Greg Mancusi-Ungaro

Greg Mancusi-Ungaro is the BrandProtect CMO

Recent Posts

2017 Trends: Ransomware, Malware, and Phishing -- Not Going Away Any Time Soon....

Posted by Greg Mancusi-Ungaro

Wed, Jan 18, 2017

More than 200,000 new malware samples were found every day in the first half of 2016 according to the APWG’s (Anti-Phishing Working Group) crime ware statistics.  While down slightly compared to 2015, it doesn’t necessarily signal the end of the ransomware/malware/phishing epidemic that has impacted businesses and the public for many years.

In fact, the opposite may be true, at least in highly targeted industries. Analysis of cyberattacks by BrandProtect, reveals that Q3 phishing attacks against banks, insurers, and other financial services enterprises rose 30 percent during Q3 2016 year/year.  More significantly, the BrandProtect analysis reveals that while the majority of phishing attacks remains simple in design and execution, the percentage of sophisticated phishing exploits – attacks that automate subjugation of website infrastructure and deploy multiple phishing URLs – has increased dramatically. These sophisticated attacks generate the majority of phishing URLs that must be taken down. 

“There is no doubt that sophisticated phishing attacks are becoming the norm,” said Dylan Sachs, Director of Anti-Phishing Services and Incident Response at BrandProtect. “Instead of launching attacks from a single URL, a sophisticated phishing attack will generate and launch attacks from ten, twenty, one hundred, or even more URLs. To put this in perspective, during the third quarter of 2016, just ten percent of the phishing attacks that we detected targeting our clients generated approximately slightly more than fifty percent of the URLs that needed to be taken down.”

Read More

Topics: Malware, Phishing, CISO, ransomware, Digital Governance

2017 Trends: Socially Engineered Attacks Will Grow in Scope and Scale

Posted by Greg Mancusi-Ungaro

Thu, Jan 05, 2017

In a world where billions of username/password combinations have been compromised by hackers, it is increasingly difficult to be certain that the sender of an email is the person that they claim to be. Masquerading and fictitious social accounts, copycat domains, online user groups, and rogue websites are becoming more common. These fraudulent online personalities and properties are often the launching pad for socially engineered attacks such as BEC schemes.

BEC attacks grew in sophistication and effectiveness in 2016, compromising businesses in every market -- leading healthcare organizations, an NBA team, financial institutions, the World Anti-Doping Association, to John Podesta and the Democratic National Committee. The cost of these attacks? Tens of millions of dollars, incalculable reputational damage and possibly an election....

Exploits driven by stolen or invented identities are a menace, and BrandProtect analysts believe that trend will continue in 2017. CISOs and Digital Governance teams need to prepare their company, and protect other companies from BEC and socially engineered attacks that are made using their identity or corporate personality.

Read More

Topics: cyber threats, CISO, BEC Attacks, Social Engineering, External Threat, Cyber Attack, Digital Governance

Threat Brief: Fake News -- A Threat to You and Your Family

Posted by Greg Mancusi-Ungaro

Mon, Jan 02, 2017

 

One of the biggest cyber stories of 2016 was Fake News. There is no doubt that it impacted the 2016 presidential and congressional elections. But did you know that fake news directly threatens business, and worse, you and your family?

This month's BrandProtect Executive Threat Brief takes a long look at fake news -- how it is created, how it is distributed, the threats it can contain, how it impacts you, and how you can improve your defensive posture against it.

Most important, the January Brief provides you and your family with clear guidance on how to better assess the trustworthiness of an online news item. If you can spot the fake, you can eliminate the risk. Read the brief, so that you can have more confidence in your online actions. 

BrandProtect Executive Threat Briefs are designed to minimize your exposures by educating you and your team about simple steps you can take to protect your personal information online. Remember, the easiest threat to stop is the one that you are not exposed to. 

Read More

Topics: Phishing, cybercrime, social media, cyber threats, mobile malware, Spear Phishing, Social Engineering, ThreatBrief

December Threat Brief: Avoid a Bleak Midwinter! Stay Safe Through the End of 2016 (and in 2017!)

Posted by Greg Mancusi-Ungaro

Thu, Dec 01, 2016

 

There is no doubt that 2016 has been an epic cyber year. Fraudsters have become more sophisticated, and exploits have become more numerous, and more brazen.
But it isn't over yet.

Stay on track through the new year!
Don't slip off the road.

The December Executive Threat Brief provides you with ten actionable cyber tips that will help keep you and your family safe from on-line dangers in the remaining weeks of the year.

Put them into practice now, and keep them going in 2017. 

