There's A Simple Way To Protect Against Chinese Hackers
Cybersecurity firm Mandiant has concluded that the onslaught of complicated Chinese Tactics, Techniques and Procedures to exploit systems and run your business into the ground starts with just a click - in particular, your click.
Imagine this: The names and emails of your staff, to include your executives, are either listed publicly, or accessible via the web in a matter of five diligent minutes.
Once you're targeted, and a hacker has that info, he then signs up for a dummy email account, named after your boss, your Chief Financial Officer or your fellow worker (often all three). Then you start to get emails from those dummy accounts, containing language commonly seen in the workplace.
The tactic is called "Spear Phishing," and it relies the user and reflexive clicking.
On some occasions, unsuspecting email recipients have replied to the spear phishing messages, believing they were communicating with their acquaintances. In one case a person replied, "I'm not sure if this is legit, so I didn't open it." Within 20 minutes, someone in APT1 responded with a terse email back: "It's legit."
The solution to this is simple: calm down, breath, and hover that mouse. Most browsers and email platforms allow users to identify the exact email of a sender.
via Geoffrey Ingersoll
Rather, I should contact Henry and ask him if he's been using a new email account.
These emails can also come from other sources, like faux PayPal (subject: "account disabled!") or credit card dummy accounts.
Within these emails is usually a harmless looking word document or excel spreadsheet which actually contains malicious code.
Once the code has penetrated the system, it becomes markedly more difficult for IT Officers to clean up the mess.
So the simplest defense begins with education of employees and personnel, not to click reflexively on seemingly "legit" emails - first hover, verify the source - generally emails from coworkers are over company platforms. Same goes for credit card companies: they don't shoot customers sensitive account emails from platforms like @rocketfish.com.
Now this isn't a guarantee, but according to Mandiant, it'll go a long way toward guarding secrets. So be smart, be patient, and avoid the reflexive click - your business may depend on it.
- Beijing says it's 'natural' for the US to 'feel sour' after Boeing loses out to Airbus on $37 billion China plane deal
- Ukraine's drones are becoming increasingly ineffective as Russia ramps up its electronic warfare and air defenses
- Coinbase-backed Indian crypto exchange Vauld suspends trading, deposits and withdrawals amid market downturn
- 30 large reservoirs in India dip to a decadal low after erratic rains in June
- Tata Motors, Kotak Mahindra Bank, IndusInd Bank among stocks to watch out for on July 5
- Best face wash for men in India
- Bajaj in top gear, Hero flat while Maruti declines – here’s how Indian auto cos performed in June 2022
- Revenge shopping and revenge travelling trends are simmering down in India