It's been a huge year from the POV of cybersecurity. The number and sophistocation of email scams we've seen in 2017 is a sobering reminder that cybercrime is a growing problem. One of the reasons that email scams persist is that they have a high success ratio. People can easily be taken in by the clever tricks that scammers use, and the malware these email attacks deliver can end up costing companies very large sums of money.
ASIC Email Scam
MailGuard intercepted an email scam on Tuesday that's meant to look like a message from ASIC; the Australian Securities and Investments Commission (see screenshot at below).
ASIC is the Australian Government body responsible for business-name registrations, among other things. This scam email is instructing the recipient to download a ‘certificate of registration,’ which is an MS Word .doc file attachment. We detected malicious macros in the .doc file, which are the mechanism for delivering the threat in this email scam...
>> Read the full blog post about the ASIC scam, here.
Go Via Brandjacked
On Wednesday MailGuard detected a malicious email linking to a fake Go Via invoice. At the time MailGuard intercepted this email, no other security vendors were detecting it. As you can see in the screenshot, this scam email advises the recipient that their ‘invoice statement’ is ‘available for download.’ The download link goes to an archived folder containing a malware payload, so the intention of this attack is probably to install a trojan of some kind on victim’s computers...
>> Get all the details on the fake Go Via invoice scam, here.
2017 was a cybersecurity Twilight Zone
A lot of people are justifiably nervous about what might be in store for us next year. Are we headed for a cybersecurity storm in 2018, or are we just entering an adjustment phase as we get to grips with the realities of the online world and learn to be better prepared?
The new GDPR regime will mean that data breaches like Equifax will attract penalties based on the number of records compromised and the rules stipulate fines up to 4% of a company’s gross annual revenue. GDPR is expected to change the culture around cybersecurity radically. Expert commentators are warning that the majority of CxOs will not be adequately prepared when the GDPR regulations come into effect so the regime may end up being very costly for ill-prepared companies.
In a recent interview GDPR lawyer Sue Foster said:
“The definition of personal data under the GDPR is very, very broad. So, effectively, anything that I am saying that a device picks up is my personal data, as well as data about me. So, if you think about a device that knows my shopping habits that I can speak to and I can order things, everything that the device hears is effectively my personal data under the European rules. And Internet of Things vendors do seem to be lagging behind in Privacy by Design. I suspect we’re going to see investigations and fines in this area early on, when the GDPR starts being enforced in May, 2018...”
>> Read the rest of the article, here.
Surviving the Rise of Cybercrime
Need some useful reading for the holiday season?
For a limited time, order your complimentary hardcover copy of the executive guide, Surviving the Rise of Cybercrime, by MailGuard CEO and founder Craig McDonald.
The guide provides a non-technical insight into cybersecurity for time-poor businesspeople.
In less than 60 minutes, gain an understanding of cybersecurity and what it means for your organisation. Understand the threat to your business with real-world examples, and become familiar with cybersecurity terminology.
>> Get your copy of Surviving the Rise of Cybercrime, here.