The December Threat Brief covers a lot of ground, but each of the tips is easy to implement. It's likely that you are already taking some of these precautions. But possibly not all of them. Take action to stay safe. 

BrandProtect Executive Threat Briefs are designed to minimize your exposures by educating you and your team about simple steps you can take to protect your personal information online. Remember, the easiest threat to stop is the one that you are not exposed to. 


Read More

Topics: Phishing, cybercrime, social media, cyber threats, mobile malware, Spear Phishing, Social Engineering, ThreatBrief

It's not Fake News...It's a Content-based Cyber Attack.

Posted by Greg Mancusi-Ungaro

Wed, Nov 23, 2016

 

Facebook and Twitter have been talking a lot about fake news recently.
And so have a lot of other people. Depending upon who you read, and who you believe, fake news played a major role in the recent presidential election. But fake news isn't limited to politics. Fake news, and its relatives, are some of the most vexing types of external cyber attacks facing corporations, institutions and enterprises. 

“Fake news” can originate practically anywhere on the Internet -- through tweets, posts, blogs, wikis, discussion forums, chats, podcasts, digital images, video, audio files, advertisements and more.  There are even official "citizen journalist" sides like CNN's iReport or reddit, where end-users can directly publish their views, or their content, without fact-checking, editing, or any other kind of content-curation. 

This un-proctored, un-curated, un-fact-checked content creates a nightmare for enterprises.  These are content-based cyber attacks that don’t touch company infrastructure at all. They exist completely outside the firewall, beyond the traditional perimeter. But even without touching the targeted company directly these attacks can have huge impacts on a company’s revenues, operations, and reputations....

Read More

Topics: Social Media Monitoring, cyber threats, External Threat, Content-based Cyber Attack, Cyber Attack

Massive Mobile App Fraud Kicks Off Black Friday Cyber Exploits

Posted by Greg Mancusi-Ungaro

Mon, Nov 07, 2016

Just as the cyber-election manipulators are finishing their work, the "for-profit" population of on-line fraudsters are coming online -- launching their efforts to bilk the public between now and November 25, Black Friday, the peak of heaviest online shopping day of the year.

Mobile app fraud is dominating the first wave of this year's Black Friday cyber attacks. First reported in the New York Post, and further reported in the New York Times, a slew of imitation and copycat mobile apps have appeared online in the last few weeks - parodying trusted brands such as Dollar Tree and Foot Locker, iconic stores like Dillard’s and Nordstrom, online retailers like Zappos.com and Polyvore, and luxury-goods purveyors Jimmy Choo, Christian Dior and Salvatore Ferragamo.

What makes this wave of fraudulent applications different is the targeted platform: Apple's iOS.

Historically, the bulk of fraudulent mobile apps detected and analyzed by BrandProtect and other vendors have appeared on various android platforms and have been distributed via third party and offshore app stores.  Not so with these rogue apps -- these have been discovered on the official Apple App Store.

Read More

Topics: black friday, mobile app monitoring, cyber monday, mobile malware, CISO, External Threat

Cyber Mayhem in the 2016 Election?  You Betcha!

Posted by Greg Mancusi-Ungaro

Wed, Nov 02, 2016

Download the FREE BrandProtect eBOOK

CYBER SECURITY IMPLICATIONS OF ELECTION 2016

A Practical Guide for Business Leaders (or Politicians) to Protect
Themselves from Cyberattacks and Misinformation

The 2016 campaign has not only dramatically shifted perceptions
of politics and society, but also revealed the immediate and future challenges that face cybersecurity and digital governance professionals.  

In this eBOOK from BrandProtect, Greg Mancusi-Ungaro and Dylan Sachs chronicle some the spectacular cyber exploits that highlighted the elections, and how they serve as a object lessons for CISOs and Digital Governance professionals everywhere.  

Read More

Topics: 2016 Elections

November Threat Brief: Risk Ahead!

Posted by Greg Mancusi-Ungaro

Tue, Nov 01, 2016

 

From Elections Exploits to Bogus Black Friday Promotions, November is a holiday season for Cyber Criminals!

This month's BrandProtect Executive Threat Brief focuses in on the many traps that cyber criminials will set for you during this crazy time. Some will spring from the upcoming elections, others will be retail-shopping related, but all will be dangerous! 

Download this month's threat brief and learn more!

Read More

Topics: black friday, cyber monday, 2016 Elections, ThreatBrief

Subscribe to our weekly CyberThreat Digest

Each week, our Cyber Threat Analyst team prepares a digest of the latest cyber threat news and alerts. Subscribe today and begin receiving it on Monday.

 Get the Weekly CyberDigest

 

Subscribe to receive a weekly summary of our latest posts

Posts by Topic

see all