While some people have returned to working in an office, it seems that the majority have not. Looking back, the pandemic will likely have been a turning point for many things around the world, and the rhythms of office-centered worklife will be something that will never return to the old ways.

With this increased flexibility employees are not just working from home behind consumer-grade Wi-Fi routers; they are also spending part of the day at the park or coffee shop, or perhaps even having a “working holiday.” Those in charge of protecting enterprise assets have to assume these endpoints are always in hostile territory.

Even before the pandemic, organizations working toward improving their security maturity were often trying to “push left.” What is pushing left? At its most basic level it means moving things closer to the start. It originates from software development where the stages of the development process are conceptualized from left to right, left being the beginning. In applied security we also use the term “pushing left,” but rather than referring to the software development process we are referring to the attack chain, which moves from reconnaissance on the left through action (exfiltration or other attacker goal) on the right.

For many years, the most comprehensive security strategies have involved defense in depth. The idea is that not all technologies are suitable for detecting a given threat type, so it is best to deploy them in layers. These layers often directly correspond to how far “left” something is in the attack chain. If you can detect something at the network border through your firewall, email, or web filters, you have contained the threat before it has any negative impact on operations.

Ideally you want to detect and block an attacker as far left as possible, i.e., as early as possible. Pushing detections left also alerts security analysts that an intrusion may be underway, initiating more focused threat hunting to anticipate gaps in defenses your attacker may be attempting to exploit.

For employees at the office, you can centralize control of these defenses and provide optimum protection. The question is, are you able to provide the same protection for remote workers regardless of their location? Can you monitor and respond to threats being detected on those assets when they are out of the office? As many have observed, this did not work as well as we would have liked when we all went into lockdown, many of us without a plan.

While there are still many benefits to monitoring the network when you have control of it, including reduced endpoint overhead and the ability to keep threats at a distance from sensitive assets, we need to ensure we can take as much of this protection as possible with us when we are out and about.

We must ensure not only that protection is optimized, but also that we don’t lose our ability to monitor, detect, and respond to attacks targeting these remote assets. Most organizations have moved to utilizing EDR/XDR solutions (or plan to in the very near future) , which is a great start, but not all solutions are comprehensive.

In the remote-work era, insufficiently protected remote users can encounter plenty of issues – malicious URLs and downloads, and networks attacks, to name only the most mundane – that in the Before Times would have been handled by machines guarding the corporate “fort.” The biggest missing components when users are “outside the fort” are HTTPS filtering and web content inspection of the sort that is typically implemented within next-generation firewalls. When you add these technologies to pre-execution protection, behavioral detection, machine learning models, client firewalls, DLP, application control, and XDR, you are starting to look at a comprehensive stack of defenses for attackers to overcome – even if the endpoints themselves are now free-range.

For initiatives like zero trust network access (ZTNA) to be effective, we must not only wrap the applications we interact with, but we must also wrap the endpoints that connect to them. Simple checks like whether the OS up-to-date and whether it has security software installed may be a good start, but not all protection is created equal.

With most devices being connected to the internet whenever they’re in use, we can leverage the power of the cloud to help provide ubiquitous protection and monitoring. Modern security solutions must assume the endpoint device or phone is in a hostile environment at all times. The old idea of inside and outside is not only outdated, it’s downright dangerous.

Source: Sophos

These Apps -Known as Fleeceware- Take Advantage of App Store Policy Loopholes and Coercive Tactics to Overcharge Users for AI Assistants.

Sophos, a global leader in innovating and delivering cybersecurity as a service, today announced that it had uncovered multiple apps masquerading as legitimate, ChatGPT-based chatbots to overcharge users and bring in thousands of dollars a month. As detailed in Sophos X-Ops’ latest report, “FleeceGPT’ Mobile Apps Target AI-Curious to Rake in Cash,” these apps have popped up in both the Google Play and Apple App Store, and, because the free versions have near-zero functionality and constant ads, they coerce unsuspecting users into signing up for a subscription that can cost hundreds of dollars a year.

“Scammers have and always will use the latest trends or technology to line their pockets. ChatGPT is no exception. With interest in AI and chatbots arguably at an all-time high, users are turning to the Apple App and Google Play Stores to download anything that resembles ChatGPT. These types of scam apps—what Sophos has dubbed ‘fleeceware’—often bombard users with ads until they sign up for a subscription. They’re banking on the fact that users won’t pay attention to the cost or simply forget that they have this subscription. They’re specifically designed so that they may not get much use after the free trial ends, so users delete the app without realizing they’re still on the hook for a monthly or weekly payment,” said Sean Gallagher, principal threat researcher, Sophos.

