This week’s Knowledge Update talks about how DMARC adaptation failures leave companies exposed, the UK seeking a data transfer pact with the EU and a SynCrypt ransomware sneaks past antivirus defences.
Phish Bait: DMARC adoption failures leave companies exposed
More than 90% of Fortune 500 companies have not fully adopted Domain-based Message Authentication, Report
& Conformance (DMARC), leaving customers, business partners, and brand names exposed to phishing and other
attacks that impersonate corporate email domains.
DMARC is a standard technology designed to verify whether an email is from the domain it claims to be from. It creates a whitelist of verified senders and ensures only authenticated emails are delivered; and, when fully implemented, fake messages are deleted before users see them. It can also be used to see how scammers are
misusing corporate information in their attacks.
DMARC is for SMEs as well as large organisations and provides an important prevention measure against phishing attacks. For more information visit: https://dmarc.globalcyberalliance.org/ or contact us at Membership@londondsc.co.uk.
UK seeks data transfer pact with EU
Earlier this month, the government said that it would implement the EU’s overarching General Data Protection Regulation (GDPR) within British law. These regulations allow for bigger fines on firms that flout the rules – and it will also be easier for consumers to control information about them online and in databases controlled by companies.
“We want the secure flow of data to be unhindered in the future as we leave the EU,” said Matt Hancock, Minister for Digital, on the publication of the paper. “So a strong future data relationship between the UK and EU, based on aligned data protection rules, is in our mutual interest.”
Organisations of all sizes will have to comply to the coming of GDPR or be at risk of punitive fines. A support pack and compliance guide can be found here.
SynCrypt ransomware sneaks past antivirus defences
A new ransomware called SynCrypt has been found, SynCrypt uses a unique method of downloading the malicious files which makes it difficult for antivirus programs to detect. “If properly installed the files are encrypted with a
.kk extension and then the ransom note appears giving the victim 48 hours to pay about 0.1 bitcoin.” Further, it says that within this time “there is no way to decrypt the files and the best defence is to ensure all files are properly backed up.”
As strains of Ransomware develop and evolve it is increasingly important for businesses to regularly and securely back up their critical data. Businesses cannot rely on anti-virus alone to protect themselves from Ransomware. A guide to Ransomware can be found here.