On di.dk we use cookies for multiple purposes relating to functionality, web analyze, and marketing. If you continue, you accept cookies for these purposes. You can read more about cookies and change your cookie settings on this page.

Hackers use employees as their Trojan horse

Spear phishing of selected employees is one of the human weapons used by hackers to bring companies down. The human factor is crucial for corporate cyber defence - and it must be maintained on a regular basis, says Director of the Danish ICT and Electronics Federation.
Cyber attacks are increasingly being carried out by taking advantage of employees who unwittingly give hackers access to the company by clicking on emails or websites that appear reliable.

Publiceret: 23.08.2017
Af Karen Witt Olsen mail

Cyber attacks are increasingly being carried out by taking advantage of employees who unwittingly give hackers access to the company by clicking on emails or websites that appear reliable.

When specific employees are targeted and lured to click on malicious links or attached files, it is called spear phishing. 

And this is one of the weapons hackers increasingly use to spread malware in companies’ IT systems, writes Denmark’s national IT security authority, Center for Cyber Security (CFCS), in its latest annual report.

The Center believes that cyber crime is increasing in scale and complexity and represents a very high cyber threat to authorities, companies and citizens alike.

“The threat from cyber spying and cyber crime against Danish authorities and companies is VERY HIGH. In order words, there is a specific threat. Hence there is capacity, intent, planning and possible execution. Attacks/harmful activity is highly likely,” writes CFCS in the annual report.

See also: DI’s top nine cyber security tips

Buying a system is not enough

Director of the Danish ICT and Electronics Federation Adam Lebech urges companies to be particularly attentive to the human factor when planning cyber defence.

“CFCS’s annual report shows that it is important to not underestimate the human factor when defending ourselves against hackers. We can ensure that systems and processes protect us, but only to a certain degree.”

Adam Lebech emphasises that it is not enough to buy an IT security system and simply lean back and trust that all is well.

“Good cyber security is also about having constant managerial focus on the topic, continuously adjusting to the threat level and educating employees, because the hackers are constantly finding new ways to attack.”

See also: The day cyber criminals locked all files at RTT

Social manipulation of employees

According to CFCS’s annual report, one of the most common attack attempts observed by the internet security service in 2016 was different types of social engineering - for example spear phishing.
Social engineering is a hacker technique in which the victim is manipulated to perform certain actions or to pass on classified information without being aware of it.

That could happen e.g. via emails or websites that look legitimate on the surface but which actually contain malware. Social engineering requires some knowledge of the victim to be effective.

“Hackers often try to manipulate employees into giving them access or activate malware or ransomware. Approximately 2/3 of Danish companies experienced the latter in 2016,” says Director Adam Lebech.

Læs også: Well-organised criminals trick companies out of millions

Expensive when it happens

The fact that cyber crime costs companies dearly was made evident by the attack on Maersk, which started 27 June.

On Wednesday, 16 August, the shipping giant announced - via its interim accounts - that closing port terminals and docking container ships will cost the company a total of between DKK 1.3 - 1.9 billion, primarily in lost revenue in the month of July.

Maersk was hit by the NotPetya virus, which entered the company through a so-called back door in the software MeDoc, which is used to file tax returns in Ukraine. Some of the world’s largest multinational companies, Mondelez, Reckitt Benckiser and WPP were hit at the same time.

FACTS

Center for Cyber Security
Denmark’s national IT security authority and national skill centre for cyber security.
The mission is to strengthen the defence of Denmark’s digital infrastructure and to strengthen Denmark’s ability to counter cyber attacks.
Has published 14 threat assessments, 5 investigative reports and 7 guides in 2016, which are available at www.cfcs.dk.

 

The threat from cyber spying and cyber crime against Danish authorities and companies is VERY HIGH.
CENTER FOR CYBER SECURITY (CFCS)
More info
Kontakt image
Direct: +45 3377 3349
Mobile: +45 2064 4872
E-mail: chhndi.dk
Your e-mail address will be used solely for this newsletter subscription. You can unsubscribe at any time here.
PUBLISHED: 8/23/2017 LAST MODIFIED: 8/29/2017