Be extra careful of cyber attacks as summer vacation approaches
On the eve of the American national holiday, Kaseya, the American software company that develops software for managing networks, systems and IT infrastructures, was the target of an unprecedented ransomware attack. Chain stores in Sweden, schools in New Zealand, American SMEs… The attack targeted one victim, and more than 1000 of their clients were affected.
Although the scale of this attack is unique, it reminds us of this ever-present threat, especially during the holiday season and the school vacations. Phishing, slamming, spoofing, ransomware…what are the operating modes behind each of these attacks and how can we protect ourselves from them on the eve of the vacations?
The number of phishing attacks is soaring!
Phishing is an e-mail cyberattack based on spoofing. The goal of the person behind the attack is to pass off a fraudulent email as legitimate. In a phishing attack, the e-mail seems to come from a real person – a company, a person, a registry, etc. – known by the victim. Cybercriminals use the lack of vigilance of the victims to achieve their goals. It is therefore easy to understand why cybercriminals focus on holiday periods or school vacations to multiply their campaigns.
This is actually the reason for the surge in phishing attacks in 2020. The global pandemic situation has been the perfect playground for cyberattacks, which have doubled compared to 2019 according to the FBI’s Internet Crime Complaint Center (IC3) report.
Cybercriminals prove to be more resourceful everyday when it comes to trick their victim, by diversifying their modus operandi:
Spoofing attacks
Spoofing is an attack by which a person or a program pretends to be someone else by falsifying their data. It can be done by email, phone call, website, or even through the usurpation of an IP address.
Spoofing can be used to access a victim’s sensitive personal information such as passwords or account login information, with the objective of getting into their internal network system. It can also be used to redistribute traffic to conduct a denial of service attack and make a website unavailable.
Slamming attacks
Slamming consists in tricking domain name holders, like companies, in order to sell them unwanted services for their domain names through a rush payment. Posing as official entities such as Registrars, these cybercriminals ask for a domain name renewal, a Whois update, a transfer of holder, etc. These attacks force to take a quick decision, alarming about the urgency of the situation. For example, you may be told that your domain name is about to expire or that a third party has applied to register a domain name with your name.
Cybercriminals build campaigns that seem more than real, using technical vocabulary, logos or names of Registrars, etc. One need to be very cautious to be able to detect the true nature of slamming attacks.
Ransomware attacks
Ransomware is malicious software that threatens to publish the victim’s personal data or block access to it by encrypting the victim’s data. The victim must then pay a ransom to prevent the data from being published or to decrypt it.
Ransomware attacks are usually perpetuated via malware disguised as a legitimate file. This file is often found as an attachment in an email, and the victim is tricked into downloading and opening it.
How to protect yourself from these cyber attacks?
First of all, a few simple rules of precaution can protect you from this type of cyberattack:
- Never open an attachment file in an email if it comes from someone you don’t know or whose legitimacy is questionable.
- Beware of any e-mail, website, etc. that asks you for personal information or data.
- Verify the links before you click on them. Move your mouse over them to make sure they don’t link to potential malicious sites.
- Do not respond to an e-mail that pressures you to make a payment that you did not know about. Also, check the information given in the suspicious e-mail, and above all, do not proceed to any payment!
Beyond these few tips, some tools can improve email security and help protect against cyber attacks.
DKIM
DKIM (DomainKeys Identified Mail) is an email authentification method for the domain name of the sender of an email, DKIM works with the same principle of public key cryptography that strengthens online security protocols like SSL. DKIM is an essential feature in the fight against phishing, it allows you to strengthen the trust of recipients in your emails by affixing a digital signature.
At Gandi, DKIM is automatically activated when a new domain name is registered. When it comes to an already registered domain name, you can add DKIM to it in just one click!
SPF
SPF (Sender Policy Framework) is another email authentification method for the domain name of the sender of an e-mail. With SPF, domain name owners can define IP addresses from which they send e-mail. When a domain name has SPF enabled, a mail server that receives an e-mail from that domain name will be able to check whether the domain name has an SPF record. If the IP address of the sender of the email does not match, it will probably be marked as spam.
Generally speaking, it is necessary to be careful. Cybercriminals rely primarily on the possible gullibility and lack of vigilance of users. You should therefore always remain on guard when you receive a suspicious e-mail.
In addition, tools such as DKIM and SPF increase the security of e-mails and thus help prevent cyber attacks.
If you need help, please feel free to contact your Account representative or our Corporate Services team at corporatecontact@gandi.net.
Tagged in corporateSecurity