Just want to throw this out there and see what other people are doing to
keep attacks at bay.
We are finding phishing and malware attacks are getting more and more
sophisticated and it is getting harder to avoid them. We got hit by a
crytowall 4 attack a while ago but fortunately have good backups. Even
when we found out which machine it was, nothing showed up when you
scanned it with all the virus and other scanners we could get our hands
on. We just wiped the machine anyway.
We learned the other day about a new type of malware that is extremely
dangerous. If it got onto one of the machines that does internet
banking (not mentioning the bank name), the machine can be controlled
from elsewhere. When the user logs on using their smart card and pin
entry devices which are both plugged into the machine, the malware then
puts up a screen saying "Authorising account" or some such message with
a waiting logo and in the background the hacker is putting payments
through on a hidden screen. The hacker then prompts the user (again)
for their pin, which authorises the hidden payment(s). I didn't think
they could get past not having the card and pin present.
We now have software to stop people plugging their own devices in:
https://www.endpointprotector.com/
and lots of web filters, but you still have the problem of people
clicking on links in emails. We have started sending out emails with
quiz type questions to try to educate people.
http://www.intronis.com/msp-resources/smb-phishing-quiz/
I got 8/9. I blame the lack of tea first thing this morning for the
other one ;-)
Thanks,
--
Peter Cushing
IT Department
WHISPERING SMITH
This communication is intended for the person or organisation to whom it is addressed. The contents are confidential and may be protected in law. Unauthorised use, copying or disclosure of any of it may be unlawful. If you have received this message in error, please notify us immediately by telephone or email.
www.whisperingsmith.com
Whispering Smith Ltd Head Office:61 Great Ducie Street, Manchester M3 1RR.
Tel:0161 831 3700
Fax:0161 831 3715
London Office:17-19 Foley Street, London W1W 6DW Tel:0207 299 7960
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/[email protected]
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
