How to Be Prepared for the Oldest Trick in the Book....

Posted by Greg Mancusi-Ungaro

Wed, Jul 27, 2016

 

 

Regardless of their politics, the recent news of the DNC server hack, allegedly by Russian-government-backed hackers, should have security teams pulling their hair out.  Why?  Because the first phase of the attack used one of the oldest tricks in the book -- a phishing email attack, leveraging a copycat domain. 

"For example, the first group, APT 28, often uses the same tactic: registering a domain whose name is similar to that of its target, to trick users into disclosing their passwords when logging into the wrong site. In this case, hackers set up misdepatrment.com — switching two letters — to target users of MIS Department, which manages networks for the Democratic committee."  NY TImes, July 27, 2016

It should be no surprise to learn that almost every devastating cyber breach, from Target to the DNC, starts with the same exploit:

Read More

Topics: Identity Theft, data breach, hackers, Domain Management, Phishing, cybercrime, Spear Phishing, 2016 Elections, MX Records

Enterprises Spend An Average of $3.5M annually to recover from External Internet Attacks. Ouch!

Posted by Greg Mancusi-Ungaro

Mon, Jul 18, 2016

BrandProtect and the Ponemon Institute have teamed up to create a cross-industry study aimed at understanding companies’ ability to analyze and mitigate online incidents and cyber attacks that are beyond the traditional security perimeter. The 505 enterprises and financial institutions surveyed experienced an average of more than one cyber attack each month and spent an average of almost $3.5 million annually to deal with the attacks. The results of this study are being published on Monday July 18th.

Larry Ponemon will lead a free webcast detailing the research and the research results on Thursday July 21st at 1:00 p.m. ET.   Registration for this webcast is now open, but it is filling fast. Click here to register.  Attendees will receive a copy of the complete report. 

Read More

Are 15% of Fortune 100 CEOs Victims of On-Line Masqueraders?

Posted by Greg Mancusi-Ungaro

Fri, Jun 10, 2016

BrandProtect recently trained our threatSMART platform on the social media presence of Fortune 100 CEOs to understand the breadth of one of social engineers' key exploits -- executive masquerades. Executive masquerades are an essential component of one the most damaging classes of modern attacks -- the BEC attack. We focused our investigation on LinkedIn and Twitter profiles and activity. 

We were surprised by what we found...

Fortune 100 CEOs are among the most respected names in business. They are also among the most careful participants in the online world. If this elite group is a target, the potential for masquerading at all levels of a company and in all industries would theoretically be much higher. 

Among the subset of Fortune 100 CEOs who maintain a LinkedIn profile, our review found that more than 15% are represented online by two or more LinkedIn profiles.

We looked on Twitter, too, and there, the numbers are worse. Among the subset of Fortune 100 CEOs who maintain a personal Twitter presence, almost 40% are plagued with duplicate Twitter accounts.

Read More

Topics: twitter, cyber threats, CISO, threatSMART, BEC Attacks, F100, Social Engineering, LinkedIN, Executive Threat

New FFIEC Guidance Highlights Mobile Banking Risks

Posted by Greg Mancusi-Ungaro

Thu, Jun 09, 2016

The FFIEC has just published new examiner guidelines focused on institutional risks arising from mobile banking technologies and practices. Financial Institutions are now likely to face tough questions about their security practices around mobile apps, and mobile banking websites and infrastructure. This new guidance applies to all FDIC institutions, including those with assets less than $1Billion.

From the April FFIEC Guidance on Mobile Banking:
  • The appendix emphasizes an enterprise-wide risk management approach for effectively managing and mitigating the risks associated with mobile financial services.
  • The appendix discusses the technologies used in the mobile delivery channel, elevated risks that may result, and appropriate controls implemented by institutions or third-party providers.
  • The appendix contains a work program to assist examiners in determining the risks posed by an institution’s mobile financial services and assessing the controls that have been implemented to mitigate those risks.

For the first time, the FFIEC is emphasizing that institutions gain visibility to and understanding of ALL mobile apps and mobile banking infrastructure that appear to be related to the institution. Some of these will be legitimate, implemented and authorized by the institution. But others will have been deployed by cyber criminals to attack the institution, the institution's customers, and the institution's partners.To help CISOs and security teams better understand the guidance, and to provide useful strategies for addressing these new security requirements, BrandProtect subject matter expert Dylan Sachs will review the recent guidance in a free one-hour webcast schedule for June 23, 2016 from 1:00 - 2:00 p.m.

