and the different practices that need to be implemented for this.

Why is this difficult?

The difficulty with threat intelligence, is that the landscape is ever-evolving and with continual new ways of hacking and new ways of defending being experienced, it isn’t an easy area to keep on top of.

Because of the saturation of information, it can be difficult to find meaningful information on how to set proactive measures to secure your company.

How to stay on top?

Your company has to shift its thinking, or build its foundation of thinking to an assumed breach mentality. From this it is important to set up a Security Information and Event Management (SIEM) system. This solution can track what is happening within your environment and make correlations between events so you are more informed on potential threats.

Attacks can be drilled down to either user based, application based, or infrastructure based threats. With so many methods of attack it is important to have a solution which collates eve the information that may seem unrelated to show if someone is attacking you over a range of types of threats.

Response isn’t enough!

To have the best and most robust practices, having a threat intelligence gathering solution and responding is just not enough to combat the quick and ever-evolving threat landscape. For a 360 strategy, you also need to proactively determine the threats most likely to affect your company and set in place precautionary measures to make those types of threats less likely to happen.

How to tackle this issue?

It can seem overwhelming to know where to start either implementing this strategy in your small business, or how to improve it in a larger business. Quorum Cyber can provide support in either strategy adjustment, or strategy building with the best talent in the cyber security community working towards making your practices more secure. Regardless if you are at the start of your security journey or it just isn’t working as effectively as you would like it to, we provide you with the right tools to tackle the attacks your company will face on a daily basis.

Small Businesses: You're 40% more likely to be hacked!

As a small business, it can be easy to feel you fly under the radar, rather than being a potential target for hacking.

However, you're actually 40% more likely to be targeted and the devastating effects of these incidents can be business-ending; with 60% of those targeted failing within 6 months of a cyber-attack.

This would indicate that it is critical to your business to develop a security strategy. One positive of being a smaller business is that implementing a tailored strategy is a lot simpler. Streamlining processes and building a solid foundation from the beginning is easier.

There are some easy processes you can implement now to start to create a culture of security within your business and your employees:

Keep systems up to date

One of the simplest measures you can take as a small business is keeping your systems up to date. An out of date computer is prone to security holes, crashes and is a gold mine for hackers; make sure all your systems are up to date and you have anti-virus software implemented.

Educate Employees

Your employees are probably your greatest risk when it comes to threat, but you can minimise this risk. Train your staff on the basics of security, don't have mass access to sensitive information, and enforce diverse passwords and Multi Factor Authentication.

Disaster Recovery Plan

Work out what you will do from the point of attack backwards, ensuring that you have a plan in place for all kinds of breaches. Thinking of all of the different types of threats you might be susceptible to and then how you will recover from each of them, who needs to be involved and what procedures need to be carried out. Having this plan is key to a solid security foundation; it is important to always iterate on this as your weaknesses can easily change, just as hackers are always evolving.

Preparation

Don't leave things up to chance, make sure you practice and refine. Having a security-first mentality is key, and so running drills often, spotting weaknesses and adjusting is good not only for your strategy, but for fostering this mentality within the company. It is very easy to feel less vulnerable to attacks when you're small, but as the figures show this is not true.

Outsourcing

Attempting to implement a solid security plan when you're a small business is no easy task. Considering time and money are usually not on your size when you're trying to scale, it could be an idea to look at outsourcing. Rather than focussing on initial costs of a consultant, but thinking of the amount that would be saved in the future, outsourcing could be a tactical investment early on.

Quorum Cyber understands the push and pull of being in a small environment where everything counts towards success. We believe in the analogy that a surgery patient wouldn’t choose their own scalpel, and we carry this principle into our cyber security consulting. It is about giving you the right tools to protect yourself and your business, education, support, and a tailored cyber security service for the level you require. We can provide a flexible security solution whether it is project based, or a complete strategy overhaul. Integrating with existing solutions you may already have invested in, to give you the best and most cost-effective solution and open up our network of expert professionals to guide you in your journey to ultimate cyber security!.

The Importance Of Having A Successful Incident Management System

Not everything is an emergency, but anything could become one.

This sentiment is the key reason why implementing a successful alert and incident triage within your company is important. All organisations will experience an information security incident at some point. Investment in establishing effective incident management policies and processes will help to improve resilience, support business continuity, improve customer and stakeholder confidence and reduce any financial impact. (Gov.UK)

Effective triage allows you to assess the incident rapidly and execute the correct protocol for that particular problem before it reaches a critical point. This involves understanding a myriad of security incident types, how the attacks could unfold and then the right response from your company to eliminate the breach.

