BrandProtect has recently observed a spike in activity for one of its customers; a large, NA-based financial institution with global presence. These attacks employ a “wildcard” DNS entry – eg. *.domain.com – and simple scripting to create hundreds of unique URLs, thereby circumventing exact-match antispam rules, and increasing the likelihood of phishing lure delivery.
Wed, Sep 02, 2015
This month the BrandProtect Executive Threat Brief focused on lessons that individuals can learn from Ashley Madison. It is likely that the Ashley Madison breach will be remembered as one of the most notorious and high-profile breaches ever. Why? Because the exposed data was more than just personally embrassing, it was, in many cases, relationship-changing, employment-threatening, and business damaging.
5 Key Take-Aways
1) Ashley Madison is Bad for Your Business
Many companies saw their name dragged through the dirt as scores of corporate email addresses surfaced among the millions of exposed Ashley Madison accounts. Deserved, or undeserved, it is never good when your company is dragged through the dirt. And when key executives and other corporate leaders are caught up in the story, it can be very bad for business.
Fri, Jul 31, 2015
During my morning news scan, I came across some interesting articles surrounding the recent Hell Tor deep web cybercrime forum. And in particular, discussion about the associated text file that contained more than 23,000 records that “appeared” to be a user database populated exclusively by user accounts with dot-gov email from the Office of Personnel Management (OPM). After a close review of the file, experts stated that these records -- made available as a teaser and/or as “proof” that the hackers had compromised the agency -- were not from the OPM, instead they were a list of users stolen from a different government agency — Unicor.gov, also known as Federal Prison Industries.
Wed, May 27, 2015
Just a month ago, I wrote about an emerging critical cyber threat trend -- attacks centered on health care providers and health insurance systems. These schemes are very lucrative for thieves because the loot, electonic health records, contains everything needed -- social security numbers, known addresses, phone numbers, relatives, payment preferences -- to create duplicate identities for individuals. Just add the photo.
Wed, May 27, 2015
I’m just back from a fantastic International Trademark Association (INTA) conference. It is exciting to spend a few days with the foremost practioners in trademark and IP world. One of the most visible organization there was a registrar, Vox Populi Registrar, Inc., who owns the .SUCKS gTLD. Their representatives, clad in bright blue and white, were merrily touring the floor, speaking with vendors and attendees, about how much business sense it made to a brand to purchase the .SUCKS domain. There booth featured a continuous slide show of F500 brands,"using" the .SUCKs domain. ibm.sucks; ford.sucks; starbucks.sucks. yourcompanyhere.sucks. Outside the conference hall, there were more blue-clad representatives, passing out .SUCKs items that were prohibited in the hall. The Vox Populi message was communicated clearly -- It only costs $2500/year to reserve this gTLD.
"Isn't that a small amount to pay to know that no one else uses it with your brand?..."
Topics: risk management, brand abuse, online brand protection, Reputation Management, INTA, trademark, intellectual property, Risk, gTLDs, cyber threats, Chief Security Officer, online risk, unauthorized associations
Tue, Apr 21, 2015
Recently, on Dark Reading, Sara Peters and Ericka Chickowski wrote a great piece that ran about PII-centric attacks and threats in the healthcare market.
As the Health Care marketplace moves online, opportunistic criminals are retraining their attacks to focus on Health Care consumers.
Over the past decade, there has been enormous pressure on the healthcare industry to move health records online. Today, according to studies recently published by the U.S. Department of Health & Human Services, almost 90 percent of all doctors and almost 75 percent of all hospitals have deployed at least a basic electronic health record system. And, these adoption rates have soared over the past five years. Insurance reimbursements have been managed online for years, and healthcare enrollments through employers are increasingly managed through a Web browser. The rollout of the Affordable Care Act, with its online purchase model, further accelerated the migration of healthcare to a predominantly online model.
Fri, Jan 23, 2015
Mobile App-based Threats Can Quickly Derail Your Brand
Mobile Apps are in the news. And they deserve to be. Mobile devices are driving a revolution in computing form factors and transforming digital commerce. Today, businesses aggressively use mobile apps to provide their customers instant connectivity to content, commerce and customer service. From banking and retail to insurance and entertainment, marketing teams are increasingly delivering mobile apps to drive carefully created brand experiences with their customers via these devices that are permanently on … and rarely farther away than a purse or pocket.
Topics: mobile app monitoring
Tue, Dec 16, 2014
- Mobile App Threat Potential Triples
- More than 150K scam and fraudulent activity mentions across Social Media
- 27,000 unique phishing attacks
This is the third year that BrandProtect has investigated this online event.