What is data poisoning, and how to stop it

Sounds vicious doesn’t it! But as we’ve been exploring, nothing is off limits to hackers. Here we focus on data poisoning and manipulation, and how to guard against it.

Gen AI that power AI tools, chatbots, search queries, and more, are known as large language models (LLMs). These LLMs are trained on vast volumes of data and then use that data to create more data, following the rules and patterns they’ve learned. Good quality data leads to good outcomes. Bad data to bad outcomes. It didn’t take cyberattackers long to figure out how to turn that to their advantage.

There are two broad categories of data attack: data poisoning and data manipulation. They are very different, but both undermine the reliability, accuracy, and integrity of trusted — and increasingly essential — systems.

This article from Barracuda gives you all you need to keep your critical systems safe.

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.

Remember AOHell? How hackers are using AI for phishing

Phishing attacks are one of the most successful and damaging types of threat activity, and they have been that way for a long time.

The first attack recognised as phishing was launched in 1995 using a Windows application called AOHell that targeted users of the America Online (AOL) service. It exploited vulnerabilities in AOL’s software to steal passwords and credit card numbers, send mass phishing emails, and creating fake accounts. Since then, nothing has been off limits to hackers.

So it’s only natural that now AI tools are here, hackers are able to exploit them for phishing and other malicious activity. This article from Barracuda looks into how phishing attacks have evolved over time, and how to combat them affecting your business through GenAI.

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.

 

Closing vulnerabilities in your apps

Web apps allow users to work faster and more flexibly. They also contain vulnerabilities hackers can – and do – exploit.

To give you some context, in 2023, web applications were the main means of breach hackers used. They featuring in 80% of incidents and 60% of breaches.

Why web applications are a top target for attack

First, many web applications carry vulnerabilities or configuration errors. Second, many contain extremely valuable information, such as personal and financial data. A successful breach will give attackers direct access to that data. Barracuda research shows that 40% of IT professionals who’ve been involved in ethical hacking believe web application attacks are among the most lucrative for cyber-attackers, and 55% say the same for APIs.

How to close vulnerabilities

This e-book takes an in-depth look at three critical attack vectors — API vulnerabilities, bot attacks, and client-side attacks — as well as how organisations can fill the gaps in their application security and protect against these evolving threats.

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.

The role of AI in email security

Email remains the most common initial attack route for cyber criminals. And with employees making more use of AI tools, the problem is about to get worse for IT teams.

Infiltrating an organisation via an email-based attack can happen at any level — phishing is not only targeted at senior directors. Once attackers have got an individual’s credentials then they can gain access. Once inside the network with one set of credentials, attackers can more easily move laterally and gain more permissions and fuller access. Even access to an employee’s mobile can be escalated into wider network access.

Early email fraud messages were often badly written and frankly unbelievable. Criminals relied on a ‘spray and pray’ approach – sending out thousands of messages in the hope that a few would stick. Traditional gateway defences are quite adept at dealing with these high-volume attacks. Barracuda’s own data shows that 16% of all email traffic is this sort of high-volume attack such as spam, malware, and other emails with a malicious payload. You still need gateway defences to stop these attacks as they remain a real danger.

This eBook from Barracuda outlines why traditional security gateways can’t cope, and how AI can keep you safe from phishing attacks.

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.

Quishing 101: Everything you need to know about QR code email attacks

You may have seen our recent webinar about Quishing and the threat it represents. If you missed it, or want to know even more, this article lays it all out!

Quick Response (QR) codes are two-dimensional barcode that allow users to share website URLs and contact information or make payments. While QR codes have made our daily lives easier, they have also opened new avenues for cybercriminals to exploit. Also known as quishing, QR code phishing attacks are on the rise and present a significant threat to users and organisations alike.

▶ Get the Quishing 101 from Barracuda.

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.

5 shortcomings of VPN

Are your users using VPNs to access documents, files, and applications remotely?

Unfortunately, legacy VPN products are falling short of performance and security standards. The result? Employees have been known to proactively install commercial VPNs that are not provided or sanctioned by their companies, to protect their devices and data.

Unfortunately, these well-intentioned efforts can pose an even greater security risk for their company than doing nothing at all. While the use of VPNs has increased drastically in recent decades, the challenges far outweigh the benefits, especially for organisations that use such services on a daily basis.

Recent research from our partners Barracuda has shown that VPNs compromise security through exposure of sensitive data, place limitations on data storage capabilities for free users, consume a device’s processing power (which can ultimately allow service providers to sell bandwidth for profit), and reduce internet speeds overtime.

▶ Read this article from Barracuda to find out the 5 shortcomings of VPN.

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.

The MGM cyber attack and your business

The MGM network was recently hit through a social engineering-style cyber attack. After gaining entry, the threat actor escalated their privileges to achieve administrator privileges in OKTA and even global administrator privileges to MGM’s Azure tenant, collecting and dumping passwords along the way.

In response to the breach, MGM unsuccessfully attempted to shut down network access to sensitive devices. After electing to not pay the ransom, the hackers launched BlackCat ransomware to cause widespread destruction and disruption.

▶ Read this article from Barracuda to find out the recommendations for your business to solve increasingly creative and aggressive ransomware attacks.

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.

Malicious HTML attachments doubles – are you prepared?

The security industry has been highlighting the cybercriminal misuse of HTML for years — and evidence suggests it remains a successful and popular attack tool.

Last year Barracuda reported that around one-in-five (21%) of all HTML attachments scanned in May 2022 were malicious. A year on, that figure has more than doubled – 45.7% of scanned HTML files were found to be malicious a year later.

▶ Read this article from Barracuda to find out the top HTML threats, and prepare your business accordingly.

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.

Could a 15 year old hack your systems?

Attackers are quick to exploit new opportunities for attack. The reporting of the Log4J bug in December 2021, for example, is believed to have led to a 150% increase in exploit activity the following year.

However, attackers rely extensively on long established approaches and home in on weaknesses that have often also been around for years.

▶ Read this article from Barracuda to find out the top malicious tactics, and separate the threats from the noise.

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.

 

13 email threat types you should be aware of

Email security is a sweeping term, but what’s under the bonnet, and how do you protect your business from all the top email threats, including the sophisticated ones designed to slip through your secure gateway?

This eBook provides an in-depth look at today’s wide range of evolving email threats, including their risks and impacts on businesses, and how machine learning and API-based inbox defence can address the gaps in the email gateway and help provide total email protection against attacks.

  • Defend against sophisticated email threats that are able to bypass defences and wreak havoc using backdoor techniques, including spoofing, social engineering, and fraud.
  • Protect employees at the inbox level using the right combination of technology solutions and security-awareness training.
  • Use a multi-layered protection strategy to radically reduce susceptibility to email attacks and help better defend your business, data, and people.

See all the latest threats, data, analysis, and solutions for yourself (instant download, no form required). 

Want to learn more?

Complete IT Systems have a team of Barracuda specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.

To get in touch or request a demo please contact us.