Skip to main content
Category

Blog

Energief teams up with Netcure to strengthen their cyber security

By Blog

Energief’s prevention advisers see things from a risk perspective every day. The company did not wait for a wake-up call before boosting its cybersecurity. “I am an early adopter in the IT field, but technology is evolving rapidly and becoming so complex that cybersecurity has become a profession in its own right,” says Energief founder Yves Peeters. He decided to enlist the Netcure experts and followed a cybersecurity improvement programme.

Prevention advisers

Peeters and his staff at Energief don’t need to be convinced of the importance of cybersecurity. “We are prevention advisers; we are concerned with security every minute of every day. We constantly look at things from a risk perspective, we see dangers where others do not. We are always on guard, always alert. It’s in our DNA. I constantly have to restrain myself at home. I can honestly say that there is a real security culture at Energief. But even then, it’s difficult not to fall into cybercriminals’ traps. Mail addresses with one letter changed are easily overlooked. A moment of inattention, that’s all it takes for people with bad intentions. That’s why it’s important to protect your systems for these moments. Technology and culture go hand in hand.”

No incidents yet

“We have not had a cybersecurity incident yet. And we intend to keep it that way. Hence the improvement process we have now embarked on. We’re well aware of the importance of prevention and don’t want to wait for a painful wake-up call before taking action. Many other companies do wait until it’s too late. I sometimes compare cybersecurity with accidents at work. All companies now have prevention policies in place. Yet, it has taken companies too long to realise that, in addition to the obvious physical damage and corresponding financial consequences, a workplace accident can also cause a great deal of damage to your reputation.” Energief contacted cybersecurity expert Netcure.

Netcure’s Marketing Manager Anneleen Lenaerts sees companies still underestimating the impact of a cybersecurity incident. “It actually starts with underestimating the risk. “How stupid can you be?”, they laugh when it happens to a competitor. Or: “We’re just a small fish, cybercriminals aren’t interested in us.” Double wrong, because those cybercriminals throw out lines all the time and they just wait for a fish to bite. No matter where it is, how small or large it is. And make no mistake, when the cybercriminals get your bite, they show no mercy.”

General practitioners and heart specialists

Energief didn’t need a wake-up call, but was primarily looking for technological expertise, according to Peeters. “I am an early adopter when it comes to computers. I like to dive into things, I personally built the IT solutions Energief is currently using. We also share these applications with our clients, so they need to be watertight. I do feel that I am reaching my limits now. My IT knowledge is too restricted. Technology is evolving rapidly, becoming increasingly complex and sophisticated. Cybersecurity has become a profession in its own right.” “Cybersecurity today goes beyond the competence of many IT professionals and many IT teams,” confirms Lenaerts. “I sometimes compare it with a general practitioner and a heart specialist. A general practitioner knows a lot about heart problems and heart disease, he can detect the risks. However, he will refer you to a specialist for further examination, diagnosis and possibly treatment or surgery.”

“Cybersecurity today goes beyond the competence of many IT professionals and many IT teams”

Annelies LenaertsMarketing Manager at Netcure

“We always start with an audit to expose gaps in the IT systems. Once we’ve found them, we can offer a solution to close those gaps in the defensive wall. Every journey begins with prevention; prevention is better than a cure. The second step is detection. A cyber-attack doesn’t usually happen overnight; cybercriminals spend an average of 60 to 200 days preparing for an attack. So you still have time to counter the attack, but you need to have systems in place that will warn you in time if there is a break-in. The third and final step is remediation: repairing the financial loss and damage to your reputation quickly if a breach does occur.”

Making the right choices

The cybersecurity improvement project at Energief has only just started, explains Peeters. “We are still in the analysis phase. However, the analysis has revealed a number of quick wins, which we are already implementing. First, we’re taking care of our basic protection. This first layer is crucial because it blocks out a lot already. Still, cybersecurity is a work in progress. Netcure’s expertise helps us stay up to date with new trends and evolutions. It’s impossible for a small company to keep track all by itself

“The financial support from VLAIO was the decisive factor for us in taking a more thorough look at our cybersecurity once and for all. Netcure’s experts contribute their expertise to deciding how the available budget can be used in the most effective way. We are a young SME, our resources are not endless, so we have to make choices. Netcure helps us to set the right priorities and make the right choices.”

Would you like to find out how sensitive your company is to these practices? Contact us for a free check-up and advice.

I want to know if my business is cyber-sensitive.

Try us: this check-up and the accompanying advice are free of charge. Trust us, we’re crazy about cybersecurity!

Two guardian angels for your domain name

By Blog

Your own domain name mycompany.be is the basis of your online corporate identity: you can easily link your website and email addresses to it, as well as other online services. But the words online, identity and easily in one sentence also attract the interest of cybercriminals. For phishing, requesting ransomware or otherwise abusing this technology. There is no doubt that they will try. That is why you can read how to protect your domain with cybersecurity and what you should do here.

Your own domain name = greater visibility

 

Most companies have their own domain such as mycompany.com or a be/nl/co.uk… or a variant thereof. Occasionally you will see smaller SMEs using an email address with their provider’s domain such as mycompany@telenet.be. However, registering your own domain and turning it into a personalised email address is not that expensive and quite easy to do, so why wouldn’t you do it? It gives your company extra visibility. But the more email addresses and other applications depend on your domain name, the greater the risk of abuse…

Phishing risks: falsified invoices and payment orders

 

For example, the abuse of a fake email address with corresponding domain to send phishing mails is very popular. In that case, cybercriminals use domains that are very similar to yours, such as mycompany.com, my8company.com or mycompany.xxx.com. They mislead your employees, customers and suppliers. If you have your own clear domain name, point it out to your contacts. And also make them aware of the risks they are facing if they do respond to an email similar to yours without checking. An alert recipient can easily see that the sender is not a match for the actual domain name. It gets a lot harder when online criminals effectively use your domain. This is much less immediately visible. The abuse of your real domain name is a successful technique for sending fake invoices or payment orders in your name, for example. These are just some of the types of fraud that cybercriminals can commit if they have access to your domain name.

Cybersecurity to the rescue

 

Fortunately, there is security technology to help you combat such practices. SSL and SPF-DKIM-DMARC are the most accessible and efficient of their kind.

Protecting emails with SPF-DKIM-DMARC

This standard protects against the abuse by cybercriminals of email addresses with your domain name, but also against the sending of spam messages in your name.

 

The four major advantages of this standard are

 

  • Security – Your domain is no longer as attractive for use in phishing attacks which are usually followed by fraud or ransomware..

  • Visibility – All email usage of your domain is visible: all that is legitimate but also everything that could be fraudulent. This way you maintain control.

  • Delivery – Your domain will have a better reputation over time. This ensures the delivery of your emails and they won’t be blocked by firewalls or spam systems (any more). Marketing emails – advertising – are also passed on more easily.

  • Identity – You show up with a unique digital signature in your email header showing clearly you are the right sender.

A paying SSL certificate for your website

 

To prove online that your website is really yours, the use of an SSL certificate is a good thing. This certificate has two purposes:

  • Encrypting the connection between the visitor and your website.

    he data traffic between the two is encrypted and thus unreadable for third parties.

  • Proof of identity.

    Any website address marked with a lock and ‘https‘ is a correct address – not a fake lookalike.

 

Read more about how exactly you can recognise SSL from in this blog: Staying secure online while browsing

 

On websites, we often see free SSL certificates with a limited validity period which have to be renewed every time. This is fine for the first application, namely the secure connection between visitor and website.

 

HOWEVER: you have to be aware that this free certificate is also free for cybercriminals. They too make grateful use of https and SSL. This way they can activate a free certificate on a fake domain that is very similar to yours and the unsuspecting visitor thinks it is OK because the link starts with https://.

 

So, if you want to be sure, always use a paying certificate on your website or online services. Although it is not really expensive and it does appear to be a deterrent for people who want to abuse your good name. A paid certificate is valid for at least 12 months and clearly shows the name of your company. If in doubt, just check.

Would you like to find out how sensitive your company is to these practices? Contact us for a free check-up and advice.

Netcure Domain Check-up

Try us: this check-up and the accompanying advice are free of charge.

Trust us, we’re crazy about cybersecurity!

Staying secure while online browsing

By Blog

Browsing the internet is usually safe. But what if you come across a less secure website? Cybercriminals will be able to access your PC, direct you to their own payment page or otherwise commit fraud. While, with just a little expertise, this can easily be avoided. Cybersecurity provides some easy-to-check safeguards that greatly reduce your risk. Learn how to recognise and visit trustworthy websites without worry.

Step 1 in secure browsing: https:///

Website addresses starting with https:// are generally considered safe.. You can also recognise them by the lock in front of the website URL. With the lock and the ‘s’ in https:// the connection between your PC and the website is encrypted.

With this encryption, third parties – cybercriminals – cannot alter or change the data traffic between your PC and the website. This also ensures that all data actually originates from your own PC or the website server – and not from someone else.

Today, a large proportion of websites already use this technology. Some browsers even warn about websites that do not have this protection with a pop-up.

But the lock and the https:// are not sufficient proof of a secure website. Cybercriminals are also aware of this technique. They even abuse free certificates for their crimes, when they use them to avoid firewalls inspecting the content of their data traffic. These firewalls may be specially configured for this – but that is another story.

Step 2: Checking the security certificate

Website owners who want to secure their website therefore install a certificate that sets up the encryption. Every visitor can easily consult this certificate: click in your browser on the lock icon in front of the URL and a pop-up will appear, which tells you if

  • the certificate is issued for the correct URL
  • it is still valid.

 

This way, you can check that the website you are visiting is the correct one you want to see.

Step 3: Is it an EV or OV certificate?

Certificates come in different types and they’re not all the same. The first distinction is between free and paid certificates.

A free certificate is quickly created and is usually for one particular website. Free also means that someone with bad intentions can quickly generate this type of certificate for a rogue website. For example, most people do not notice the difference between https://www.netcure.be en https://www.nettcure.be

A free certificate lacks the verification of the organisation or the applicant: anyone can request a free certificate for any domain name..

Of course, online criminals can also abuse paid certificates, but the threshold is much higher for doing so on a large scale. The costs for a criminal rise pretty quickly, which is what they are trying to avoid.

That’s why, for paying certificates, there is an OV option (organisation validation). In that case, the identity of the company is checked before awarding the certificate.

One step higher is the EV certificate (Extended Validation). The identity of the company and the applicant are extensively and strictly verified in this case. Web shops and online payment pages typically use these EV certificates.

THEREFORE, if you want to make important transactions online, check the website’s certificate just to be sure.

Would you like more information on which certificate to apply to your own website? Give us a call and we’ll brainstorm together.

Trust us, we’re crazy about cybersecurity!

Contact us

True story: report of a cyber attack on a Belgian SME

By Blog

For many entrepreneurs, cybercrime is something that they don’t see happening to them. Maybe you too, don’t see the point of having an expert optimising your company’s security. It is worth it! We illustrate our tip with the true story of a small SME that not only lost a lot of money due to a cyber-attack, but also suffered severe damage to its reputation with customers and suppliers.

 

Ransom for files: a common demand

Cybercriminals had gotten hold of files from the SME and made it clear what demands the company had to meet to get them back:

“You have only 48 hours for payment, after that decryption cost will be doubled.”

This is usually the first line in an email from cybercriminals after you contact them to get your files released. Sounds ominous? It was. Check out this day-by-day report.

 

Day 1: The damage is done

On a Monday morning, the employees of the SME want to get to work, but nobody manages to log into the IT system.

 

Encrypted files

After a call to the IT partner’s helpdesk, the SME discovers that it’s been the victim of a cyber-attack and that all the files on the server have been encrypted with so-called ransomware. The only readable file is a text document stating that the SME has been hacked and should contact a specific email address if they want the files back.

 

Backup restoration attempt

Initially, the IT partner tries to restore a backup, so that the SME can return to the situation before the attack. The partner estimates that this could easily take a day. This means at least one day without income and three employees technically unemployed for those hours.

By noon, however, it’s becoming clear that a large number of backups are encrypted, making them unusable. The attack appears to have started as early as Friday evening, which also makes the weekend backups worthless. What to do now? After some recriminations – the business manager blames the IT partner for a lack of measures against this type of attack, while the IT partner blames the business manager for not having allocated a budget and for not having taken external security seriously – the IT partner finally turns to Netcure.

 

Contacting the criminals

We advise the SME to file a complaint. We assist the business manager in preparing a file for the police and collect the necessary data. From now on, all further steps are also documented and added to the file.

After a quick analysis, the only solution appears to be to contact the criminals to get the files back. It is important to release as little information as possible that can identify you (the victim). So it is better not to use your trusted email system. General services such as Gmail and Outlook are usually not enough to shield you completely either.

Netcure makes the first contact; the waiting game then begins. The SME has lost a full day and has no access to its history. In other words, it cannot access its invoicing data, accounting, stock lists, warehouse management or email. And there are many more consequences:

the SME must inform all calling customers that the systems are inaccessible and that the team is technically unemployed

the SME cannot process deliveries

it is not possible to deliver to customers either, because no one can see the outstanding orders.

The transport company the SME works with for deliveries has to adjust its planning and charges extra for this.

 

Day 2: Reply from the hackers

After about 15 hours – which leads us to suspect that the criminals are in a different time zone – we get an answer. The cybercriminals ask to send two encrypted files. From these files, they can identify the process by which this attack happened and even possibly determine the location of the target.

 

Day 3: The problems continue

It takes another 20 hours before we receive the text shown above. The ransom is set at USD 10,000.

Three days later, the SME is still unable to help anyone or follow up on outstanding orders. Customers are already becoming less understanding, and some of them are looking for an alternative supplier. Other customers are beginning to wonder whether their data have been revealed to the criminals and whether data has been leaked or stolen. Parties such as the transport company also have little sympathy for the sudden loss of income.

 

Day 4: Ransom negotiations

The costs begin to rise and the business manager is willing to pay a ransom, but does not have the USD 10,000 immediately available. Nobody is willing to step in, and the SME gets nasty questions about its (future) creditworthiness.

In the meantime, we are trying to negotiate the ransom amount down. The criminals are not prepared to do this as they don’t care if a small business in Belgium goes bust.

 

Day 7: Decision time

One week on and the situation is unchanged. Until, after days of negotiation, an agreement is finally reached. We manage to get the ransom amount down significantly, and the SME wants to proceed with payment. It still has to cough up a large sum and has no guarantee that the files will be available again after payment. However, there is no alternative.

 

Day 10: Processing the payment

The payment process takes another three days. On the tenth day, the amount is transferred to the criminals’ Bitcoin account.

 

Day 11: Access, at last

On day 11, the SME finally gets a tool that makes the files available again. All’s well that ends well, right? Unfortunately, no.

The conclusion: enormous damage

The SME really suffered from the cyber-attack.

At least seven working days with complete loss of income, technical unemployment of the workers and a huge backlog of work due to complete inactivity.

Serious damage to the reputation , both with customers and suppliers.

Affected creditworthiness with suppliers and financial institutions.

Breakdown of trust between the SME and its IT partner.

Cost of the ransom.

Costs for consultancy assistance during the negotiation process.

How the SME could have avoided this

This story sounds quite dramatic, and it becomes even more so when you know that it really should not have come to this. In this particular case, the disaster could have been avoided by correctly configuring the firewall and regularly analysing the protection measures. The means to stop a cyber-attack were available, but were simply not applied in the best possible way.

What would a similar scenario mean for your business? Make no mistake: even if you decide to pay immediately, it will always take at least a couple of days before the situation is rectified. Fortunately, a few simple measures can seriously reduce the risk of a cyber-attack. Let an expert assist you to better arm your business against cybercrime.

Trust us, we’re crazy about cybersecurity!

Contact us

Sextortion or a sextortion scam?

By Blog

Rest assured: sexual extortion is usually a bluff

“Your money or the images go online!” That sentence sounds like many internet users’ worst nightmare, and it conceals a very serious crime. Sexual extortion or sextortion is a lucrative method that requires little effort from an extortionist. It comes down to someone claiming to have intimate images of you in their possession. That someone threatens to make them public if you don’t come up with the money. If such images of you even actually exist, it’s best to file a police report. However, you can usually be quite sure that the blackmailer is bluffing. In that case, it is not sextortion, but a sextortion scam. Let’s explain the mechanisms behind it and what to do when you encounter it.

 

What is a sextortion scam?

