Every business leader knows that cybersecurity tools are imperative to protect business infrastructure.
The last thing anyone wants is to become the next victim of a cyber attack. But even with strong tools in place, many cybersecurity breaches stem from human error. With cyber threats constantly evolving, it can be tough to stay ahead of the latest threats.
Spoofing is one such threat.
This past weekend, Microsoft issued a public alert warning of “active attacks” targeting its SharePoint software. The breach targeted U.S. and international agencies and businesses that rely on the communication and collaboration software for their on-premises servers.
In its announcement, the company said the attacks were the result of network spoofing, which allowed threat actors to bypass authentication controls to sneak into systems.
The company has since issued critical security patches to fix the vulnerabilities that were found in two older versions of software for SharePoint servers (2016 and 219); it is also working on additional patches while investigating the cyberattack.
The attack, which Microsoft said was carried out by Chinese nation-state hackers, could potentially expose sensitive company information found on Teams, Outlook, and OneDrive.
SharePoint in Microsoft 365 cloud-based service was not affected by the cyber incident, according to Microsoft.
While spoofing is not a new tactic, it is an effective tool bad actors use to try to gain access to sensitive information or systems. Although it's been around for decades, it continues to be a tool that is used today.
As an IT services provider, Kelser works with customers who have been victims of spoofing attacks, which is why we are posting this blog article now. We are committed to providing the IT information business leaders like you need to keep your organizations safe from these and other evolving threats.
In this article, we’ll define spoofing, explain what a spoofing attack can look like, and explore the kinds of information these attacks target.
We’ll also provide three simple actions you can take to safeguard your infrastructure to keep your sensitive business, employee, and customer information out of the wrong hands.
Spoofing is a technique that is commonly used as part of a phishing attack that cybercriminals use to steal the identity of a company official or other known user to trick others within an organization into providing valuable information or access.
By impersonating a company executive or other individual known to the targeted individual, threat actors are able to use implicit trust to easily persuade the person to take some action that they believe is legitimate. The target only discovers after the fact that the request came from an imposter.
Threat actors can use spoofing in a variety of phishing attacks, including:
Related Article: Social Engineering Incident Response: Tools To Help Prevent An Attack
As we noted above, cybercriminals can steal the identity of a legitimate user as a workaround to the cybersecurity controls you have in place to gain unauthorized access.
For example, maybe the attacker uses AI voice cloning to pretend to be your organization’s chief financial officer (CFO) to request a wire transfer. You answer the phone, the caller ID shows that the call is coming from the CFO and the voice sounds like that of the CFO, so you don’t question the request. You don't realize until it's too late that the request was bogus.
Related Article: What Is An Adversary-in-the-Middle (AiTM) Phishing Attack?
But, spoofing attacks don’t only target financial information.
Maybe you receive a message from the HR director asking you to verify the personal information of another team member, such as their address or social security number. Since it seems innocent enough, you provide the information and are clueless that you just gave attackers an entry into your systems.
Both spoofing and phishing fall under the umbrella of social engineering attacks and the goal is the same: to manipulate people into giving out sensitive information or allowing access to networks.
By gaining the trust of unsuspecting users, these attacks could cause someone to unknowingly disclose login credentials, bank account information, or other sensitive data.
Once they gain a foothold into your systems, this allows attackers to inject malware into your IT infrastructure, leading to your sensitive data being stolen or compromised in a data breach or a ransomware attack.
Phishing attacks are one of the most common types of social engineering attacks and typically use some kind of "bait" to fool unsuspecting users into providing sensitive information.
They are usually carried out via an email that appears to be from a trustworthy source, but is really sent by a cybercriminal.
Whether trying to get device or account usernames and passwords, social security numbers, financial information, or something else, the goal of a phishing attack is to gain unauthorized access into your network.
What makes spoofing different from phishing is that spoofing is a means to an end. In other words, it’s the tactic cybercriminals often use to carry out their phishing attacks.
By slightly altering email address spellings or domain names, for instance, malicious actors are able to impersonate real people—usually someone the user knows and trusts, such as a company official or vendor.
Related article: How Token Theft Bypasses MFA & How Conditional Access Can Reduce Risk
Threat actors could be after all kinds of information when launching cyberattacks using spoofing.
As we mentioned above, they could target user credentials, company or employee bank or credit card information, PII, your top-secret product designs, or other proprietary business information.
Criminals may want to access your customer list, vendor contacts, internal communications, recorded meetings of your executive team, contract data, or something completely different.
There are a number of ways to keep your organization and its data, devices, and systems safe. Here are three that will have an immediate impact:
Email spam filtering tools:
Antivirus/anti-malware software
Related article: 8 Hidden Cyber Risks That Might Be Lurking Within Your IT Environment
It’s no longer enough to take requests at face value through blind trust. That's why you should consider implementing multiple user authentication and verification controls to restrict access to your network.
While these additional access guardrails may cost more in time and money, the additional expense and few extra seconds to verify requests could mean the difference between keeping your information protected and a far more expensive cyber incident.
According to the US National Cyber Security Alliance, 60 percent of small businesses that suffer a cyberattack go out of business within six months. So, beefing up your security defenses can help keep your business operating safely and securely into the future.
One of the most underused but cost-effective ways to keep employees abreast of cybersecurity threats is through employee cybersecurity awareness training.
When provided regularly, it keeps security issues top of mind and is a convenient way to remind employees of the importance of staying vigilant against existing threats while educating them about the latest tactics being used by threat actors.
Security awareness training also reinforces the policies and procedures that employees should follow if they suspect a cyber incident.
For instance, employees should know that personally identifiable information (PII) including names, telephone numbers, addresses, social security numbers, and dates of birth are privileged information. This information should not be shared without proper verification.
So, employees should be trained on your procedures for verifying requests for such information outside of the original email, text, or voicemail message before taking action.
Related article: How Scattered Spider Social Engineering Attackers Target Helpdesks
After reading this article, you have a complete understanding of spoofing. You know what it is, what it looks like, how it differs from phishing, and the kinds of information that it targets.
You also know three actions you can take to immediately improve your protections against spoofing attacks: invest in security software, implement multi-layered verification procedures, and provide security awareness training for employees.
You may have the IT resources and staff to implement security improvements internally. If not, you may want to consider working with an external IT provider.
If you are considering partnering with an external provider, we encourage you to explore several options to find a provider that is the right fit for your organization.
It may seem odd that we're not trying to convince you to work with Kelser.
We agree that it is a different approach. But here’s the thing: while we offer a comprehensive suite of managed IT services and solutions, we know that managed IT isn't the right option for everyone. We’re okay with that. We’d rather that you do what works best for your company if that’s what’s needed for your business to succeed.
If you are just starting to consider using an external IT provider, read this article to learn Why Are More Small And Medium-Sized Businesses Using Managed IT?
Already exploring external providers? Here are How To Pick The Right MSP: 8 Criteria To Evaluate Managed IT Providers
Prefer to talk to a human? Click the button and one of our IT solutions experts will schedule a call at your convenience to learn about your business, your goals, and your IT challenges to see if we may be a good fit to work together.