Threat Brief: Secure messaging -- Keeping your private messages private

Posted by Peter Dylan

Wed, Mar 01, 2017

 

Recently there has been news of White House staff using the messaging app Confide to carry out day-to-day communications, in order to mitigate the possibility of information leaks.  Confide is part of the world of Secure Messaging apps, which employ a combination of encryption and other functions to prevent unauthorized access to the messages they send.

Data leaks are becoming all-too-common news events. As a result, the threat of our own information being part of a nationally-publicised breach is a growing concern. Many of us are suspecting (and rightfully so) our most-used messaging apps, such as email, as being inherently insecure, which is leading to the pursuit of alternative platforms that will hold our private matters to a higher standard of security.

This month's BrandProtect Executive Threat Brief looks at secure messaging – what makes it secure, and what you should look for in choosing a messaging platform that will stand against even the most sophisticated of prying-eyes.

BrandProtect Executive Threat Briefs are designed to minimize your exposures by educating you and your team about simple steps you can take to protect your personal information online.


Read More

Topics: Phishing, cybercrime, social media, cyber threats, mobile malware, Spear Phishing, Social Engineering, ThreatBrief

2017 Trends: Socially Engineered Attacks Will Grow in Scope and Scale

Posted by Greg Mancusi-Ungaro

Thu, Jan 05, 2017

In a world where billions of username/password combinations have been compromised by hackers, it is increasingly difficult to be certain that the sender of an email is the person that they claim to be. Masquerading and fictitious social accounts, copycat domains, online user groups, and rogue websites are becoming more common. These fraudulent online personalities and properties are often the launching pad for socially engineered attacks such as BEC schemes.

BEC attacks grew in sophistication and effectiveness in 2016, compromising businesses in every market -- leading healthcare organizations, an NBA team, financial institutions, the World Anti-Doping Association, to John Podesta and the Democratic National Committee. The cost of these attacks? Tens of millions of dollars, incalculable reputational damage and possibly an election....

Exploits driven by stolen or invented identities are a menace, and BrandProtect analysts believe that trend will continue in 2017. CISOs and Digital Governance teams need to prepare their company, and protect other companies from BEC and socially engineered attacks that are made using their identity or corporate personality.

Read More

Topics: cyber threats, CISO, BEC Attacks, Social Engineering, External Threat, Cyber Attack, Digital Governance

Threat Brief: Fake News -- A Threat to You and Your Family

Posted by Greg Mancusi-Ungaro

Mon, Jan 02, 2017

 

One of the biggest cyber stories of 2016 was Fake News. There is no doubt that it impacted the 2016 presidential and congressional elections. But did you know that fake news directly threatens business, and worse, you and your family?

This month's BrandProtect Executive Threat Brief takes a long look at fake news -- how it is created, how it is distributed, the threats it can contain, how it impacts you, and how you can improve your defensive posture against it.

Most important, the January Brief provides you and your family with clear guidance on how to better assess the trustworthiness of an online news item. If you can spot the fake, you can eliminate the risk. Read the brief, so that you can have more confidence in your online actions. 

BrandProtect Executive Threat Briefs are designed to minimize your exposures by educating you and your team about simple steps you can take to protect your personal information online. Remember, the easiest threat to stop is the one that you are not exposed to. 

Read More

Topics: Phishing, cybercrime, social media, cyber threats, mobile malware, Spear Phishing, Social Engineering, ThreatBrief

December Threat Brief: Avoid a Bleak Midwinter! Stay Safe Through the End of 2016 (and in 2017!)

Posted by Greg Mancusi-Ungaro

Thu, Dec 01, 2016

 

There is no doubt that 2016 has been an epic cyber year. Fraudsters have become more sophisticated, and exploits have become more numerous, and more brazen.
But it isn't over yet.

Stay on track through the new year!
Don't slip off the road.

The December Executive Threat Brief provides you with ten actionable cyber tips that will help keep you and your family safe from on-line dangers in the remaining weeks of the year.

Put them into practice now, and keep them going in 2017. 

The December Threat Brief covers a lot of ground, but each of the tips is easy to implement. It's likely that you are already taking some of these precautions. But possibly not all of them. Take action to stay safe. 

BrandProtect Executive Threat Briefs are designed to minimize your exposures by educating you and your team about simple steps you can take to protect your personal information online. Remember, the easiest threat to stop is the one that you are not exposed to. 