How do you set up an effective triage?

Certain security threats will affect your company more than others, identifying these first can help eliminate ‘low hanging fruit’ thus allowing your business to formulate an appropriate strategy that is tailored to the most likely attack vectors.

Just some of the activities commonly recognised as security policy breaches by the ‘National Cyber Security Centre’ are:

  • attempts to gain unauthorised access to a system and/or to data.
  • the unauthorised use of systems and/or data.
  • modification of a system's firmware, software, or hardware without the system-owner's consent.
  • malicious disruption and/or denial of service.

In order to identify which threats are likely to affect your business you will need an overview of your entire system. Understanding how segregated parts of your network communicate allows deviation from this to be used as an indicator of compromise. Having an intrinsic knowledge of the ‘normal’ operating procedure allows a baseline to be created, which in turn allows anomalies to be treated with suspicion, this method is infinitely preferable to having an endless list of alerts because the lack of environmental awareness.

The key to response is simple, follow the attackers path and have a clear set of steps for each type of breach. This is crucial regardless of the attack type or method of exploitation, detect attack, follow the attackers path, and triage.

It is also important to be aware of mistakes from inside your company or threats which aren’t real - you don't want to waste time setting up an incident management system based on threats which are not the core issues that will affect you, with every system false positives are an issue; however, minimising them allows more effective incident response.

To help streamline this process and aid in setting up your system, Quorum Cyber can offer expertise advice whether it be on just one project or the company as a whole. To find out more, read about our services here.

 

 

‘Big Red Button’ Phishing Response Service

‘Big Red Button’ Phishing Response Service

Do you know how your company would respond to a phishing attack?

Phishing is a problem companies cannot afford to ignore. 76% of InfoSec professionals still report their organisations being victims of a phishing attack and 51% said the rate of attacks is increasing (Annual State of Phish Report). All of this despite a huge focus on employee education and training.

Technological challenges are changing on an almost weekly basis and phishing attacks are becoming increasingly sophisticated and creative e.g. a recent report from the City of London Police’s National Fraud Intelligence Bureau (NFIB) shows that over £32 million has been reported to be lost as a result of CEO fraud alone.

This got us thinking about how your cyber security services come into play.  Most anti-phishing services rely on internal education. But what happens if you are under attack?

We believe protection from phishing takes more than end-user training. At Quorum Cyber we have developed our ‘Red Button Service’ which provides you with the capability to effectively and efficiently respond to and remediate phishing attacks.

We provide an end-to-end phishing protection and countermeasure service. Our solution empowers your staff to send any suspicious email to our Cyber Security Operations Centre (C-SOC), where a series of proprietary technologies and a team of security analysts will respond to the attack, keeping your company protected.

The model is a simple per-month user basis, can be up and running in as little as 30 minutes, and can be shut down at any time. We offer this phishing protection as a standalone product or as part of a full managed security service.

Find out more here.

info@quorumcyber.com

0131 652 3954

Penetration Testing: Why Should You Care?

Penetration Testing: Why Should You Care?

Cyber security can encompass a huge range of processes. Whilst many of these processes are based on data, tools, and algorithms…sometimes you might wonder… what are the real-world implications of potential threats?

Secondly, you will want to have some assurance that the investment you have made in security is paying off and that the risk reduction you were promised in exchange for all that CAPEX budget is effective.

This is where penetration testing comes in. Simply put, it is the process of asking two question:

  • “What could someone do to harm my company today?”

and

  • “Could my company be used as a platform to harm my customers?”

Rather than focussing on estimates, predictions, and high-level reviews, the results of penetration testing are literal. A penetration test identifies and exploits the actual vulnerabilities in your applications and infrastructure using a team of highly-skilled, multidisciplinary, and creative people.

There are multiple different types of penetration tests you can run depending on what you want to test.

In its simplest form, you may want to validate that an outsider can’t break into your company by exploiting a vulnerability in your perimeter. Or you could be trying to test the effectiveness of your security team in detecting a compromise. Or maybe you want to understand how exposed your people are to being manipulated by skilled “social engineers” that can trick them into doing the wrong thing.

The combinations are only as limited as an attacker’s imagination.