In total, Sophos X-Ops investigated five of these ChatGPT fleeceware apps, all of which claimed to be based on ChatGPT’s algorithm. In some cases, as with the app “Chat GBT,” the developers played off the ChatGPT name to improve their app’s ranking in the Google Play or App Store. While OpenAI offers the basic functionality of ChatGPT to users for free online, these apps were charging anything from $10 a month to $70.00 a year. The iOS version of “Chat GBT,” called Ask AI Assistant, charges $6 a week—or $312 a year—after the three-day free trial; it netted the developers $10,000 in March alone. Another fleeceware-like app, called Genie, which encourages users to sign up for a $7 weekly or $70 annual subscription, brought in $1 million over the past month.

The key characteristics of so-called fleeceware apps, first discovered by Sophos in 2019, are overcharging users for functionality that is already free elsewhere, as well as using social engineering and coercive tactics to convince users to sign up for a recurring subscription payment. Usually, the apps offer a free trial but with so many ads and restrictions, they’re barely useable until a subscription is paid. These apps are often poorly written and implemented, meaning app function is often less than ideal even after users switch to the paid version. They also inflate their ratings in the app stores through fake reviews and persistent requests of users to rate the app before it’s even been used or the free trial ends.

“Fleeceware apps are specifically designed to stay on the edge of what’s allowed by Google and Apple in terms of service, and they don’t flout the security or privacy rules, so they are hardly ever rejected by these stores during review. While Google and Apple have implemented new guidelines to curb fleeceware since we reported on such apps in 2019, developers are finding ways around these policies, such as severely limiting app usage and functionality unless users pay up. While some of the ChatGPT fleeceware apps included in this report have already been taken down, more continue to pop up—and it’s likely more will appear. The best protection is education. Users need to be aware that these apps exist and always be sure to read the fine print whenever hitting ‘subscribe.’ Users can also report apps to Apple and Google if they think the developers are using unethical means to profit,” said Gallagher.

All apps included in the report have been reported to Apple and Google. For users who have already downloaded these apps, they should follow the App or Google Play store’s guidelines on how to “unsubscribe.” Simply deleting the fleeceware app will not void the subscription.

Learn more about these scam ChatGPT apps and how to avoid them in ’FleeceGPT’ Mobile Apps Target AI-Curious to Rake in Cash on Sophos.com.

Source: Sophos

With the threat landscape expanding and criminals taking advantage of security gaps, organizations are turning to controls that can help them limit their exposure. Among other controls, penetration testing stands out because it simulates attackers’ malicious activities and tactics to identify security gaps in business systems or applications. A penetration test aims to understand what vulnerabilities are in business systems, how they could be exploited, and the potential impact if an attacker were successful. Because pen tests thoroughly investigate vulnerabilities, the scope of each pen test must be limited and may differ from test to test. Pen tests take on two different types of perspectives: internal and external. In this blog, we will examine what internal and external penetration testing is, who conducts these tests, and why organizations need both.

Getting Past the Perimeter: External Pen Testing

The 2023 Pen Testing Report revealed that 77% of security professionals pen test their external infrastructure. Essentially, external networks encompass all public-facing assets—including the internet at large. Additionally, many organizational applications, like mail servers, websites, or even customer portals maintain a connection to these external networks and can also provide a doorway from which a threat actor can pivot.

External penetration tests are typically what people think of when they hear about pen testing. These tests use the same techniques as adversaries to attempt to exploit weaknesses in an organization’s front facing perimeter or attempt to bypass them altogether with strategies like a phishing campaign or other social engineering methods.

Thinking Beyond the Initial Breach: Internal Penetration Testing

This year’s report also showed that 73% of security professionals pen test their external infrastructure. Internal penetration tests take on the role of an adversary who has already gained a foothold within the corporate network and is looking to elevate privileges to move laterally, gain further control and cause more damage. These assumed breach scenarios also deal with security gaps that such an attacker could exploit.

Internal attacks can originate from malicious insiders or compromised users like careless employees, insecure third-party vendors, and even clients or customers. Internal threats can be anything from bad hygiene habits, like weak passwords and poor access controls, to system and app misconfigurations and insecure endpoints. The Verizon 2022 Data Breach Investigations Report indicates that human errors are responsible for 13% of data breaches.

