Hackers constantly adapt and change to fit into an environment where more security measures are being put into action and cyber security knowledge is being used. They are constantly finding new ways to breach systems.
A “text book” approach is no longer an option, just when you thought you had the system on lock down, a new hack comes on the market and its back to square one. The methods that hackers have been using over the years are morphing into attacks that aren’t as obvious.
A new hack that has come into play is called PhishPoint. This is a hybrid version of a phishing scam, it uses Office 365 to lure the target into entering their credentials and gaining access.
I have read a few articles about it and was shocked, it combines methods of attack that you have seen before, like an infected link, leading to a spoofed login page which looks identical to your usual page, which means you enter your details without a second thought. The new side to this, is that they are using an attachment link that looks familiar to you and to Microsoft, a SharePoint link, fooling you into clicking on it as it doesn’t look “dodgy” and because it was not stopped by the built-in basic security.
The reason that Office 365’s security does not detect this is because the attackers use a SharePoint link, which to Microsoft isn’t seen as a threat. This is why having multi-layered cyber security is so important, relying on the basics will only lead to data loss and financial strain.
PhishPoint is a prime example that hackers are picking up on the fact that you are becoming more aware of cyber security. This doesn’t mean all is lost, this just means that you will add to the list of cyber security do’s and don’ts. The same rules apply, verify the sender, have a unique email address, don’t reply to spam emails as they will know your email address is valid and checking the URL.
Just like the cyber criminals adapt, so should you, constantly check that all your employees, new and old understand the basics, communicate with your IT and cyber specialist like J2 Software, that you want to be informed of new hacks and prevention methods, even have them hold a presentation to management to pass down to their staff.
Knowing is one step closer to preventing. We at J2 Software pride ourselves in communicating with our customers, we stay on top of the newest methods and the best way to prevent them, keeping your organisation cyber safe.
Olivia Hannah Coetzee