by Sameer Sule
Most of you might have heard the recent news about Google that hundreds of Gmail accounts were compromised in a “spear-phishing” assault — targeted attacks that duped victims into revealing their Gmail passwords through e-mails that pose as people or companies known to end user. Attackers secretly reset settings to copy and forward all e-mails.
“The goal of this effort seems to have been to monitor the contents of these users’ emails,” wrote Eric Grosse, engineering director of Google’s security team, on the company blog. In the latest Gmail attack, users were given a link to click that connects to what appears to be Gmail logon page — but instead is a dummy site that appears identical. Once the victim clicks in their password, the thieves can use it themselves. Google has advised Gmail users to improve their e-mail security settings by using a two-step authentication procedure — a password, plus a rotating six-digit code. “One of the things Google is now recommending is industrial strength security measures for ordinary users,” said Andrew Lih, professor at University of Southern California and author of “The Wikipedia Revolution
Hotmail and YahooMail have been the target of recent attacks as well.
“Adobe announced that a recently patched vulnerability in its flash player on Sunday is still — despite an out-of-band rollout on Sunday — being used to hack into the accounts of Gmail users.
Trend Micro identified issues with Microsoft’s Hotmail accounts in this report. In the Hotmail situation, hackers are apparently using embedded scripts to get usernames and passwords. In this sense, a cross-site scripting vulnerability similar to that exploited in the Gmail incursions is employed to break into Hotmail accounts.
As far back as March, Yahoo! Mail was also an apparent target of attackers who, instead of using cross-site scripting tactics, use an infected spreadsheet file. The corrupt attachment is specially crafted to turn the popular Microsoft Excel program into a weapon against Yahoo! Mail users unfortunate enough to open the document — which exposes their system to risks such as the threat of personal identifiable information ending up in the hands of hackers.
What this trend suggests is that hackers are hitting up popular e-mail accounts usually accessed in a Web browser session. These e-mail accounts, as opposed to a Microsoft Outlook or secure client-side e-mail account like Outlook, can be accessed from any computer, anywhere and are thus vulnerable as any other destination on the Web.”
Security experts are discovering that SMBs tend to have less or inferior security protocols in place to counter cyber-attacks. Many SMBs are particularly vulnerable, as they do not feel the need to or cannot afford to deploy business class firewalls or use email systems that offer encryption/anti-spam protection. It is very tempting for a small business to use free email services to keep costs down. Google, Hotmail, YahooMail, and other personal mail services do not offer the same protection against spoofing and malware as do enterprise systems. Additionally, many workers tend to take their work home with them and are in the habit of sending emails from their business accounts to their personal accounts so they can read it at home. Now if the personal email is hacked, your sensitive company data is potentially available to the hacker. Imagine if a hacker/competitor got hold of your business contacts, proposals and other sensitive documents and used it to damage your business. For a SMB, the loss of critical business data can be catastrophic and may even result in business shutdown.
As a business, it is critically important to be aware of the vulnerabilities of your IT systems. Conducting a Network Audit or a Security Assessment is crucial in identifying the potential points for a cyber attack. Additionally creating best usage practices for email, data and internet usage, training employees on proper usage and strictly enforcing the best IT practices will go a long way in keeping critical business information safe and your business operations stable. Domitek helps SMBs use technology to be more successful and efficient. We also provide affordable, hosted email services including anti-spam, email security, Live Archive and encryption for compliance with Massachusetts state privacy laws, federal privacy and data protection regulations such as HIPAA, GLB, FINRA, SOX. If you have any questions regarding your network security or email systems please gives us a call at 508-755-6503.
Author: Sameer Sule is the VP of Business Development, for Domitek LLC. He focuses on business opportunities in the Managed Services and Cloud Computing arena and helping his clients use technology to be more successful and efficient.