As part of the BrandProtect 2016 Elections Project, we’ve been looking at The Donald’s use of Twitter.
Or, more accurately, we’ve been looking at how others have been using Donald Trump's identity to promote their twitter activity. There are lots of them.....
Over the past weeks there has been a lot of reporting, including these great pieces by Steve Ragan at CSOonline.com and Mathew J. Schwartz at BankInfoSecurity.com about a December 20, 2015 discovery that a database containing 191 Million voter records had been exposed online. As part of the BrandProtect 2016 Elections Project, we dug into the situation, and what it means to you.
Because of the nature of the exposure – effectively a database containing the records was left unlocked and unprotected – there is no way to know who might has downloaded the information.
Make no mistake, this is a big number. And it is an important number. Consider this: the US Census Bureau estimated that there were approximately142 Million registered voters in 2014. This means that the recent exposure of 191 million voting records is not just a large data breach. It’s a national issue -- effectively every registered voter in America has had their PII exposed... Wow...
Social Media Monitoring,
That sound you hear is a bunch of the staffers at jeb2016.com (the official Jeb Bush website) trying to make it seem like they are on top of their web presence. Or is that the Trump team, laughing? We can't be sure.
The Washington Post reported yesterday that people who type "jebbush.com" into a browser found themselves redirected to Donald Trump's official site, donaldjtrump.com. You read that right -- one of the leading candidates for the Republican nomination for President of the United States has found himself on the wrong side of one of the most basic domain abuse issues. Someone else has registered a similar domain and is using it to confuse the public. Try it: jebbush.com (It's fun!)
Download the InfoGraphic
Yes, it's funny for a moment. But in reality it is very scary. In fact, it is potentially devastating.
The massive breach at Anthem earlier this year originated from spear phishing emails that were sent from domains that impersonated Anthem. The employees who recieved the emails did not notice that the emails originated from a rogue address. They unwittingly opened attachments or clicked on links that gave the attackers inside access to Anthem networks.
When others appropriate your web presence by registering or appropriating a similar or easily mistaken domain, they put themselves in a position to confuse your message, siphon revenues or worse.
How big a problem can it be?...
Viewpost® Selects BrandProtect™ to Secure Complex Attack Surface
Payments Marketplace Provider Required a Solution With Round-the-Clock Threat Monitoring and Mitigation to Protect Its Customer Information From Beyond the Perimeter Attacks
mobile app monitoring,
Social Media Monitoring,
BrandProtect has recently observed a spike in activity for one of its customers; a large, NA-based financial institution with global presence. These attacks employ a “wildcard” DNS entry – eg. *.domain.com – and simple scripting to create hundreds of unique URLs, thereby circumventing exact-match antispam rules, and increasing the likelihood of phishing lure delivery.
This month the BrandProtect Executive Threat Brief focused on lessons that individuals can learn from Ashley Madison. It is likely that the Ashley Madison breach will be remembered as one of the most notorious and high-profile breaches ever. Why? Because the exposed data was more than just personally embrassing, it was, in many cases, relationship-changing, employment-threatening, and business damaging.
5 Key Take-Aways
1) Ashley Madison is Bad for Your Business
Many companies saw their name dragged through the dirt as scores of corporate email addresses surfaced among the millions of exposed Ashley Madison accounts. Deserved, or undeserved, it is never good when your company is dragged through the dirt. And when key executives and other corporate leaders are caught up in the story, it can be very bad for business.
During my morning news scan, I came across some interesting articles surrounding the recent Hell Tor deep web cybercrime forum. And in particular, discussion about the associated text file that contained more than 23,000 records that “appeared” to be a user database populated exclusively by user accounts with dot-gov email from the Office of Personnel Management (OPM). After a close review of the file, experts stated that these records -- made available as a teaser and/or as “proof” that the hackers had compromised the agency -- were not from the OPM, instead they were a list of users stolen from a different government agency — Unicor.gov, also known as Federal Prison Industries.
Just a month ago, I wrote about an emerging critical cyber threat trend -- attacks centered on health care providers and health insurance systems. These schemes are very lucrative for thieves because the loot, electonic health records, contains everything needed -- social security numbers, known addresses, phone numbers, relatives, payment preferences -- to create duplicate identities for individuals. Just add the photo.