Though many think pen tests concentrate on an initial breach, it’s just as important to deploy tests that focus on what happens once someone is already inside the perimeter. Since such attacks start with internal access, they may attempt to achieve more high-value objectives including acquiring high-level privileges, compromising the Domain, or accessing other valuable assets and/or information. Because of this, it is crucial to identify and prioritize these threat vectors.

Who Should Be Conducting These Pen Tests?

Though it’s easy to think that in-house teams would handle all internal tests and external/third party teams would handle external tests, this is not the case. Both teams can conduct internal and external pen tests.

The one exception may be physical pen tests. These external tests involve attempting to gain entry to a physical facility, system, or network by exploiting weaknesses like doors, locks, cameras, or other access controls. Third parties tend to be the only teams that complete such assessments. 36% of respondents to the pen test report used third-parties for such services.

Otherwise, using both types of teams simply provides the capability to conduct more tests. Internal teams can conduct routine tests more often, while third-party services are solicited to provide a fresh prospective and different skill sets.

Creating a Holistic Pen Testing Strategy

Though organizations have to make tough choices when deciding what tests they have the time and resources to run, one of the most important criteria to consider is whether you’re balancing internal and external tests.

Only testing externally overlooks vulnerabilities that can be exploited by a malicious insider or a compromised account. With strategies like phishing more popular than ever, it’s critical to remember how easily insider access can be attained. However, only testing internally can inadvertently leave a door wide open for an attacker to get in without much difficulty.

Ultimately, by conducting both internal and external pen testing, organizations can gain full visibility into their security posture and ensure that they are adequately protected. The pen test report showed that in 2022, internal environments were regularly tested 14% less than external environments. With a gap of only 4% in 2023, it’s encouraging that this year’s pen testing report show that organizations are better understanding this balance.

Source: Core Security

Security adviser Roger Grimes once famously wrote, “To beat hackers, you have to think like them.” Grimes explained that security professionals should step into the attackers’ shoes and seek how to break into corporate systems, discover weaknesses, and create robust security countermeasures. Walking the walk of an attacker is what penetration testing is all about.

What is In-House Pen Testing? 

In-house pen testing is, quite simply, when any pen testing efforts are deployed from within an organization. Instead of (or in addition to) hiring a third-party service, businesses can run their own pen tests to assess the state of their security.

Though some think a full, dedicated in-house pen testing team is needed in order to run a successful pen testing program, organizations can start small, with just one employee or security teams taking on pen testing duties. Organizations can utilize penetration testing tools that have automated features which can be used by security team members who may not have an extensive pen testing background. These tools can be used for tests that are easy to run, but essential to perform regularly, like validating vulnerability scans, network information gathering, privilege escalation, or phishing simulations.

According to the 2023 Penetration Testing Report, it’s clear organizations realize the importance of internal penetration testing since 48% of the 2023 Penetration Testing survey respondents have in-house teams. This percentage marks a 7% increase compared to the 2022 results.

Why Do Organizations Have In-House Pen Testing? 

Having in-house pen-testing capabilities can quickly expand efforts, allowing for more frequent tests and coverage of a broader scope of the IT infrastructure. It also ensures that changes to the infrastructure are more efficiently assessed to ensure new security gaps aren’t created.

According to the report, organizations conduct penetration testing for multiple reasons. 69% report that they perform pen tests for risk assessment and remediation prioritization. By having internal knowledge of the organization, teams can tailor remediation plans knowing what the available resources are and their limitations. They can outline the best and most effective changes that are also achievable and help implement them.

58% reported using in-house pen testing for regulatory compliance mandates and 40% for company policy requirements. Having an in-house pen testing capabilities ensures that these standards will be met and won’t fall through the cracks. With continuous testing, organizations can far exceed the bare minimum conditions of a mandate or regulation.

Reasons for Penetration Testing

No matter the driving reason, it is essential not to pen test to check a box. Businesses should take the next step forward and take all necessary steps to mitigate identified weaknesses. A pen test program does not end with discovering vulnerabilities; a formalized program can help organizations achieve maximum coverage and impact.

Every pen test involves several steps, from scoping and intelligence gathering to threat modeling, analysis, and reporting. However, the specific goals, methodology, conditions, and targets can differ quite a bit depending on whether the organization chooses in-house or external penetration testing.

The Challenges of In-House Pen Testing 

While in-house pen testing appears to be on the rise, 52% of organizations do not have an in-house penetration testing team. Many factors contribute to this finding, the most important being the lack of required talent.