Read More

Topics: Phishing, cybercrime, social media, cyber threats, mobile malware, Spear Phishing, Social Engineering, ThreatBrief

It's not Fake News...It's a Content-based Cyber Attack.

Posted by Greg Mancusi-Ungaro

Wed, Nov 23, 2016

 

Facebook and Twitter have been talking a lot about fake news recently.
And so have a lot of other people. Depending upon who you read, and who you believe, fake news played a major role in the recent presidential election. But fake news isn't limited to politics. Fake news, and its relatives, are some of the most vexing types of external cyber attacks facing corporations, institutions and enterprises. 

“Fake news” can originate practically anywhere on the Internet -- through tweets, posts, blogs, wikis, discussion forums, chats, podcasts, digital images, video, audio files, advertisements and more.  There are even official "citizen journalist" sides like CNN's iReport or reddit, where end-users can directly publish their views, or their content, without fact-checking, editing, or any other kind of content-curation. 

This un-proctored, un-curated, un-fact-checked content creates a nightmare for enterprises.  These are content-based cyber attacks that don’t touch company infrastructure at all. They exist completely outside the firewall, beyond the traditional perimeter. But even without touching the targeted company directly these attacks can have huge impacts on a company’s revenues, operations, and reputations....

Read More

Topics: Social Media Monitoring, cyber threats, External Threat, Content-based Cyber Attack, Cyber Attack

The IoT Attack is Fascinating. It Puts Even More Emphasis on External Threats.

Posted by Greg Mancusi-Ungaro

Tue, Oct 25, 2016

Last Friday, cyber security experts were on the edge off their seats, mouths agape, as they monitored the progress (and effectiveness!) of the DDoS attack on Internet infrastructure provider DYN.  Last week’s attack differed from past attacks because the attacks were launched not from traditional devices, but from 10s of millions of discrete devices. Here’s what DYN said about the attack in their official statement of 10/21/2016:

At this point we know this was a sophisticated, highly distributed attack involving 10s of millions of IP addresses. We are conducting a thorough root cause and forensic analysis, and will report what we know in a responsible fashion. The nature and source of the attack is under investigation, but it was a sophisticated attack across multiple attack vectors and internet locations. We can confirm, with the help of analysis from Flashpoint and Akamai, that one source of the traffic for the attacks were devices infected by the Mirai botnet. We observed 10s of millions of discrete IP addresses associated with the Mirai botnet that were part of the attack.

Today, 48+hours removed from the original attack, we know a lot more... 

Read More

Topics: Social Media Monitoring, cyber threats, External Threat, IoT

Make Online Safety a Family Priority

Posted by Greg Mancusi-Ungaro

Thu, Sep 01, 2016


Summer is over, school is back in session, and social activity is amping up everywhere. The increase of online activity, driven by school and family activity, raises the odds that you and your family will be exposed to cyber criminals.

Read More

Topics: Phishing, online identity, cyber threats, mobile malware, online risk, ThreatBrief, Masquerades

Intelligence, Or Action?
What Do CISOs Really Need?

Posted by Greg Mancusi-Ungaro

Mon, Aug 22, 2016

 

Cyber threat intelligence (CTI) is all the rage.

Every day, it seems, there is another vendor offering a new fire hose of intelligence data, trying to meet the almost insatiable demand for data of CISOs and Security Operations Centers  These feeds promise ever-increasing quantities of all kinds of cyber stuff, from inside and outside the organization, the individual streams delivered to the analytical desks, SIEMs and SOCs for filtering, analysis and attempts at big data manipulation. For the largest enterprises, acquiring and analyzing this data can cost multiple millions of dollars a year.  And as the focus of these security investments centers on the data, very few teams have built expertise to actually mitigate the threats that are impacting their organizations every day.  Mitigation? Unfortunately, for many enterprises, that's tomorrow's problem...

Read More

Topics: cyber threats, analytics, CISO, InfoSec, Threat Intelligence, SOC, External Threat, mitigation, Ponemon

Subscribe to our weekly CyberThreat Digest

Each week, our Cyber Threat Analyst team prepares a digest of the latest cyber threat news and alerts. Subscribe today and begin receiving it on Monday.

  Get the Weekly CyberDigest

 

Subscribe to receive a weekly summary of our latest posts

Posts by Topic

see all