Last month McAfee’s Advanced Threat Research team reported that Turkish financial institutes were hit with a cyber attack. These type of attacks are becoming more common, but what can we learn from this and other attacks to prevent our businesses from becoming a victim?

Phishing

The attack started, like most, with a spear-phishing email containing malware. These emails contained industry relevant and intriguing information on cryptocurrency to lure their chosen targets. While difficult to detect automatically, you have an improved chance of detecting phishing emails if you include cyber security and phishing prevention as part of a regular staff training session.

Patch Management

The phishing emails included a Microsoft Word document containing an exploit (CVE-2018-4878) for Adobe Flash Player vulnerability. Many businesses are running unpatched, insecure systems. It’s obvious but make sure your desktops are always up to date, and where possible removed old and unnecessary software from devices. As part of your regular cyber security training make sure you’re educating your employees on what to do if they suspect that they have been compromised.