The skills gap is a persistent issue in the cybersecurity industry, affecting the establishment and staffing of penetration testing teams. In fact, according to the (ISC)² 2022 Cybersecurity Workforce Study, the cybersecurity workforce gap has grown more than twice as much as the workforce, with a 26.2% year-over-year increase.

In addition, the tech and cybersecurity sectors have been massively affected by The Great Reshuffle, which created further challenges in retaining staff. In a field with so many job openings, there wouldn’t be uncommon to be more turnover and instability in any team building.

Other factors affecting the organization’s ability (or decision) to maintain a pen-testing capacity are the lack of leadership buy-in and the consequent lack of required funding. These findings, coupled with the response that there is insufficient need, may indicate a lack of perception and prioritization.

Using Tools to Deploy In-House Pen Tests 

Using pen testing solutions can help organizations overcome many of these challenges. While the skills gap may prevent an organization from being able to find and hire advanced testers, security or IT professionals don’t need have much experience with pen testing if they’re aided by effective tools. An automated commercial pen testing tool, like Core Impact, can guide them through routine tests and techniques. These tools can also be deployed without adding to your headcount, making them a cost-effective way to show the benefits of in-house pen testing efforts.

Source: Core Security

We’re delighted to share that Sophos Intercept X Endpoint Protection ranked as the industry best in SE Labs’ protection tests in the first quarter of 2023, achieving AAA ratings across the board. In both the Enterprise and SMB categories, we achieved the following:

• 100% rating for Protection Accuracy
• 100% rating for Legitimate Accuracy
• 100% rating for Total Accuracy

Here are the links to the latest reports: Endpoint Security: Enterprise | Endpoint Security: Small Business

Sophos Endpoint: world-leading protection against advanced threats

With decades of cyberthreat intelligence, Sophos designs endpoint protection for real-time defense against modern-day advanced attacks. With a focus on preventing attacks as early as possible, Sophos strategy is to deliver multiple layers of protection to defend the entire attack chain against the many different threat vectors that attackers use to escalate and carry out attacks.

This prevention-first approach reduces breaches and improves detection and response. These SE Labs results testify to the superior cybersecurity outcomes enjoyed by over 300,000 organizations that trust Sophos for their endpoint security.

“Sophos produced extremely good results due to a combination of their ability to block malicious URLs, handle exploits and correctly classify legitimate applications and websites”

–SE Labs

The need to simulate modern-day attacks

Reputable third-party testing is an important tool to help organizations make informed decisions about their technology stacks and security investments. However, as attacks increase in volume and complexity, meaningful results can only be achieved when the tests reflect organizations’ real-world realities.

SE Labs is one of the few security testers in the industry that simulates modern-day attack tools and the tactics, techniques, and procedures (TTPs) that cybercriminals and penetration testers use in the real world.

As Simon Edwards, CEO of SE Labs, explains:

“It is essential for organizations to be able to rely on credible, full attack chain tests that duplicate real-world scenarios. It is not only about throwing a wider range of attacks at the products, but each step of the attack must be realistic too. You can’t just make up what you think attackers are doing and hope you’re right. This is why SE Labs tracks cybercriminal behaviors and builds tests based on how attackers try to compromise victims.”

Test drive Sophos Endpoint for yourself

Sophos Endpoint secures over 300,000 organizations worldwide from active adversaries, ransomware, phishing, malware, and more. Please speak to our security advisers to discuss how we can help you, and take a test drive today.

Source: Sophos

From generating strong passwords to monitoring the security policies and practices of a company, password managers are powerful solutions that defend companies against cyberthreats and improve employee productivity.

Continue reading to learn more about why password management is critical to every organization’s cybersecurity strategy.

What is a Cybersecurity Strategy?

A cybersecurity strategy is a plan for organizations to secure their assets, reduce their cyber risk and protect against cyberthreats. An effective cybersecurity strategy incorporates multiple layers of security and has solutions in each layer to fortify an organization’s defenses.

Improving Your Cybersecurity Strategy Starts With Employees

Employees often store passwords on sticky notes, in a spreadsheet or other unencrypted electronic documents. These unsafe practices stem from the challenge of trying to remember strong, unique passwords for every online account.

When creating passwords, many employees use birthdays, addresses, names of their pets, their favorite sports team or any number of easily guessable combinations. Employees often give up trying to remember unique passwords and repeat the same password – or a version of it – across several accounts. The danger of reusing passwords is if any account is breached, then cybercriminals immediately have access to every other account that uses the same password.

