Home of the REB Top 100 Agents

The new Trojan War

Promoted by EBM (Cyber Liability)
20 August 2018 | 6 minute read
220818 EBM

Promoted by EBM (Cyber Liability).

The weapons in a cybercriminal’s arsenal are not only extensive but lethally effective – not to mention, increasingly sophisticated. Now more than ever, it’s a minefield for real estate businesses to navigate, yet many don’t recognise the enemy.

Ten years ago the only Trojans that anyone was familiar with were an ancient people who made the fatal mistake of trusting their neighbours when they accepted the gift of a horse. Today, a RE business could be besieged by Trojans of a different kind.

Together with ransomware and spyware, Trojans are now part of the cyber criminal’s malware arsenal – and could easily invade a business’ systems and wreak havoc.

Add in denial of service (DoS) attacks, and social engineering, and it’s a battlefield that catches many RE businesses unprepared.

According to Norton’s SMB Cyber Security Survey: Australia 2017, one in four small businesses were cyberattacked in 2017, yet just 12 per cent had cyber insurance cover. The most prevalent form of cyber threat was email or phishing scams, which accounted for 54 per cent of the attacks experienced. Hacking (36 per cent) and ransomware attacks (23 per cent) were also common. And despite 25 per cent of respondents noting an increase in cyber threats felt by their business in the past 12 months, 55 per cent had neither a formal security policy nor mandatory training in place.

Any type of cyberattack – whether it impacts the RE business or impersonates it – can seriously undermine your reputation and discourage customers and suppliers from doing business with you. So it pays for RE businesses to know what kinds of attack they could face.

Chief amongst the threats are malware, attack vectors and denial of service incidents.

Malware
Malicious software which is specifically designed to disrupt, damage, or gain access to a computer system. Examples include:

  • Ransomware
    Hijacking of files/data and locking the owner out of their system, then ransoming access back to the owner (threat may be made to release/publish or delete the data).

  • Spyware/Adware
    Can be installed on a computer without the owner’s knowledge when they open attachments, click links or download infected software. The program then collects information about users, their computers or their browsing habits and sends the data to a remote user.

  • Trojans/Trojan horse
    A program that hides inside a useful program and usually has a malicious function (often disguised as virus removal software). In addition to launching attacks on a system, a Trojan can establish a back door that can be exploited by attackers.

  • Virus
    A piece of malicious code that is loaded onto a computer without the user’s knowledge. It can replicate itself and spread to other computers by attaching itself to another computer file.

  • Worms 
    Self-contained programs that propagate across networks and computers. Commonly spread through email attachments, worms continually look for vulnerabilities and report back any weaknesses that are found to the worm author.

Attack vectors
Attack vectors are used to gain access to a computer or network in order to infect computers with malware or harvest stolen data. The main forms are:

  • Social engineering
    Used to deceive and manipulate individuals in order to gain computer access. This is done by making individuals click malicious links or by physically gaining access to a computer through deception. Examples include:

    • Phishing
      Attempts to trick the email receiver into providing personal or financial information to an unauthorised source, often by disguising as a trusted individual. Relying on human error, the hoax emails try to get the receiver to click on a link in an unsolicited email and release malware into the business network.
    • Whaling and spear phishing
      Target businesses in an attempt to get confidential information for fraudulent purposes. They differ from ordinary phishing scams in that they target businesses using information specific to the business that has been obtained elsewhere. In RE, fraudsters have been found to access agency owners’ email accounts and issue false invoices to colleagues urging immediate payment, with money being directed to fraudulent accounts.
    • Pharming
      An attack that redirects a website’s traffic to a fake website, where users’ information is then compromised.
    • Watering hole attack
      Setting up a fake (or compromised) website that users are known to go to, then using it to infect visiting users.

  • Drive-by
    Targets a user through their internet browser, installing malware on their computer as soon as they visit an infected website.

  • Man in the middle (MITM)
    An attacker alters the communication between two users, impersonating them both to manipulate both victims and gain access to their data.

Denial of Service (DoS)

These attacks attempt to make an online service unavailable by overwhelming it with traffic. A DoS attack typically uses one computer and one internet connection to flood a targeted system or resource. A Distributed Denial of Service (DDoS) attack uses multiple computers and internet connections to flood the targeted resource. DDoS attacks are often global attacks, distributed via botnets.

It’s just as important for the RE business to know how to protect itself from these kinds of attacks.

The battle plan should be three-fold:

  1. Protect
    Install anti-spam, anti-virus, anti-phishing, DNS-based web browsing protection and malware detection. Always install the security updates/patches on all company-owned and BYO devices. Run weekly anti-virus and malware scans. Encrypt all inbound and outbound data. Secure networks including Wi-Fi. Back-up all data.
  2. Educate
    Be aware of what cyber threats exist and how they could impact the business. Train staff to recognise scams like phishing emails. Put a cyber security policy in place.
  3. Mitigate
    Have a plan to respond to any incidents. Cyber Liability insurance can cover a business against the expense (investigation and data recovery costs, extortion costs, fines and penalties, and business interruption costs), reputational and legal costs associated with cyber incidents. At EBM, we understand the RE landscape and the cyber risks facing businesses and can tailor a policy to meet your specific needs.

Our advice about insurance is provided for your general information and does not take into account your individual needs. You should read the Product Disclosure Statement and Policy Wording prior to making a decision, these can be obtained directly from EBM.

Article supplied by EBM. 
Whether it be business or personal, as one of Australia’s leading privately owned and operated insurance brokers EBM has insurance solutions to suit you.  For more information please visit www.ebm.com.au.

You are not authorised to post comments.

Comments will undergo moderation before they get published.

You need to be a member to post comments. Become a member for free today!
Do you have an industry update?