From Brute Force to the Phishing Email: How Hacking Has Changed

Hacking has changed. Both in how they do it and why they do it. Before, it was individuals trying to use brute force to gain entry into your network. It was aggressive and LOUD. Think of the idea of using a missile to swat a mosquito, same thing. Most of the time it was to prove a point, that they could access your system and you couldn't stop them. Overall, for the most part, there wasn't the malicious intent that exists today.

Today, hackers still look to use technology, but they found an easier way in: You. Hackers use sophisticated social engineering attacks to access your network. They expose the weakest link in Information Security: People. The VP of the Compass Information Security practice, Adam Cravedi, uses a great analogy to describe this. He equates it to locking and guarding the front and back doors but not securing the windows. That's what these hackers do, they find the unguarded or open window and climb right through. This is done through the Phishing Email, Pretext Calling, and Email Spoofing. These methods are quiet and sneaky.

I mentioned before that why this surge in "hacking" is happening has changed. The goal today is all about money. This has become a business for nation states and organized crime entities. Why do these groups install Malware on your systems? They do it to steal your sensitive information. What do they do with that information? They sell it to make money. Why do these groups install Ransomware on your systems? Because they know that downtime is bad for business and that you will pay the money to get your files back. It's all about the money!

Let's take that a step further. Why do we see all of these different strains and variations of Ransomware out there? First, these criminals need to stay a step ahead of everyone. Second, they sell it to other organized crime organizations who make a few tweaks to the code and boom, another strain of Ransomware is in the wild. This also holds true for other types of malware as well but the point remains the same. The goal is to make money.

So what can we do to protect ourselves? Here are 2 steps you can take right now to reduce (notice I didn't say eliminate) your chances of falling victim to these tricks:

• Security Awareness Training and Testing of your staff. This is a "check the box" initiative for most companies to meet some compliance requirement. However, this is important. If Security Awareness Training is a consistent, relevant part of employee training as opposed to a once a year, "check the box" requirement, chances are more in your favor. The second part to this is to test your staff. Send them a fake email and see how many click on the link. We do this all the time for organizations and the results are shocking. Plus, isn't it better that you test them than some criminal? The results when you test them can become a teaching moment. The results when a criminal tests them can be disastrous. 
• Back Up your data off site and off-line. This is really, really important when it comes to Ransomware as it could mean the difference between operating your business or shutting down.

As a part of our monthly webinar series, we will be discussing all of these changes, what you can do to protect yourself, AND present a live demo of tools that these hackers use to "socially engineer" your employees. Based on all of this information and the demo, the webinar will be 60 minutes in length. Details and a link to register are below:

Event Details:

When: Thursday, September 29, 2016 @1:00 PM EST

Duration: 60 Minutes with Q&A Session