Password managers are cybersecurity tools that aid employees in generating strong, unique passwords and storing them in an encrypted digital vault, accessible from any device. It removes the burden of having to remember multiple passwords and eliminates the risk of employees using weak passwords or the same password across multiple accounts, which places all company accounts and data at risk.

Make Password Management a Part of Your Cybersecurity Strategy

Here are a few reasons why businesses need to incorporate password management as a part of their cybersecurity strategy.

Provides password visibility 

Most businesses have limited visibility into the password practices of their employees which greatly increases cyber risk. Password managers enable organizations to have visibility over the password hygiene and risk factors that can result in a data breach.

Provides secure password-sharing capabilities

Each user can securely and easily share password records with varying levels of permissions. Shared information is fully encrypted in transit and at rest, ensuring that the record is not exposed at any point.

Increases employee productivity

Password managers increase employee productivity as they eliminate common password-related issues such as excess time searching for passwords, resetting forgotten passwords and contacting the helpdesk for assistance in resetting a password.

A password manager allows employees to take control of their passwords and use a unique, random and high-strength password for each and every site, system and application. Every employee is provided a secure, cloud-based digital vault that stores passwords and any other critical information such as encryption keys and digital certificates. A password manager will also generate strong, random passwords and automatically fill them in for users, which saves time and frustration.

Streamlines onboarding and offboarding processes 

Businesses are constantly changing with new employees starting and current employees moving departments or leaving. It’s impossible for IT teams to manually provision, maintain and log all of the activities needed to keep systems secure and meet compliance standards. As people move throughout the organization, a password manager keeps their access updated. This includes locking an account when an employee leaves and the ability to transfer their vault to a trusted admin.

Enhances SSO solutions

A password manager can enhance Single Sign-On (SSO) by covering gaps such as legacy apps or platforms that don’t function with an organization’s SSO solution.

Helps meet compliance requirements

Password managers are key to meeting global compliance standards and best practices for strong cybersecurity policies. Strong password hygiene and password management systems are integral to any company’s InfoSec policy, regardless of size or industry.

Companies can spend millions on cybersecurity, and many do, but a world-class password manager should be the first investment for formidable, proactive protection.

Source: Keeper Security

Most password managers are very secure and safe to use. Depending on the password manager in question, some offer more security than others. To fully understand the security of password managers you’ll first have to understand what a password manager is.

What is a Password Manager?

A password manager is a cybersecurity tool that aids users in generating strong, unique passwords and storing them securely in an encrypted vault. The greatest benefit of using a password manager is that users no longer have to rely on memory or insecure means of storage to remember passwords for all of their accounts. The only password they’ll have to remember is their master password, which acts as the key to enter a user’s password vault.

Are Password Managers Actually Secure?

While password managers are created to be secure, not all password managers are created equal. The reason the security of password managers has recently come into question has to do with the LastPass password manager. LastPass has been in the news a great deal because of a series of security breaches, including this latest breach.

LastPass isn’t new to breaches. In 2015, LastPass suffered an attack that exposed user email addresses and security information. It’s important to note that unlike more secure password managers, LastPass does not encrypt website URLs and other metadata, which can result in stolen information being used to target users who were a part of the breach.

While LastPass’s history may be concerning to hear, there are password managers that have never been hacked– one of many reasons that password managers are still a cybersecurity best practice recommended by industry and government experts alike. Understanding the security architecture of specific password managers can give users peace of mind that their passwords are secure. Remember, a good password manager protects user data, even in a worst case scenario.

What About Browser Password Managers?

Browser password managers differ from standalone password managers for many reasons. One reason, in particular, is that browser-based password managers are not as secure. Here are a few reasons why.

• A compromised browser will lead to compromised passwords. If your device were to be infected with spyware, a cybercriminal would be able to see all the passwords you have stored in your browser. Passwords stored in browser password managers are stored in plaintext, so about all the cybercriminal would have to do  is access your browser settings to view them.
• Browsers are often left logged in. Most people don’t usually log out of their browsers because it’s simply more convenient to stay logged in. However, this poses a major security risk as it makes it easy for anyone to retrieve passwords saved to your browser by just getting their hands on your device. If your device were to get stolen, this makes your accounts even more vulnerable to becoming compromised.

Most people use browser-based password managers due to the convenience of being able to access their passwords. However, not many people realize that convenience doesn’t always mean security – making browser-based password managers a dangerous option for storing passwords.

