Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Dec 26, 2018

See why cybercriminals love the holidays.

10.jpg

As 2018 winds down and we all celebrate this holiday season with family, friends and loved ones we can’t lose sight of our year-end work priorities as well. To say that sometimes we may get distracted may be an understatement, so it is doubly important that you are ever vigilant when it comes to your cybersecurity prevention strategies because cybercriminals love to take advantage of the holiday distractions in order to wreak havoc on your infrastructure or directly impact your content with targeted phishing and ransomware attacks.

Cybercriminals Love the Holidays

Tis the season to be wary. As badly as you desire some time off to handle your holiday shopping and festivities, you can be assured that cyber criminals are working even more diligently to trick you into making a very costly mistake for your organization. Wayne Rash gives us a reason why in his eWeek article:

“During the holiday seasons there’s a lot of the kind of activity that cyber-criminals love. There are more customers buying things and that means that there are more credit card numbers floating around, there’s more personal information being stored in company databases and there’s less time for customers and companies to verify what’s real and what’s not.

In their haste to make sales, some companies may become careless about the purchase information they collect and they may collect information they don’t need. Worse, with the added load of higher than normal volume, IT departments may be forced to cut corners just to keep up.”

SMiShing is the New Thing

There is an emerging trend that exploits Short Message Service (SMS) systems instead of email to send malicious messages as a variation of phishing attacks. According to an Infosec Institute article titled “Cyber Security During The Holidays”:

“Smishing messages direct victims to visit a website or call a phone number, at which point the person being scammed is enticed to provide sensitive information, such as credit card details or banking credentials. Malicious shipping notifications belong to this category of scam. Cybercriminals use it to send out fake messages to update customers on the status of their shipments. Usually, these messages include a malicious link or carry malware. During the holidays, internet users place numerous orders online, and the likelihood that they wait for shipping notifications is high. That’s why this scheme of attack is very efficient, especially during the holidays.”

As this is just a variation on phishing and ransomware, it would be a good use of time to review our previous blogs titled “Phishing In A Hurricane” and “5 Ways Ransomware Can Enter Your Network” as a refresher.

Preventing Phishing and Ransomware

You should use a multi-Tier protection to defend against attacks at different levels of the stack. This comprehensive approach is powerful, as evasion techniques may spread across different layers. Your solution should protect against advanced malware by using deep inspection in order to analyze commands at the CPU level, all the way up to the application level, analyzing macros and embedded JavaScripts in Microsoft office or any other data file types.

Check out how Mimecast can provide you the means to prevent phishing and ransomware damage. Give us 20 minutes and we can show you how. Register for a demo today.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Dec 26, 2018

You may also like:

December ESRA Report: Aggregate False Negative Rate of Incumbent Email…

Learn more in Mimecast’s latest Em…

Learn more in Mimecast’s latest Email Security Risk As… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Dec 07, 2018

Insider Threats Personified – The Well-Intentioned Employee

Do you know your insider threat personas…

Do you know your insider threat personas? In this this edit… Read More >

Monica Gupta

by Monica Gupta

Product Marketing Manager

Posted Dec 07, 2018

New Phishing Emails Posing as Office 365 Non-Delivery Messages

You can fight back with a cyber resilien…

You can fight back with a cyber resilience approach. Cybera… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Dec 17, 2018