2017 Trends: Socially Engineered Attacks Will Grow in Scope and Scale

Posted by Greg Mancusi-Ungaro

Thu, Jan 05, 2017

In a world where billions of username/password combinations have been compromised by hackers, it is increasingly difficult to be certain that the sender of an email is the person that they claim to be. Masquerading and fictitious social accounts, copycat domains, online user groups, and rogue websites are becoming more common. These fraudulent online personalities and properties are often the launching pad for socially engineered attacks such as BEC schemes.

BEC attacks grew in sophistication and effectiveness in 2016, compromising businesses in every market -- leading healthcare organizations, an NBA team, financial institutions, the World Anti-Doping Association, to John Podesta and the Democratic National Committee. The cost of these attacks? Tens of millions of dollars, incalculable reputational damage and possibly an election....

Exploits driven by stolen or invented identities are a menace, and BrandProtect analysts believe that trend will continue in 2017. CISOs and Digital Governance teams need to prepare their company, and protect other companies from BEC and socially engineered attacks that are made using their identity or corporate personality.

Read More

Topics: cyber threats, CISO, BEC Attacks, Social Engineering, External Threat, Cyber Attack, Digital Governance

Say it Ain't So! Serena & Venus Williams, Simone Biles, Compromised in Cyber Hack of WADA

Posted by Greg Mancusi-Ungaro

Wed, Sep 14, 2016

 

Vendetta?  Absolutely.

Read More

Topics: data breach, Spear Phishing, BEC Attacks, Social Engineering, External Threat

The Phishing Attack is Only the Beginning...

Posted by Greg Mancusi-Ungaro

Mon, Aug 01, 2016

Read the August Executive Threat Brief

It's a fact that most of the headline-grabbing enterprise breaches -- from Target to the DNC -- began with a simple compromise, a compromise caused by a simple phishing email.   The AugustThreat Brief from BrandProtect is focused on phishing:  

  • How phishers are raising the stakes.
  • How phishers build their emails.
  • How you can avoid being caught.

 Download it today!

Read More

Topics: Phishing, Spear Phishing, BEC Attacks, Social Engineering, Executive Threat

Are 15% of Fortune 100 CEOs Victims of On-Line Masqueraders?

Posted by Greg Mancusi-Ungaro

Fri, Jun 10, 2016

BrandProtect recently trained our threatSMART platform on the social media presence of Fortune 100 CEOs to understand the breadth of one of social engineers' key exploits -- executive masquerades. Executive masquerades are an essential component of one the most damaging classes of modern attacks -- the BEC attack. We focused our investigation on LinkedIn and Twitter profiles and activity. 

We were surprised by what we found...

Fortune 100 CEOs are among the most respected names in business. They are also among the most careful participants in the online world. If this elite group is a target, the potential for masquerading at all levels of a company and in all industries would theoretically be much higher. 

Among the subset of Fortune 100 CEOs who maintain a LinkedIn profile, our review found that more than 15% are represented online by two or more LinkedIn profiles.

We looked on Twitter, too, and there, the numbers are worse. Among the subset of Fortune 100 CEOs who maintain a personal Twitter presence, almost 40% are plagued with duplicate Twitter accounts.

Read More

Topics: twitter, cyber threats, CISO, threatSMART, BEC Attacks, F100, Social Engineering, LinkedIN, Executive Threat

How Social Engineers Leverage LinkedIn

Posted by Greg Mancusi-Ungaro

Wed, Jun 01, 2016

Read the June Executive Threat Brief

The June Threat Brief from BrandProtect is focused on LinkedIn. How the criminals use it, and how you can reduce your personal and business risks when using it. Download it today!

Read More

Topics: Phishing, Spear Phishing, BEC Attacks, Social Engineering, Executive Threat

BEC Scams Affect Every Industry, Even the NBA. But CISOs are Not Helpless

Posted by Greg Mancusi-Ungaro

Fri, May 20, 2016

This morning the headlines shouted out about another Business
Email Compromise (BEC) attack
. It seems that an employee of the professional basketball team, the Milwaukee Bucks, received a seemingly legitimate email message from a spoofed email address.  The email requested W2 records for the teams players and staff, and the targeted employee fell for the scam and released the information. 

The fallout was immediate and intense. 

“The communication received on this major security breach is unacceptable,” an agent for a Bucks player told The Vertical. “The players need to know the exact measures being taken by the Bucks and the FBI to ensure each and every player’s identity and financial information will not be compromised. There needs to be accountability for such a mistake, details on the steps taken to rectify it and a process put in place to make sure this never happens again.”

Read More

Topics: cybersquatting, Phishing, cybercrime, Spear Phishing, BEC Attacks

BrandProtect ThreatCast: Cast Your Nets to Catch Next Generation Phishers

Posted by Greg Mancusi-Ungaro

Tue, Apr 12, 2016

Webcast Replay:

The Latest on Attack Trends, Threat Evolution 
and Defensive Strategies for Top Cyber Threats

At the 2015 Black Hat conference, leading CISOs, asked about their top ten security pain points, ranked sophisticated cyber-attacks, phishing, and spear phishing far ahead of all other cyber risks. Even after 20+ years, phishing and related attacks are still the number one concern. And no industry is immune to phishing, spear phishing, and BEC attacks.

Phish in the wild threaten customers
• Specifically targeted phish attack executives, employees and partners
• Sophisticated spear phish can directly threaten institutional business processes.

In this one hour webcast, targeted specifically to CISOs and Security Operations leaders at financial institutions, insurance companies, health care providers, and other firms that are threatened by phishing, spear phishing and BEC attacks,

Read More

Topics: Phishing, cyber threats, Spear Phishing, CISO, BEC Attacks

Subscribe to our weekly CyberThreat Digest

Each week, our Cyber Threat Analyst team prepares a digest of the latest cyber threat news and alerts. Subscribe today and begin receiving it on Monday.

 Get the Weekly CyberDigest

 

Subscribe to receive a weekly summary of our latest posts

Posts by Topic

see all