What is the Safest and Most Secure Password Manager?

The safest and most secure password management solution is Keeper Password Manager. Keeper Security is fanatical about data protection and was built with security as its top priority from day one. Customers are always kept up-to-date on all the steps being taken to secure their data and the improvements being made to the user-friendly platform.

Keeper’s zero-trust and zero-knowledge encryption model ensures that all contents in a user’s vault are protected with multiple layers of safeguards and encryption. Keeper is also the most certified, tested and audited password security platform – holding the longest-standing SOC 2 and ISO 27001 certifications in the industry.

What differentiates Keeper from its competitors, apart from having the most security certifications, is that we implement a multi-layered encryption system. All contents in a vault are encrypted in transit and at rest, including website URLs and other metadata. This is not the case for all password managers.

Learn more about Keeper’s commitment to data protection and why it’s the most secure password management solution available. You can also get started with a free 30-day trial to begin securing your passwords with the safest and strongest password manager on the market.

Source: Keeper Security

All examples of social engineering take advantage of human nature, such as the willingness to trust others, to trick individuals into divulging sensitive information.

Despite its prevalence, social engineering can be challenging to distill into a single formula. It’s one of the reasons 82% of data breaches involve the human element.

Social engineering has become the backbone of many cyber threats, from phishing emails to smishing and vishing attacks. This blog post will outline many popular social engineering techniques and the emotions hackers use to dupe their victims.

9 Most Common Examples of Social Engineering Attacks

In no particular order, here are nine common cyber threats that leverage social engineering tactics to gain access to sensitive information. While most of these attacks occur online, several can rear their heads in physical spaces like offices, apartment buildings, and cafes.

1. Phishing

The most pervasive way of implementing social engineering, hackers will use deceptive emails, websites, and text messages to steal sensitive personal or organizational information from unsuspecting victims.

Despite how well-known phishing email techniques are, 1 in 5 employees still click on those suspicious links

2. Spear Phishing

This email scam is used to carry out targeted attacks against individuals or businesses. Spear phishing is more intricate than your average mass phishing email, as it requires in-depth research on potential targets and their organizations

3. Baiting

This type of attack can be perpetrated online or in a physical environment. The cyber criminal usually promises the victim a reward in return for sensitive information or knowledge of its whereabouts.

4. Malware

A category of attacks that includes ransomware, victims are sent an urgently worded message and tricked into installing malware on their device(s).

Ironically, a popular tactic is telling the victim that malware has already been installed on their computer and that the sender will remove the software if they pay a fee.

5. Pretexting

This attack involves the perpetrator assuming a false identity to trick victims into giving up information. Pretexting is often leveraged against organizations with an abundance of client data, like banks, credit card providers, and utility companies.

6. Quid Pro Quo

This attack centers around an exchange of information or service to convince the victim to act. Normally, cyber criminals who carry out these schemes don’t do advanced target research and offer to provide “assistance,” assuming identities like tech support professionals.

7. Tailgating:

This attack targets an individual who can give a criminal physical access to a secure building or area. These scams are often successful due to a victim’s misguided courtesy, such as if they hold the door open for an unfamiliar “employee.”

8. Vishing

In this scenario, cyber criminals will leave urgent voicemails to convince victims they must act quickly to protect themselves from arrest or another risk. Banks, government agencies, and law enforcement agencies are commonly impersonated personas in vishing scams.

9. Water-Holing

This attack uses advanced social engineering techniques to infect a website and its visitors with malware. The infection is usually spread through a website specific to the victims’ industry, like a popular website that’s visited regularly.

How Does Social Engineering Happen?

Social engineering happens because of the human instinct of trust. Cyber criminals have learned that a carefully worded email, voicemail, or text message can convince people to transfer money, provide confidential information, or download a file that installs malware on the company network.

Consider this example of spear phishing that convinced an employee to transfer $500,000 to a foreign investor:

1. Thanks to careful spear phishing research, the cyber criminal knows the company CEO is traveling.
2. An email is sent to a company employee that looks like it came from the CEO. There is a slight discrepancy in the email address, but the spelling of the CEO’s name is correct.
3. In the email, the employee is asked to help the CEO by transferring $500,000 to a new foreign investor. The email uses urgent yet friendly language, convincing the employee that he will be helping both the CEO and the company.
4. The email stresses that the CEO would do this transfer herself, but she can’t make the fund transfer in time to secure the foreign investment partnership since she is traveling.
5. Without verifying the details, the employee decides to act. He truly believes that he is helping the CEO, the company, and colleagues by complying with the email request.
6. A few days later, the victimized employee, CEO, and company colleagues realize they’ve been the targets of a social engineering attack, resulting in a loss of $500,000.