Read More

Topics: mobile app monitoring, cyber threats, Chief Security Officer, bankSMART, FFIEC

How Social Engineers Leverage LinkedIn

Posted by Greg Mancusi-Ungaro

Wed, Jun 01, 2016

Read the June Executive Threat Brief

The June Threat Brief from BrandProtect is focused on LinkedIn. How the criminals use it, and how you can reduce your personal and business risks when using it. Download it today!

Read More

Topics: Phishing, Spear Phishing, BEC Attacks, Social Engineering, Executive Threat

BEC Scams Affect Every Industry, Even the NBA. But CISOs are Not Helpless

Posted by Greg Mancusi-Ungaro

Fri, May 20, 2016

This morning the headlines shouted out about another Business
Email Compromise (BEC) attack
. It seems that an employee of the professional basketball team, the Milwaukee Bucks, received a seemingly legitimate email message from a spoofed email address.  The email requested W2 records for the teams players and staff, and the targeted employee fell for the scam and released the information. 

The fallout was immediate and intense. 

“The communication received on this major security breach is unacceptable,” an agent for a Bucks player told The Vertical. “The players need to know the exact measures being taken by the Bucks and the FBI to ensure each and every player’s identity and financial information will not be compromised. There needs to be accountability for such a mistake, details on the steps taken to rectify it and a process put in place to make sure this never happens again.”

Read More

Topics: cybersquatting, Phishing, cybercrime, Spear Phishing, BEC Attacks

APWG - the Anti Phishing Working Group - is coming to Toronto

Posted by Greg Mancusi-Ungaro

Wed, May 18, 2016

In just two week's time, June 1-3, 2016, BrandProtect and Toronto will play host to one of the most influential cross-industry consortiums in the security industry, the Anti Phishing Working Group

With phishing and especially spear phishing/socially-engineered phishing effectively targeting enterprises with devastating ransomware, malware, or BEC attacks, the role of the Anti-Phishing Working Group (APWG)  has never been more important. The latest data on trends, attack specifics, and defensive strategies to fight phishing and social engineered phishing will be shared at the annual gathering of APWG, this year themed: eCrime2016.

BrandProtect is proud to be a key partner and local host for this event.

Read More

Topics: Identity Theft, Phishing, Spear Phishing, MX Records

BrandProtect Announces Major Updates to threatSMART Platform

Posted by Greg Mancusi-Ungaro

Thu, Apr 28, 2016

New Features Enhance Proactive Defenses Against Modern Cyber Exploits, Including Socially Engineered Spear Phishing, Ransomware and other BEC Attacks

TORONTO – April 27, 2016BrandProtect has significantly extended its industry leading threatSMART™ platform for cyber threat monitoring, intelligence, and mitigation with key features designed to speed analysis and enhance proactive defenses against modern cyber exploits, including socially engineered spear phishing, ransomware, and other business email compromise (BEC) attacks. New platform enhancements include MX-Record Monitoring, Advanced Incident Correlation, the BrandProtect ThreatCenter™, and new direct connections of threatSMART data feeds to popular enterprise threat analytics platforms Splunk and HP ArcSight.

“Enterprise-targeted cyberattacks are evolving rapidly. Socially engineered phishing, BEC and other focused, and unfortunately, effective schemes dominate the concerns of enterprise CISOs everywhere,” said Roberto Drassinower, BrandProtect CEO. “Today we announce the latest of our continuous enhancements to our threatSMART platform, again directly addressing the most important pain points that CISOs now face. We are filling the gaps for threat detection, intelligence, and mitigation of cyber threats that arise beyond the traditional security perimeter.”

Read More

Topics: Domain Management, cybersquatting, Phishing, cyber threats, Spear Phishing, CSO, threatSMART, ThreatCenter, MX Records, Splunk, ArcSight

Subscribe to our weekly CyberThreat Digest

Each week, our Cyber Threat Analyst team prepares a digest of the latest cyber threat news and alerts. Subscribe today and begin receiving it on Monday.

  Get the Weekly CyberDigest

 

Subscribe to receive a weekly summary of our latest posts

Posts by Topic

see all