Sometimes a simple email may work for the bad guys
Why do hackers do what they do?
It is impossible to determine exactly why a threat actor hacks a system or sends a phishing email, but I did have to write 5000 words on it whilst at uni.
You will not have to read 5000 words, read just a couple of hundred to give you an insight into why they do it and what you need to do to respond.
Nationally sponsored cyber activities
Probably the easiest to define. Without going into the politics – governments carry out cyber attacks and cyber espionage to further their national interests. We do it, they do it, everyone does it. People with the right skills get hired and carry out the orders. You can get caught up in this type of hacking as collateral damage.
- Your company information may be stolen as part of a wider attack
- You may receive data wiper or ransomware malware by email because you have business dealings with target countries
This can get muddy when interested hacktivists get involved and carry out attacks in the name of the government they support. This has happened in the Russian Ukraine conflict on both sides.
- The amount of rogue malware going around goes up and the targets become less specific – and could include you
Top-tip for the New Year – get your back-up in order.
At the other end of the scale
There are the hackers who are looking for those of us who have had no training in email cyber security or have not heard of the Nigerian Prince Scam. These hackers send millions of emails all with a variation of “pay me a small amount of money and I will share my millions with you” scam.
Much of this dross gets caught by the various spam filters your email has to pass through to get to you – but some still slips though. Here is an example that got to my inbox over the Christmas period:
Now it does not take a genius to spot this one is a scam but what happens when it looks like an email from your bank, or HMRC or debt collectors?
Here are a couple of questions you should ask yourself to see if your cyber security is up to the job:
- Could you or your team spot a fake email?
- Do you have a “payment check process” in place that does not use email?
- Have you organised staff training to discuss the current tricks hackers are using to deceive the ill prepared?
If you have trouble with any of these questions, then make a New Year’s resolution to get your team signed up to our online training.
Clive Catton MSc (Cyber Security) – by-line and other articles