Examples of Social Engineering Attack Scenarios

Savvy cyber criminals know that social engineering works best when focusing on human emotion and risk. Taking advantage of human emotion is much easier than hacking a network or looking for security vulnerabilities.

The following are some familiar notes successful social engineering attacks hit again and again.

Fear

You receive a voicemail saying you’re under investigation for tax fraud and must call immediately to prevent arrest and criminal investigation. This social engineering attack happens during tax season when people are already stressed about their taxes.

Cyber criminals prey on the stress and anxiety of filing taxes and use these fear emotions to trick people into complying with the voicemail.

Greed

Imagine if you could transfer $10 to an investor and see this grow into $10,000 without any effort on your behalf. Cyber criminals use the basic human emotions of trust and greed to convince victims that they really can get something for nothing.

A carefully worded baiting email tells victims to provide their bank account information, and the funds will be transferred the same day.

Curiosity

Cyber criminals pay attention to events capturing a lot of news coverage and then take advantage of human curiosity to trick social engineering victims into acting. For example, after the second Boeing MAX8 plane crash, cyber criminals sent emails with attachments that claimed to include leaked data about the crash.

The attachment installed a version of the Hworm RAT on the victim’s computer.

Helpfulness

Humans want to trust and help one another. After researching a company, cyber criminals target two or three employees with an email that looks like it comes from the targeted individuals’ manager.

The email asks them to send the manager the password for the accounting database—stressing that the manager needs it to ensure everyone gets paid on time.

The email tone is urgent, tricking the victims into believing they are helping their manager by acting quickly.

Urgency

You receive an email from customer support at an online shopping website that you frequently buy from, telling you they need to confirm your credit card information to protect your account.

The email language urges you to respond quickly to ensure that criminals don’t steal your credit card information.

Without thinking twice, you send the information, which results in the recipient using your details to make thousands of dollars of fraudulent purchases.

How to Protect Your Information from Social Engineering Attacks

Though social engineering tactics are common, the examples in this blog post underscore how difficult they can be to spot and, more importantly, resist. Reacting based on human nature pushes many people toward a cyber criminal’s desired outcome.

To safeguard against the prevalence of social engineering tactics, it’s essential to arm yourself with the right tools and knowledge. Our Cyber Security Hub offers a comprehensive cyber security resource, including the latest information on social engineering threats.

By staying informed and empowered with our hub, you can proactively protect yourself and your sensitive data from malicious cyber attacks. Access our Cyber Security Hub for free today to secure your digital assets and stay ahead of potential threats.

Cyber Security Hub: Access Exclusive Cyber Security Content

White Paper – How to Protect Your Data from Social Engineering

Source: Terranova

Sophos Intercept X with Extended Detection and Response (XDR) has been rated the #1 XDR solution by G2 users in their spring 2023 reports (March 2023). G2 distinctions and rankings are based solely on independent, verified customer reviews on G2.com, the world’s largest software marketplace and peer-review platform.

Check out the full reviews on G2.com and how Sophos was named a leader in several other categories, including Endpoint, EDR, Firewall, and MDR.

XDR for the real world

Designed for security experts and IT administrators alike, Sophos Intercept X with XDR enables analysts to detect, investigate, and respond to threats across their entire security environments quickly and accurately.

Building on the strong protection foundation of Sophos Intercept X Endpoint technology, our XDR solution brings together telemetry from endpoints, servers, mobile devices, network, email, and cloud solutions for optimal visibility and accelerated response. Alternatively, organizations looking just for Endpoint Detection and Response (EDR) capabilities can utilize the same detection and response tools, focusing solely on their endpoints.

The G2 rating endorses our commitment to a prevention-first approach that reduces breaches and improves detection and response.

