Phishing

Defending Against Phishing Attacks

It’s hard to grapple with all the aspects of cyber security. Cyber security has become a multi billion-dollar industry, and many organizations these days have C-level positions peered to technology chiefs, complete with multiple dedicated staff members. The recent news of Russia meddling in the affairs of American politics is but one of the many episodes that happen literally on a daily basis. The difference was that this one was a high-profile case. This past fall, a major DDoS attack took down many popular websites. These attacks really aren’t aimed at exploiting data as much as they are about bringing down servers. While it’s harder to defend against DDoS attacks, phishing attacks like those used by the Russians against the DNC are very preventable — in fact the hack was rather low tech. The hacker used a two-part attack to get the email off the server. First, they used a “phishing” attempt to pull a confidence trick on an unsuspecting user. The user unsuspectingly provided the needed access for the hackers to launch the second part, which was to install a “rootkit” on the DNC’s servers so they could extract data. The unsuspecting user and the failure of the DNC’s IT staff is ultimately what lead to the breech.

Phishing attacks don’t usually involve a technical exploit. The best thing that people can do to protect against phishing is to change habits. Phishing attacks require that users do something, like click on a link in an email or web page that takes the user to a malicious website, which asks the user to logon and verify some information like bank account numbers, passwords, or credit card information. If one receives an unsolicited email asking a user to verify something, never click on a link in the email. Rather, visit the website directly in a browser, and if nothing else call the technical support for the site to validate if the site really wants users to verify information. Odds are, this isn’t the case. 

There are a few technical solutions one can use to help harden security against phishing. Whether you’re an organization or an individual, any of these solutions can be applied to your own personal security or to your organization’s security.

Easy: Enable Two-Factor Authentication. Two Factor Authentication is one of the easiest ways to ensure that accounts don’t get exploited. As the name suggests, when one logs into a website service, he or she is required to supply two types of verification to authenticate a user. Most often the first factor is a password. The second factor can be answering a series of security questions or more sophisticated systems will use access tokens sent to email or to a phone number on file via text. There are other types of two-factor authentication, and most all major services such as email, banking, social media, and online shopping will often prompt a user to enable two-factor authentication beyond a simple password. Doing so substantially increases data security by multiple orders of magnitude.

PayPal 2 Factor Authentication
PayPal 2 Factor Authentication

Easy: Use a Phishing Scanner. Most all browsers nowadays come with some sort of phishing protection integrated into the browser that will warn a user whenever they are trying to load a suspicious site. Likewise, there are a number of browser standalone browser extensions (like Netcraft for Chrome) or security suites like Avast that will install filtering into the browser to protect against phishing attacks.

Easy: User Secure Email — Most commercial email services like Gmail and Outlook.com provide some rather robust email filtering to capture and dispose of phishing attacks before they reach an inbox. Likewise, they employ two factor authentications to protect user data. More obscure email services and do-it-yourself email services lack these advanced security features, meaning that more phishing attacks are likely to land in one’s email inbox. Understandably many organizations do not want to use cloud-based email over security concerns, but as the DNC hacks show, the DIY model is only as secure as those implementing it. Fearing the insecurity of a SaaS solutions can actually be less secure than using a SaaS solution for email.

Easy: Use a VPN when using public networks — This almost goes without saying, but public networks like those found at airports, malls, coffee shops, hotels, and many retail establishments are far from secure. A VPN encrypts the traffic as it leaves your device and then decrypts it on a trust remote server. It also creates a “point of presence” that already has a number of security measures in place.

Moderate: Use DNS filtering provided by OpenDNS. Open DNS provides as suite of services for online protection by filtering traffic for all internet request based on domain names. OpenDNS also has the advantage of protecting against “zero-day” attacks as they arise. If OpenDNS discovers a threat, they simply update their domain name registry and all of their subscribers are protected. Their products range from personal protection with OpenDNS Family Shield to Umbrella for corporations. They all work basically the same way by filtering DNS (ie. example.com) requests as they are made online. OpenDNS protects against all kinds of attacks and has a special category just for phishing attacks.

OpenDNS Phishing Protection
OpenDNS Phishing Protection

Moderate to Hard: Use Geo-Blocking60% of the world’s cyber attacks originate from 9 countries, and 70% if one adds the United States. Newer firewalls allow users to block traffic originating in and destine for specific countries. These rules can also be applied manually by block IP ranges (known as a CIDR blocks) for those countries. CIPB allows you to look these up and can even make Access Control Lists (ACL’s) for many common web servers and firewalls. Blocking all traffic and adding things on an exception basis may be more management, but is certainly more secure than allowing any and all traffic from these countries.

Untangle Block By Geo
Untangle Block By Geo

Moderate to Hard: Combine security solutions for defense in depth. My firewall uses multiple, often overlapping solutions to provide a more robust solution. I use Untangle, an open source unified threat management system that includes many of the aforementioned features including virus protection, a phishing filter for email, ad blocking which nabs a number of would be phishing sites, content filtering that does the same, a VPN solution that I use while I’m away, Geo-Blocking, and also, it’s configured to use OpenDNS to provide additional content filtering and phishing protection to all the devices on my network.

JLTCtech has a number of appliances with Untangle already installed. It’s easy to use and configure, and the folks at JLTCtech provide technical services to help get your network secure.

0 comments on “Defending Against Phishing AttacksAdd yours →

Leave a Reply

Your email address will not be published. Required fields are marked *

five × 1 =