social engineering cyber attackSome of the most dangerous attacks are the ones that seemingly come out of nowhere. Your best bet is to prepare for everything and make sure that you have a robust disaster recovery plan in place to protect your business. Synivate offers a comprehensive disaster recovery service program designed to help companies to get back on their feet after malicious social engineering attacks. Our Boston security solutions can be used to implement network security measures and offer services that will protect your business from cyber tricks and techniques. We have found that employee training in Boston is the best way to prevent most attacks from ever happening.

Whitelisted Website Attacks

The latest news in cyber attacks is the use of whitelisted websites that are commonly used within North American business frameworks to get past standard security measures. Some of the biggest names in the business, including Google Drive, iCloud, OneDrive, and Dropbox, are being used in these malicious attacks. Falling into the category of social engineering attacks by the way that these threats operate, cybercriminals are using these pre-approved and well-known businesses to wreak havoc with businesses. Because these products are whitelisted, there are not many defenses available to stop the advanced attacks purported by using their good names.

The goal of these attacks is to trick employees into providing their credentials – username and password, along with anything else they can get. Another form of these social engineering attacks is to get the employee to unknowingly download and install malware on the company computers. A malicious document or zip file is stored in a cloud storage account, and then the data is shared. The attacker makes the file appear to be an invoice, statement, contract, or something else that would make sense or appeal to the targeted recipient. They even go to the trouble of making the email match the expected services of the recipient so it will look legitimate. When the employee opens the document, they are encouraged to click on a link that takes them to a fake form where they are asked to put in their credentials. Once they have access to the company account, the cybercriminal can steal information or access other systems within the business.

Employee Training in Boston

While it might not seem that education could prevent this type of attack, we have proven this to be the case. Our clients are taught what to look for and identify signs of an impending attack. In addition, we also go over other Boston security solutions that can help to prevent further damage if the employee’s credentials are taken in this manner. Another type of attack is known as “credential stuffing,” which is what many hackers use to steal business data. They take the username and password that were obtained through the initial social engineering attacks and then use them to try and login to other pages and programs. It is well known that most people have a bad habit of using the same username and password on multiple accounts.

In addition to stealing access to the company accounts, programs, and services, the whitelisted site attacks also work to deliver malware to the employee’s machine that provides the attacker the ability to spread the malware to other systems within the business. In these most recent attacks, industry experts reveal that Microsoft’s OneDrive program alone accounted for more than 90 percent of all online personal storage attacks. Microsoft is often a popular target for these hackers. They use these tools to bypass traditional security measures and connect directly to Microsoft, which offers them unguarded entry into the corporate network. Microsoft highly recommends employee training in Boston and around the globe to help employees identify bad links and learn what to look out for with malicious sites.

A High-Tech Con?

You might think that these social engineering attacks are a high-tech attack, but in truth, they are simply basic con methods that are applied to modern targets. Some of these attacks purport to be from an authority figure within the company, a customer, a vendor, or a coworker. These are not simply random attacks put out in the hopes of snaring a victim, but carefully planned techniques that involve taking time to learn about the target company, employee, and lingo used in the industry that you serve. These cybercriminals are good at what they do, which is why they are so successful.

To learn more about our Greater Boston security solutions or to establish a viable disaster recovery service, make sure to contact Synivate by calling 617-517-0704. We can answer any questions you might have about our network security and employee training in Boston and the surrounding area. Call today for a FREE evaluation of your existing system.