The Indian Computer Emergency Response Team recently warned citizens about a new email extortion campaign scaring email recipients into thinking they’ve been hacked and their personal information withheld unless payment is made through bitcoin.
In view of this, please find below a comment from Adam Palmer, Chief Security Strategist at Tenable
“Phishing emails that are intended to scare email recipients into believing that a bad actor holds personal information about them are one of the oldest “tricks in the book”. However, these types of attacks still have the potential to threaten a corporate environment if a bad actor attempts to extort data about an organisation from an employee or infect a network with malicious links in the phishing message. The good news is that typically, the malware delivered by phishing messages will try to exploit well-known common vulnerabilities. Criminals like easy ‘low hanging fruit.’
“The best way for an organisation to defend against this type of attack, in addition to user awareness, is to practice good cyber hygiene – such as by identifying critical risks and patching systems with common vulnerabilities favoured by criminals, blocking malicious sites and IP addresses, enforcing multi-factor authentication, and using encryption for sensitive data. These recommendations make it far harder for criminals to be successful.” – Adam Palmer, Chief Security Strategist at Tenable.