As with all IT Security warnings, most figures we see are very Americanised but CEO fraud is a very real threat to UK businesses too with over £32million reportedly being lost to this kind of attack. Worryingly it's likely that the true figure is far greater as firms may not report the loss to authorities OR may not even realise they have lost the money yet.
So what is it - well it's so called CEO fraud as the attack is one where an attacker purports to be a senior member of staff (maybe the CEO), attacks are often carried out using phone calls & email. The attacker makes numerous contact with their "target" and builds up the picture of a "deal" before they actual make the request for the money to be transferred, this means that the targeted member of staff is expecting the request to be made to transfer funds to an account - when the attacker makes the request it doesn't seem out of the ordinary & the target complies.
These kinds of attacks work better in larger organisations as there are more likely to be senior staff involved whom the targeted staff member may never have met.
It's common for the attacker to use gmail, yahoo or other generic email accounts to communicate BUT some highly sophisticated attacks have been reported where the attackers have spent months learning the target organisation, hacking the mail system & actually monitoring the communications between certain individuals, learning the kinds of words, deals etc... that are discussed. Once a big enough picture has been built up the attacker will then choose the moment very carefully about when to send a message containing their bank details - they may even be clever enough to simply alter a legitimate message that was sent so nobody knows there is anything wrong - except when the money that has been sent never arrives with the legitimate recipient.
This kind of attack is very difficult to guard against 100% as they can take many different forms but our top 5 tips for avoiding CEO fraud are:-
A major part of protection against this kind of fraud is with education - make sure that your staff are in tune with the kind of scams that they could be vulnerable to. If they haven't been educated into some of the threats that are out there then they can't really be held accountable of they are tricked.
Attackers & fraudsters are using very sophisticated methods to take your money from you - don't make it easy for them!(full article)
We've been looking for ways to improve our ability to fail over servers in the event of a disaster or network outage. We have been able to fail servers over for quite some time however due to our current network configuration, we'd need to change the servers IP addresses (OK I know this post is geeky but please bear with me) which takes time & causes complications so we avoid failing servers over! If there was ever a situation where things were so bad that we wouldn't be able to bring the original server(s) back online for a long period of time then we would have no choice but to perform the failover & change all of the IP addresses.
So in looking to improve this failover capability we began asking questions of our datacentre provider & carriers as to whether they would be able to give us an ability to create a connection which would enable us to run our VLAN's flat across 2 sites. This was possible we were told by giving us a dedicated link between the datacentres which would basically act as an extremely long network cable - this got us excited as it would mean we would simply be able to fail a server over to a different location, & bring it online without the need to make any IP address changes, this would be a massive breakthrough for us & would give us vastly improved failover capabilities.
We then started looking into the possibilities of running this without a dedicated link/carrier - we thought that if we were in control of the link that this would be more beneficial to us.
We found a technology which enabled us to create an encrypted link across the public internet which makes both sites appear as one. So much so that the machines at the second site don't even see a gateway(router) local to them, they only see a gateway at the primary site. When the machines go onto the internet the internet traffic etc.. is all going out through the router at the primary site.
We have done a lot of testing with this technology & are implementing this live into our network this week. This is not only going to give us better fail over capabilities but it's also going to mean that we can change the way we deploy network services into our customers, which will reduce cost, improve control & deliver more advanced solutions.
We are incredibly excited about this new technology & the capabilities it is going to enable for us.
We are expecting a whole host of new IT Security & network services to be on offer very soon as well as being able to perform more seamless systems fail over for our existing cloud customers.
Watch this space!(full article)