Sophos Intercept X with XDR has had several impressive and innovative updates that enable customers to enjoy superior cybersecurity outcomes:

• Third-party integrations enable customers to extend their visibility into threats and conduct more complete investigations to swiftly eject attackers from their environments. Customers can already leverage telemetry from Microsoft Security Graph API, Office365 Audit and Cloud App Security, Azure Activity and Flow, AWS Security Hub, and Google Cloud Platforms to accelerate threat detection and response, and we have a strong 2023 roadmap to match the integrations offered by the Sophos Managed Detection and Response (MDR) service.
• Aggressive classification (security posture adjustment) allows admins to select a more aggressive detection threshold for alerting when they suspect an active adversary is present.
• Alert-only mode gives admins a greater choice over whether to automatically stop-and-prevent vs. allow-and-alert, based on the customer’s unique risk tolerance.
• On-device behavior analytics for suspicious process activity extends existing heuristic and ML model-based detections to leverage an on-device behavior engine. This level of analytics is run on the endpoint instead of in the cloud to ensure that devices are secure even when offline or unable to send data to the data lake.
• Document access activity tracking that can be used for threat hunting and investigations when suspicious files have been in your environment.

Check out Sophos Intercept X with XDR for yourself at Sophos.com/XDR and see why it’s the number one XDR solution rated by G2 customers.

Source: Sophos

The manufacturing sector is witnessing the “Industry 4.0” era: smart factories equipped with industrial IoT devices, robotics, and advanced analytics to revolutionize manufacturing operations.

But rapid digitalization, lack of cybersecurity standards to match the growth, IT/OT convergence, and the sector’s low tolerance for operational downtime are increasing its attack surface. Manufacturers are looking to find solutions to risks such as vulnerability exploitation, data spillage, and production sabotage that plague the industry today.

It’s not surprising that cybersecurity challenges for manufacturers are growing in volume and complexity: 55% of manufacturing organizations were hit by ransomware in 2021 – a 52% increase from 2020.  61% of manufacturers reported an increase in attack volume, 66% reported an increase in attack complexity, and 51% reported an increase in the impact of attacks.

Manufacturing’s evolving threat landscape

In addition to the growing professionalism and evolving tactics, techniques, and procedures employed by criminal groups, there are a few other factors that are pushing forward the cybersecurity challenge in this sector:

• Manufacturers need to secure access to their critical industrial control systems and data
• Phishing scams – more specifically spear-phishing attacks – are easy ways for attackers to gain access to manufacturing systems and valuable data
• Theft of intellectual property like product designs, formulas, process patents, and other unique know-how of a manufacturing organization by cybercriminals, competitors, and ex-employees
• Risk of insiders who have authorized access to proprietary data or controls to critical manufacturing operations, misusing their privileges to steal trade secrets, sabotage manufacturing processes, or damaging equipment via remote access
• Manufacturers rely on a vast and complex supply chain network that is vulnerable to cyber attacks
• Manufacturers need to protect their legacy or unpatched manufacturing control systems and processes
• Cybercriminals are targeting the cloud to exploit less established cybersecurity practices than in traditional on-premises environments

Sophos can help

Download our Cybersecurity Guide for Manufacturing Industry to learn how Sophos can help address the most common cybersecurity challenges facing the manufacturing sector.

Sophos MDR is our fully-managed, 24/7 service delivered by experts who specialize in detecting and responding to sophisticated cyberattacks that technology solutions alone cannot prevent. As the world’s most trusted MDR provider and with many hundreds of manufacturing sector customers, we have unparalleled depth and breadth of expertise when it comes to threats facing the manufacturing sector. Sophos MDR applies learnings from defending one manufacturing organization to all others in the sector, generating “community immunity” and elevating everyone’s defenses.

“With Sophos MDR we have reduced our threat response time dramatically.”

Tata BlueScope Steel

“Sophos MDR’s ability to remediate or remove threats in a swift manner and bring them to our attention frees us up to focus on high-value tasks.”

Tomago Aluminium

“Sophos releases the IT teams to undertake more proactive tasks instead of being drawn into managing security challenges.”

AG Barr

Sophos ZTNA eliminates vulnerable VPN clients, enabling you to offer secure and seamless access to resources for your remote users defined by policies. It removes implicit trust in your environment’s applications, users, and devices, allowing segmented access to your systems and resources to just those who need it.

Sophos Secure Access Portfolio enables manufacturers to connect remote and branch sites, deliver critical cloud and SaaS applications such as Dropbox, Salesforce, and others, and share data and information between sites.

It includes:

• Sophos ZTNA to support secure access to applications
• Sophos SD-RED remote Ethernet devices to safely extend your network to branch locations and remote devices
• Sophos Wireless access points for easy and secure wireless networking
• Sophos Switch for secure access on the LAN

Everything is managed through a single cloud-based security platform, Sophos Central.

Speak with an expert

To learn more and discuss how Sophos can help you, contact your Sophos representative or request a call-back from our security specialists.

Source: Sophos