Once all tests are carried out, you’ll have solid findings on key weaknesses within your company and a detailed analysis of the real-world impact of those weaknesses. It’s not enough to know your web server has an unpatched vulnerability or that your domain admin credentials are now “owned” by a malicious actor. The true value of a penetration test comes from translating those findings into critical business consequences such as loss of revenue, loss of intellectual property, capability to commit fraud, etc.

So back to the question, why should you care? Why should your company invest time and resources in penetration testing?

  • It enables you to make informed decisions regarding your risk reduction, by providing you with tangible and measurable assurance of your security spend; showing you where your investment was successful and where additional effort is needed.
  • It is similar to a fire drill and will give staff a real experience of dealing with a threat. This will give you an overview of weaknesses from offline to online within your business and processes. The more holistic you are, the easier it will be to target where to spend your efforts.
  • It will give you the opportunity to detect vulnerabilities and routes into your company you’ve never even thought of previously; a penetration test gives you an insight into the mind of an attacker, which in turn enables you to focus your efforts.
  • It enables your teams to go through the actual process of evicting an attacker. A lot of the time and effort is spent on how to detect and prevent a compromise, but not enough is done on the actual removal of a threat that is persistent in your network; a penetration test provide a real experience of doing that, reducing human errors, and preparing response teams.

While penetration tests are key to understanding the bigger picture of the threat landscape you operate in, they can be difficult to navigate and implement. It’s also very common for testers to overlook the business value that these exercises must, ultimately, bring to a company.

With Quorum Cyber, you will be supported by a team of experts, hand-picked due to their knowledge, experience, creativity, and ethics. 

To find out more, visit us here.

The Internal Threats You Can't Ignore: User Behaviour Uncovered.

One of the biggest problems within cyber security is the fact that most effort is spent analysing, preparing and defending against external threats. Whilst this is a key part of keeping your security strong against any cyber takedowns, it is important to take a more dynamic approach with your efforts. The internal threat is just as apparent as the external one, and making sure your cyber security strategy incorporates both threats will ensure you have 360 coverage.

 

Traditionally, internal threats have been monitored through tools that study the network activity produced from users (either employee’s or third parties granted access). Due to the fact insiders have authorisation within their day-to-day activity to secure information; the movement or harming of this can be easily undetected. This is where User Behaviour Analytics (UBA) steps in to provide a holistic way to tackle the 'insider threat' problem.

UBA is a proactive defense strategy using data that tracks insider user behaviour over multiple devices and inputs this into algorithms, it can assess the risk of user activity. This type of analytics coupled with the more traditional monitoring of network activity, enables a proactive and reactive process to inside threats, by firstly understanding the behaviour that is likely to lead to security breaches and then to be able to handle them swiftly.

The key in insider-threat is early detection, and this is why UBA has become such a buzz word within cyber security throughout the last year. Going beyond traditional IT data sources and incorporating actual human and social data is the only way to define motivations that can help inform what activities indicate threats before they are ever carried out.

Implementing this end to end security strategy can be complex, but with Quorum Cyber it doesn’t have to be. We provide expert consultants, valued and trusted talent, and are with you from beginning to end and beyond if required to ensure you are as secure as possible. Find out more here

Quorum Cyber partners with Percipient Networks.

Quorum Cyber are delighted to announce our partnership with US-based malware protection firm, Percipient Networks. We are now able to offer Strongarm as part of our Managed Services. Strongarm, Percipient's flagship product, is an efficient way to stop malware from damaging your business.

With clients facing smaller budgets and fewer in-house resources, Strongarm enables Quorum Cyber to offer an automated and scalable solution set at competitive price points.

 

The combined power of the two companies enables us to confidently undertake solid, useful malware monitoring, protection, and remediation, as well as help you reduce the burden of IT and Security resources either via our managed services offerings or by providing vetted and trusted resources.

“Setting up a complete security architecture to combat today’s advanced malware attacks requires significant capital expense as well as a staff of trained security experts”, said Joel Silberman, VP of Business Development and Strategy for Strongarm. “By partnering with Quorum end customers now have a fully managed service offering to keep their systems safe from Ransomware, Phishing and other forms of advanced malware attacks.”

The Quorum Cyber team has quietly, but determinedly, been investing in research and development to create a series of solutions that combine new technologies. The result is a service menu of Consulting, Transformation Delivery, Managed Services, and Flexible Resourcing that can scale to meet the needs of small SMEs all the way up to large Enterprise Businesses.