Over the decades, our use of information technology has changed, give us more powerful ways of communicating and exchanging information with business associates, friends, and family. Unfortunately others who do not share our values and ethics see in this technology new opportunities to exploit us.
The largely invisible nature of information security threats makes these difficult to control. As a result the state of security on the Internet today is very poor, reflecting our culture's general lack of concern or interest. Some very simple protective measures will go a long way to avoiding serious problems, because the threats will go after softer targets.
Let's face it, our home computer environment is not NSA. We do not need their level of protection and we do not have their resources. But we do not want to have our computers misused to distribute spam, attack other Internet users and we do not want to have our identities stolen, and our financial or other personal information exploited by criminals around the world. Here are some simple things you can do when you set up your home computer
No-one likes receiving spam and other unwanted electronic messages. They clutter our mailboxes, consume server processing, storage, network bandwidth, and require time to review, recognize, and delete. All of this costs money
In response to this problem we have already implemented several significant improvements. All incoming email from the Internet currently is handled by the Exchange Server 2010 built-in junk-mail and anti-spam systems. You can adjust your settings using the built in junk-mail tools to designate specific types of messages as spam. They will be automatically routed into your Junk Mailbox for review as needed.
Earlier this year we have implemented several significant changes to counter the growing spam problem.
First, we have retired the legacy email@example.com domain and email addresses that are carry-overs from a hosting provider we have not used for over four years. Most of the messages still coming to these old addresses are spam, and our legitimate corresponents have had over four years to update their address books for our current addresses. Messages sent to the old addressse will become undeliverable.
Second, we have droped the use of the alternate firstname.lastname@example.org email alias since this compromises user login identities to intruders. The default email policy has always been the email@example.com format, but to smooth the transition from our legacy system, we supported the older address format as an alternate. This ended in January. Users who have a requirement to retain the legacy format will be given a new login account, to ensure that it is different from their email address.
The most important thing you can do is to protect your email address. If spammers don't have your address, they can't put you on their distribution lists. There is a very active market in mailing lists. Addresses are bundled by the thousands, sold, and redistributed among email mass-marketers, spammers, and criminal elements. This many of these operate on the global Internet, there is generally no-one who can curtail these activities once they have your email address. The Government and the Internet Service Providers are powerless against this plague.
The most effective protection is prevention. You can help in these specific ways.
Storing customer and company information on public internet servers violates both Government and company policies.
While, several Internet mail service providers such as Comcast or Gmail provide anti-spam capabilities, none of these webmail applications offers the full experience provided by Microsoft's Outlook Web App, and there is no reason to use them. Most of these use public shared Internet resources that lack the security and privacy provided by BCT systems. Additionally connecting these systems mixes business and personal information, exposing our information systems to exploitation.
Slaving your BCT account to external providers is a serious violation of BCT information security policy since it involves compromising your user account and Active Directory credentials to an untrusted third party and storing customer and company information on public Internet servers that are not accredited for this information.
Keep in mind that your Active Directory account is your single sign on for access to all BCT services including private web sites, protected file services, your electronic timesheet, and other systems requiring confidentiality, integrity, and authentication. It is your responsibility to protect your user credentials. If you choose to violate this responsibility, you expose highly sensitive customer and company information to exploitation by competitors and foreign Governments.
Remember, all of the home mail service providers are routinely compromised and cannot be trusted to protect BCT information and services.
No, this article is not really about fishing, but about the most common form of Internet exploits that we are seeing today. In fact, over 50% of all Internet attacks take a form called Spear Phishing. Phishing is an attempt to acquire information from a target by impersonating a person or organization in an electronic message and motivating the target to either open a malicious attachment or connect to a linked website containing malicious files. Spear Phishing refers to Phishing targeting specific individuals or companies.
Targets that open these malicious attachments or connect to these linked websites can have spyware installed on their workstations to compromise their usernames, passwords, address books, banking accounts, and other information sought by the perpetrators of these attacks. Compromised accounts are often used to distribute spam to new targets, often identified in the target's address books, people who will recognize the sender and open messages or attachments thinking they are from a trusted associate.
Spear phishing has become so predominant because of the ease with which it can be employed against anyone. All someone needs to have to attack you is your email address. They can get it from websites where you may have posted it or from your friends and business associates if their workstations are compromised.
Many of the spear phishing messages may look authentic and may include genuine graphics and content copied from the actual organizations being impersonated. these include banks, electronic commerce sites, PayPal, phone companies, Internet service providers, Federal Express, DHL, the US Postal Service, or similar businesses. The common thread to watch for is a sense of urgency in their message urging immediate or impulsive action involving opening an attachment or connecting to a website.
Others may include links to web sites that impersonate Canadian pharmacy sites or social media. Fake Canadian pharmacy sites are popular with the Russian mafia and are used primarily to harvest credit card numbers from unwitting customers. None of these sites actually sell anything; they exist only for large scale mining of credit card numbers.
Secondary markets have developed where stolen user accounts and credit cards are bundled into groups of thousands of entries and resold to other attackers. Malicious software is also developed and sold making it easy for anyone interested in engaging in this activity to acquire the tools and information they need to conduct their intended purposes.
Most Spear Phishing attacks are so naive that it is easy to dismiss them as serious threats; however their popularity with criminal organizations and hostile foreign agencies is the result of their success. These attacks are easily automated and conducted on a large global scale. The attackers only need a small percentage of these attacks to succeed in order to yield the desired results.
The best defense against Spear Phishing is prevention. Protect your email accounts from exposure. Use different accounts for different purposes. Delete suspicious messages without opening attachments or clicking links. Legitimate businesses such as Banks do not operate using email messages. Feel free to contact us if you have any questions or assistance.
This is an example of a typical fake Canadian web site, actually operated by the Russian Mafia to steal credit card numbers.
This is an example of a typical fake administrator message, actually operated by the Russian Mafia to compromise your system. Remember we never send security messages by emails, and we never use generic administrator accounts.
DSS's Center for Development of Security Excellence (CDSE) has released a new Counterintelligence (CI) Security short, "Suspicious Emails." This short provides learners with an opportunity to practice identifying what constitutes a suspicious email while increasing awareness about the importance of reporting suspicious contacts. To access the new CI short, go to:Click here to connect to the DSS CI Short on Suspicious Emails.
These videos produced by the Better Business Bureau provide more information about today's Phishing and Identity Theft threats.Better Business Bureau Video: Avoiding Internet Phishing
Today's computing environment is over-run with malicious software that attacks our systems in every aspect of our operations, including normal email and web activities. Many of these attacks are dinistinguishable from legitimate communications. The open nature of the Global Internet exposes all Internet-connected systems to continuous automated attacks. As a Defense contractor, we are specifically targeted by intelligence and cyber exploitation forces of hostile foreign Governments. Although our Federal, State, and Local Government agencies protects us against physical attacks, there is no-one protecting companies and citizens against cyber attacks. We are all on our own to protect our information and systems.
Our corporate solution is Symantec's Endpoint Protection technology instead of individual anti-virus systems. The benefits of this solution include enterprise managability, scaleability, and situational awareness. Within this architecture, all workstations, laptops, and file servers run an agent that communicates with our central server to maintain current attack signatures, monitor traffic, and scan stored files for malware. These signatures are continuously updated by Symantec's Global Threat Monitoring systems, ensuring that we are always on the look-out for the latest threat activities.