Keep Calm and Stay Smart
05:41
BEC attacks: Most victims aren’t using multi-factor authentication – apply it now and stay safe
There has been a big rise in Business Email Compromise (BEC) attacks – and most victims work at organisations which weren't using multi-factor authentication (MFA) to secure their accounts.
BEC uzbrukumi ir viens no ienesīgākajiem kibernoziedzības veidiem: saskaņā ar FIB datiem kopējais zaudējumu apjoms pārsniedz 43 miljardus ASV dolāru, un to skaits palielinās, un par uzbrukumiem ziņots vismaz 177 valstīs.
These attacks are relatively simple for cyber criminals to carry out – all they need is access to an email account and some patience as they try to trick victims into making financial transfers under false presences. This commonly involves sending messages to employees, purportedly from their boss or a colleague, that suggest a payment — often very large — must be made quickly in order to secure an important business deal.
Populārs tagad
Uzlabotāki BEC uzbrukumi uzlauž uzņēmuma kontu un izmanto likumīgu e-pasta adresi, lai veiktu maksājuma pieprasījumu.
It's even been known for scammers to monitor inboxes for long periods of time, only choosing to strike when a real business transaction is about to be made — at which point they cut in and direct the payment to their own account.
SEE: The biggest cyber-crime threat is also the one that nobody wants to talk about
Tā kā šādā veidā ir jāpelna nauda, kibernoziedznieki arvien vairāk pievēršas BEC kampaņām, un uzņēmumi kļūst par upuriem. Saskaņā ar kiberdrošības analītiķu teikto plkst Arktikas vilks, BEC uzbrukumu skaits, uz kuriem viņi ir reaģējuši, divkāršojās laikā no janvāra līdz martam un aprīlim-jūnijam, un šie uzbrukumi veidoja vairāk nekā trešdaļu no visiem izmeklētajiem incidentiem.
There was a common theme among many of the victims: according to incident responders, 80% of the organisations which fell victim to BEC attacks didn't have MFA in place.
Multi-factor authentication provides an extra layer of security for email accounts and cloud application suites, requiring the user to verify that it really was them who logged into the account, helping to protect against unauthorised intrusions — even if the attacker has the correct username and password.
Organisations that ignore MFA are leaving themselves open to BEC campaigns and other cyber attacks – despite repeated recommendations from cybersecurity agencies that it should be applied. So why aren't they using it?
“ĀM ir nepieciešama rūpīga plānošana un koordinācija, lai tās veiksmīgi īstenotu, nodrošinot, ka organizācijas var turpināt darboties bez traucējumiem. Tā kā lietotājiem ir nepieciešama apmācība MFA sistēmas lietošanā, dažām organizācijām tas var būt sarežģīti," ZDNET sacīja Adrians Korns, Arctic Wolf Labs draudu izlūkošanas pētījumu vadītājs.
Populārs tagad
"Turklāt jaunas MFA izvietošanas konfigurēšana un testēšana visā organizācijā var radīt smagu slogu jau tā saspringtajiem IT departamentiem," viņš piebilda.
Arī: Interneta biedējošā nākotne: kā rītdienas tehnoloģija radīs vēl lielākus kiberdrošības draudus
Despite these potential restraints, applying MFA to all user accounts is one of the most significant things organisations can do to help protect their employees and their network from cyber attacks – if they're set up correctly.
"Organizācijām vajadzētu plānot savu MFA izvietošanu jau laikus, lai ņemtu vērā tehniskās problēmas, ar kurām tās var saskarties. Turklāt organizācijām vajadzētu veltīt laiku, lai nodrošinātu, ka MFA konfigurācijas tiek pārbaudītas pirms labākā laika un ka lietotāji ir labi apmācīti, kā izmantot jauno MFA platformu, sacīja Korns.
But while MFA does help to prevent cyber attacks, it isn't infallible and determined cyber criminals are finding ways to bypass it.
With BEC attacks using social engineering to trick people into thinking they're doing right thing, it's also important for organisations to train their employees to detect when a request — even if it comes from a legitimate account — could be suspicious.
“Lietotāji ir jāapmāca atpazīt aizdomīgus finanšu pieprasījumus. Ja kaut kas jūtas pretrunā, lietotājiem ir jāņem vērā šis instinkts un jājautā tālāk. Steidzami finanšu pieprasījumi ir jāapstiprina, izmantojot papildu līdzekļus, pirms tiek pabeigti lieli darījumi," sacīja Korns.
VAIRĀK PAR KIBERDROŠĪBU
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
English
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba