Corporates be on watch for hacking

Tom Muleya-Fraud Insight

Of late, the CID Commercial Crimes Division has experienced an upsurge in cases involving corporates hacking scams, and would want to warn companies to be on high alert. 

Hacking is the term that refers to the crime of unauthorised access to private computers or networks and misuse of it either by shutting it down or tampering with the data stored or other illegal approaches. 

This is one of the many typologies of cyber-crimes. 

In the Zimbabwean context, ‘Hacking’ has been criminalised by the Cyber and Data Protection Act, (Chapter 12:07).

Hacking has many faces, and ranges from simple to complex. Hackers often use a variety of methods from several different personas. 

The following are some of the techniques hackers use to commit scams against corporates:

Password hacking

In this type of attack, hackers use different techniques to obtain passwords such as the brute force attack. This is a trial and error method, which involves hackers trying to guess every possible combination to gain access. Hackers may also use simple algorithms to generate different combinations for letters, numbers, and symbols to help them identify password combinations. Another technique is known as a dictionary attack, which is a programme that inserts common words into password fields to see if one works.

Phishing

When attackers want you to install malware or divulge sensitive information, they often turn to phishing tactics, or pretending to be someone or something else to get you to take action you normally would not.

They rely on human curiosity and impulses and this makes phishing attacks difficult to stop. 

In phishing attack, an attacker may send you an email that appears to be from someone you trust, like your boss or a company you do business with.

The email will seem to have some urgency for instance; fraudulent activity has been detected on your account). In the email, there will be an attachment to open or a link to click. Upon opening the malicious attachment, you will install malware in your computer. If you click the link, it may take you to a legitimate looking website that asks you to log in to access an important file – but the website is actually a trap used to capture credentials when you try to log on.

Distributed Denial-of-Service

A DDoS is where an attacker essentially floods a target server with traffic in an attempt to disrupt, and perhaps even bring down the target. However, unlike traditional denial-of –service attacks, which most sophisticated firewalls can detect and respond to, DDoS attack is able to leverage multiple compromised devices to bombard the target with traffic. Example: In the 2000s, Government agencies and large corporations were increasingly subject to cyber security hacking. 

Prominent victims included Microsoft, eBay, Yahoo!, and Amazon, who all fell victim to DDoS attacks. Famously, the US Department of Defence and the International Space Station both had their systems breached by a 15-year-old boy.

DNS Tunnelling

DNS tunnelling is a sophisticated attack vector that is designed to provide attackers with persistent access to a given target. Since many organisations fail to monitor DNS traffic for malicious activity, attackers are able to insert or tunnel malware into DNS queries (DNS requests sent from client to the server). The malware is used to create persistent communication channel that most firewalls are unable to detect.

Business Email Compromise

A BEC is where the attacker targets specific individuals, usually an employee who has the ability to authorise financial transactions, to trick them into transferring money into an account controlled by the attacker. 

BEC attacks usually involve planning and research to be effective. For an example, any information about the target organisation’s executives, business partners, and potential business partners, will help the attacker convince the employee into handing over the funds. BEC attacks are one of the most financially damaging forms of cyber-attacks.

Participate in the fight against fraud and cyber hacking and create a safe environment and crime free Zimbabwe. Think security. Watch out for the next issue on hacking.

 Tom Muleya is a Detective Assistant Inspector working under the CID Commercial Crimes Division. He is also a member of the National Cyber Security Awareness Taskforce, Zimbabwe. For your feedback, WhatsApp line: 0772 764 043, or e-mail: [email protected]

facebookShare on Facebook
TwitterPost on X
FollowFollow us
PinterestSave

Related Posts

Musavengana challenges African women to take lead in AfCFTA trade
Musavengana challenges African women to take lead in AfCFTA trade

Online Reporter African women have been challenged to assume leadership roles in trade under the African Continental Free Trade Area, with their active participation described as critical to unlocking the…

Continue reading
Zim karatekas at AFCKO tourney
Zim karatekas at AFCKO tourney

Ellina Mhlanga Zimpapers Sports Hub ZIMBABWE So-kyokushin Karate-Do Organisation’s pair of Florry Chandavengerwa and Tsitsi Muranda are holding their heads high as they take part at the African Full Contact…

Continue reading

Leave a Reply

Your email address will not be published. Required fields are marked *

×
×