Phishing has flourished in recent years for businesses of all sizes. The consequences can lead to a tarnished reputation and loss of business. Foreign secretary William Hague recently announced a global centre for cyber security will soon be opened at the University of Oxford, which will create a collaborative bank of knowledge giving countries a greater understanding of past attacks and the present threat landscape.
The availability of personal information via social media has made the hacker’s job a lot easier, this stresses the importance that businesses must educate their users to be vigilant at all times, especially in their personal online activities.
Commenting on the attacks to the Guardian’s twitter accounts and offering advice to other organisations to avoid such attacks, Wieland Alge, IT security pioneer, inventor of one of the most robust corporate firewalls and VP and General Manager EMEA, Barracuda Networks said:
“The form of the attacks on the Guardian is very common and extremely similar to those we saw on the BBC last month. Criminal organisations dealing in internet attacks now focus their activity where users are most active: social networks. Drive-by-downloads are an effective tool, as they do their damage with just a single click in a tweet or Facebook post.
“The most likely source of the attacks on the Guardian and the BBC is via social engineering – someone managing to obtain the password by fooling the user who keeps the password.
“You should always use hard-to-guess, hard-to-crack, unique passwords for your online accounts that you are not using anywhere else on the web. Some Security vendors offer free-to-use systems for users to avoid such attacks such as our Profile Protector, which scans for dubious objects and malicious links, protecting the user from attacks.
“Common sense will remain the first line of defence, but anyone surfing without the proper and up-to-date technical security measures risks falling victim to an attack through only a moment’s lapse.”
According to Arbor Networks, the human element it the weakest link. Darren Anstee, the company's Architect Team Manager shared his thoughts on the attack.
“Twitter recently announced plans to introduce two factor authentication, which is a big step forward from a security perspective. As this particular event shows, the human element is often the weakest link in any security solution. Social engineering, and more specifically spear phishing, has become an ever more common hacker infiltration mechanism. Targeted, advanced threats are a key area of concern for operational security professionals, with Arbor’s 8th Annual World-Wide Infrastructure Security survey showing that 13% of enterprise respondents experienced an APT in 2012, and 38% were concerned that they will be targeted this year. Organisations should put processes in place to ensure that their staff are trained on best practices and have the support and training needed to allow them to follow these practices easily during their normal working routine. Ideally network monitoring solutions should also be put in place to alert an organisation when a user system connects to a known bad actor on the Internet as this may indicate a compromise, allowing remedial action to be taken before there is any business impact”.
ESET puts a different slant on the breach, blaiming unencrypted sessions. David Harley, senior research fellow at ESET said: "It seems that not all account hijacks are based on phishing and spear-phishing. Sometimes tweets are sent out because an unencrypted session is hijacked and while this may not be the case in this instance, it’s sometimes convenient for service providers to assume that security breaches are the fault of the user.
“There are limits to what Twitter (or the user) can do about this issue. However, the risk can be reduced by browsing from VPN connections and/or accessing sites via SSL, but that's not always convenient. What might also help is not having a Twitter account running permanently in the background, but that may not be convenient for many Twitter users either.
“Additionally, it certainly can't do any harm to increase the user's resistance to social engineering via spear-phishing by warning them of the type of lure that may be used to persuade them to hand over their credentials by logging in to a fake site.”
The company's technical team leader, Mark James added: “The media industry is likely to receive a very high amount of fake and phishing emails about real and bogus stories every single day.
“To help mitigate against this type of attack, perhaps the use of disposable Twitter accounts would help but in reality the very nature of building a follower base would make those accounts almost useless. The only way to make it harder, other than stopping it happening, which is virtually impossible, is definitely through user education. Additionally, using “dirty machines” to test leads and links before passing to “cleaner” accounts could also help weed out some of the dodgy links.
“Furthermore, using strong complex passwords can help, along with strict guidelines on what and where you connect to receive and transmit tweets and having tighter controls on apps and websites that can tweet on your behalf, should also be maintained. All too often, we are presented with software that wants to access our social media accounts to do simple tasks but they may allow deeper access through alternate means when compromised themselves.”
StoneSoft looks at the wider issue of what the consequences of being against the Assad regime has in cyber-space. Jarno Limnell, director of cyber security at Stonesoft commented:
“These attacks suggest that anyone who appears to be against the Assad regime is a potential target of the Syrian Electronic Army (SEA). This can be seen in the recent high-profile attacks the group has launched against organisations such as the White House, Associated Press (AP) and the BBC, to name a few.
“What their activities show us is that cyberspace is an important part of every contemporary conflict and the severe effects cyber-attacks can have globally, for example, the impact the White House tweets had on the Dow Jones falling over 140 points.
“Information is both an asset to be protected and a weapon to be used for offense and defence. Fight over images and truth has merely intensified in the era of cyber conflict. Syria’s cyber conflict has given rise to the SEA as being an actor capable of influencing global politics. The question is, how much more is the SEA capable of?
“The conclusion to be drawn from the effects of Syria’s cyber conflict is that the use of cyberspace needs to be seen as an integral part of any contemporary and future conflict. What form it does and will take in each situation remains to be seen, but its effects are and will be felt in the physical world too.”