Security "Bits"

How To Protect Your Data From Wall St. Lingo, Phony Emails & Tor

By Annie Wang | December 3, 2014 at 2:07 PM

wall_stHealthcare organizations just can’t seem to get a break as they continue to experience a barrage of sneaky cyber attacks. A recent study has unveiled that a group of cyber criminals, coined as “Fin4”, has created a unique way of spear phishing sensitive information from more than 100 companies in hopes of manipulating the market. The majority of these organizations are within the healthcare and pharmaceutical industries, where sensitive data loss can lead to a swift change in stock price. The world’s most nefarious cyber criminals are tricking high level employees into ponying up their passwords by posing as Wall St.’s greatest minds and speaking the lingo of a true finance professional.

Senior level execs have been receiving phony emails with generic investment reports, and even confidential company assets that were previously stolen from their company by the criminals. This adds a whole other layer of deception. Once clicked on, links within the email would then prompt a phony login page. High-level employees then fill in their login credentials, and bam, cyber criminals have got what they came for, access to that employees entire email account, chalk full of sensitive company information.

This light touch approach of spear phishing vs. a heavier approach like deploying malware, makes it difficult for IT security team’s to notice that they have been breached, let alone take action to stop it.


Anomaly detection – “No Phishing Allowed”

no_phishing_pleaseCompanies can track suspicious activities by using a security solution that can track data using geographic location. The best solutions track data based on plausible time-span. For example with Bitglass, each time an employee from your company accesses corporate data from their mobile device, a beacon or ping is sent out. We then use this to to track the level of risk for that particular incident.

 If an employee opens a document in California, and then 10 minutes later, your IT team receives a ping indicating that the same individual has opened a document in New Jersey, the team can then deduce that this may be a potential security risk. Generally anything showing travel faster than 750 mph (commercial jets fly at 550-600 MPH) are flagged as a “suspicious activity.” Once flagged, and alert is then sent automatically to your IT security team, who can then look into the incidents and quickly take action to prevent a breach from occurring, if necessary of course.

This is especially useful when criminals attempt to hide using tools like Tor (The Onion Router), the free software that enables online anonymity. Originally created by the US government in order to protect US intelligence communications, the software is now used by countless cyber criminals attempting to shield their identities and locations from the FBI, NSA and your IT security team. 

Anomaly detection is a key component of data security. It’ll give you visibility into actions taking place with your data, and can help you from falling victim to cyber criminals, spear phishing for your company’s sensitive credentials. It’s also not a bad idea to get employees involved in some formal data security training so they don’t end up getting duped by the next smooth talking Wall St faker.

 Learn more about anomaly detection and the power of cloud access security brokers here.

Chris Hines

Product Marketing Manager @Bitglass



see all