Cyber security company Fortinet shared cyber attack methods and methods to protect employees from home from cyber attacks, in a press release published today.
As in the four corners of the world because of coronavirus outbreak in Turkey was now home to many company’s business model. Working from home model; It provides protection against coronavirus, but makes the company employees more vulnerable to increased cyber attacks.
Fortinet, an internationally active cyber security company, also released a press release to protect home workers from cyber attacks. In the bulletin published by Fortinet, measures are taken against the attacks that will occur by e-mail, SMS and phone calls.
Social engineering is used instead of system vulnerabilities:
The first point that attracts attention in the guide published by Fortinet is the methods used by cyber criminals. Cyber security company; He states that attackers who want to access sensitive data, systems and networks prefer to manipulate people as a method that requires less effort rather than exploiting system vulnerabilities.
The method of cyber attackers who want to reach their goals with minimum effort is defined by Fortinet as “Cyber attackers who prefer methods that they will encounter the least difficulty can determine the profile of the person they will target by violating the psychology of the unaware targets.
Methods used by cyber attackers:
The guide, published by Fortinet, describes the methods used by cyber attackers. The methods called phishing, social media deception, WaterHolling, phishing with SMS and phishing with voice call are based on manipulating people.
In the e-mail based phishing method, people with a certain authority within the company or all company employees are targeted. In the e-mail sent; the person is asked to click on a link, share information such as payment information or personal information.
In the social media deception, the attackers work with fake profiles that appear to belong to someone the target person knows. In this method, where business-based social media channels such as LinkedIn are used, people are asked to share sensitive information or to install malicious software on a person’s computer.
Internet sites are used in the attack method called WaterHolling. Cyber attackers identify websites visited by people working in a company or a certain group of people. Later, vulnerabilities of these sites are detected by attackers and harmful links are placed in these vulnerabilities. It is aimed for people using the website to click on these links to access malicious software.
In the SMS creation method, the attackers target people with messages that appear to come from an official institution. With the links placed in fake messages, it is aimed to install malicious software on the target phones.
As for the voice phishing method performed by phone calls, the attackers present themselves as the officials of an institution such as a bank. Cyber attackers want people who they are looking for with these methods to share sensitive information such as credit card information.
Precautions to be taken to protect against cyber attacks:
The international cyber security company Fortinet explained the cyber attack methods and listed the measures to be taken against these attacks. The first measure that Fortinet suggests to be taken against cyber attacks is to ignore the e-mails or SMS requesting the sharing of sensitive information. Saying that the incoming e-mail or SMS should be checked, the cyber security company also offers to check whether the e-mail or SMS is coming from an official source.
While it is said that multi-factor authentication systems should be used in accessing sensitive systems and data from home workers, it is stated by Fortinet that mobile devices, computers and internet browsers should be protected with current systems. The company states that similar or identical passwords should not be used for different memberships, and different and mixed passwords will provide increased protection.