2017 Trends: Ransomware, Malware, and Phishing -- Not Going Away Any Time Soon....

Posted by Greg Mancusi-Ungaro

Wed, Jan 18, 2017

More than 200,000 new malware samples were found every day in the first half of 2016 according to the APWG’s (Anti-Phishing Working Group) crime ware statistics.  While down slightly compared to 2015, it doesn’t necessarily signal the end of the ransomware/malware/phishing epidemic that has impacted businesses and the public for many years.

In fact, the opposite may be true, at least in highly targeted industries. Analysis of cyberattacks by BrandProtect, reveals that Q3 phishing attacks against banks, insurers, and other financial services enterprises rose 30 percent during Q3 2016 year/year.  More significantly, the BrandProtect analysis reveals that while the majority of phishing attacks remains simple in design and execution, the percentage of sophisticated phishing exploits – attacks that automate subjugation of website infrastructure and deploy multiple phishing URLs – has increased dramatically. These sophisticated attacks generate the majority of phishing URLs that must be taken down. 

“There is no doubt that sophisticated phishing attacks are becoming the norm,” said Dylan Sachs, Director of Anti-Phishing Services and Incident Response at BrandProtect. “Instead of launching attacks from a single URL, a sophisticated phishing attack will generate and launch attacks from ten, twenty, one hundred, or even more URLs. To put this in perspective, during the third quarter of 2016, just ten percent of the phishing attacks that we detected targeting our clients generated approximately slightly more than fifty percent of the URLs that needed to be taken down.”

Read More

Topics: Malware, Phishing, CISO, ransomware, Digital Governance

2017 Trends: Socially Engineered Attacks Will Grow in Scope and Scale

Posted by Greg Mancusi-Ungaro

Thu, Jan 05, 2017

In a world where billions of username/password combinations have been compromised by hackers, it is increasingly difficult to be certain that the sender of an email is the person that they claim to be. Masquerading and fictitious social accounts, copycat domains, online user groups, and rogue websites are becoming more common. These fraudulent online personalities and properties are often the launching pad for socially engineered attacks such as BEC schemes.

BEC attacks grew in sophistication and effectiveness in 2016, compromising businesses in every market -- leading healthcare organizations, an NBA team, financial institutions, the World Anti-Doping Association, to John Podesta and the Democratic National Committee. The cost of these attacks? Tens of millions of dollars, incalculable reputational damage and possibly an election....

Exploits driven by stolen or invented identities are a menace, and BrandProtect analysts believe that trend will continue in 2017. CISOs and Digital Governance teams need to prepare their company, and protect other companies from BEC and socially engineered attacks that are made using their identity or corporate personality.

Read More

Topics: cyber threats, CISO, BEC Attacks, Social Engineering, External Threat, Cyber Attack, Digital Governance

Subscribe to our weekly CyberThreat Digest

Each week, our Cyber Threat Analyst team prepares a digest of the latest cyber threat news and alerts. Subscribe today and begin receiving it on Monday.

 Get the Weekly CyberDigest

 

Subscribe to receive a weekly summary of our latest posts

Posts by Topic

see all