When you’re the victim of a sextortion scam, you’ll receive a message in which an extortionist claims to have hacked into your computer. As a result of that break-in, he allegedly managed to take pictures or recordings while you were watching pornography online. To convince you completely, the message should include an account name or a password that you use (or have used). If you want to avoid spreading that information, you have to pay money to the scammer. Bitcoins are often requested.

Through several channels

Sextortion scams usually happen via an email from a scammer, but the email is sometimes sent to you using your own email address. An email that seems to come from you: it’s a bit of a shock. No need to panic. It is in fact quite easy to ‘spoof’ an email address. This is a technique where the original sender address is replaced by something else. In addition to sextortion scams via email, they also appear in the form of messages on WordPress sites or blogs nowadays. Despite the simple set-up, fraudsters make hundreds of thousands of euros every year with sextortion scams. Because variants regularly appear, the messages are sometimes difficult to intercept by security systems. They are sent via malware, a so-called botnet. As the name suggests, this is a network of bots that operate independently. An infected computer will be part of a botnet and connect to control servers without the user’s knowledge. According to the information from those servers, it will start sending ‘sextortion scam’ emails. Check Point, a company that makes hardware and software products for IT security, recently conducted an investigation into sextortion scams. They found that infected systems can send up to 30,000 emails per hour. Each campaign has a capacity of 27 million recipients. So it’s not inconceivable that you could receive this kind of email yourself one day.

Don’t panic: the scammer is bluffing

Because the blackmailer mentions your account name and/or password, the danger seems real. Yet, this is just a bluff. Your data usually comes from a list circulating on the internet after a data breach. Also, in the case of posts on your WordPress site or blog, the account data has most likely been obtained via data leakage.

What you need to do…

A good anti-malware system on your computer will prevent you from becoming a sender of ‘sextortion scam’ emails. What if you find a message like that in your inbox and use the password mentioned? Change it immediately and enable multi-step verification on the account. This is possible on almost all online services today. In any case, do not respond to ‘sextortion scam’ emails. It is best to just delete them and/or mark them as spam.

 

Want expert advice? Netcure is crazy about cybersecurity!

We are contacted by cybercrime victims on a weekly basis and follow hacking trends closely. With good security, you can make life difficult for cybercriminals.

Contact us

Catch of the day | your e-mails as entry ticket for hackers

By Blog

Reveal your login details? Never. Everyone knows that a strong password is important to avoid hacking. However, cybercriminals are very cunning these days and can get your password without you even realising it. Once they get hold of your email data, your professional or personal data is up for grabs too. We can tell you how they’ll hack into your mailboxes and what they can get from it.

 

Email hacking: how?

An advertisement via social media, a newsletter in your mailbox, … Hackers excel in drafting and distributing professional-looking communications. If you click on their message, you will be taken to a login screen that has exactly the same look and feel as your trusty mail programme. If you do not check the website link or the design for errors, you may just log in and leave your info behind. Usually, a pop-up with an error message appears and you have to log in a second time. This incident is quickly forgotten. However, by entering your email address and password on a malicious page, you give cybercriminals access to your mailbox and perhaps to other platforms as well.

Email hacking: why?

 

Getting information | Your mailbox is more than a collection of emails. It contains your contacts, business partners, interesting attachments, confidential figures, mobile phone numbers, job titles, etc. Your tone of voice also gives attackers a good head start for future actions. Intruders may follow your email traffic for weeks or months before they take action. Sometimes they even install automatic rules to forward or hide your mails. Identity theft | Popular applications such as Dropbox, Facebook, Instagram, LinkedIn, Office365 or your company intranet, are often accessible with the same login details. Gathering all this information creates an interesting overall profile for hackers. You should avoid using the same password on various platforms to protect yourself against identity theft. Money transfers | Account data can be used to persuade your bank to transfer money. Bank employees are trained to see through these tricks, but without an alert bank teller, your money can disappear to a foreign account in a few clicks. Earning money | Some hackers hope that your data is worth money and sell it via the dark web.

 

Want expert advice? Netcure is crazy about cybersecurity! We come into contact with victims of email hacking on a weekly basis and follow hacking trends closely. With good security, you can make life difficult for cybercriminals.