Every year cyber criminals devise new high profile and sophisticated attacks against organizations worldwide. 2017 is no exception: from complex ransomware attacks to large data breaches, it is obvious this year’s cyber-attacks have caused major damage. Below you will find the most prominent cyber security news so far and the lessons they’ve left behind.
There are many misconceptions about the dark web and what goes on in the “digital underground”. Though the dark web is usually associated with criminal activities including drug dealing, human trafficking, selling counterfeit consumer goods and many other malicious acts, not everything in the dark web is completely “dark”.
Many questions are frequently asked about the dark web and to further understand it here are some of the greatest myths and truths to help answer them.
On Friday, May 12 2017 a large scale cyber-attack known as “WannaCry” was launched targeting more than 230,000 computers in 150 countries affecting Britain’s National Health Service (NHS), FedEx, LATAM Airlines and other important companies around the world.This is certainly not the last time we’ll hear about this cyber-attack, here’s what you need to know…
Summer is over, school is back in session, and social activity is amping up everywhere. The increase of online activity, driven by school and family activity, raises the odds that you and your family will be exposed to cyber criminals.
Over the past 18 months there has been a phenomenal increase in the frequency of socially targeted email attacks.
The FBI recently reported that global losses related to these Business Email Compromise (BEC) scams experienced a 270% increase from January to August 2015. These kinds of attacks do real damage, including the compromise of internal networks, the inappropriate disclosure of company IP or PII, the incorrect transfer of funds from the company treasury, to name a few of the most common outcomes. Hundreds of millions of dollars have been stolen through these schemes, directly affecting corporate bottom lines.
In these sophisticated attacks, employees, and/or business partners are targeted
Over the past weeks there has been a lot of reporting, including these great pieces by Steve Ragan at CSOonline.com and Mathew J. Schwartz at BankInfoSecurity.com about a December 20, 2015 discovery that a database containing 191 Million voter records had been exposed online. As part of the BrandProtect 2016 Elections Project, we dug into the situation, and what it means to you.
Because of the nature of the exposure – effectively a database containing the records was left unlocked and unprotected – there is no way to know who might has downloaded the information.
Make no mistake, this is a big number. And it is an important number. Consider this: the US Census Bureau estimated that there were approximately142 Million registered voters in 2014. This means that the recent exposure of 191 million voting records is not just a large data breach. It’s a national issue -- effectively every registered voter in America has had their PII exposed... Wow...
That sound you hear is a bunch of the staffers at jeb2016.com (the official Jeb Bush website) trying to make it seem like they are on top of their web presence. Or is that the Trump team, laughing? We can't be sure.
The Washington Post reported yesterday that people who type "jebbush.com" into a browser found themselves redirected to Donald Trump's official site, donaldjtrump.com. You read that right -- one of the leading candidates for the Republican nomination for President of the United States has found himself on the wrong side of one of the most basic domain abuse issues. Someone else has registered a similar domain and is using it to confuse the public. Try it: jebbush.com (It's fun!)
Yes, it's funny for a moment. But in reality it is very scary. In fact, it is potentially devastating.
The massive breach at Anthem earlier this year originated from spear phishing emails that were sent from domains that impersonated Anthem. The employees who recieved the emails did not notice that the emails originated from a rogue address. They unwittingly opened attachments or clicked on links that gave the attackers inside access to Anthem networks.
When others appropriate your web presence by registering or appropriating a similar or easily mistaken domain, they put themselves in a position to confuse your message, siphon revenues or worse.
How big a problem can it be?...
Topics: Brand Protection, data breach, scam, brand abuse, Domain Management, cybersquatting, Phishing, gTLD, brandprotect, infographic, cyber threats, online risk, brandjacking, Health Care, OSINT, Jeb Bush, Legal, Spear Phishing, CISO, CSO, InfoSec, Donald Trump, 2016 Elections, Anthem, CMO
I’m just back from a fantastic International Trademark Association (INTA) conference. It is exciting to spend a few days with the foremost practioners in trademark and IP world. One of the most visible organization there was a registrar, Vox Populi Registrar, Inc., who owns the .SUCKS gTLD. Their representatives, clad in bright blue and white, were merrily touring the floor, speaking with vendors and attendees, about how much business sense it made to a brand to purchase the .SUCKS domain. There booth featured a continuous slide show of F500 brands,"using" the .SUCKs domain. ibm.sucks; ford.sucks; starbucks.sucks. yourcompanyhere.sucks. Outside the conference hall, there were more blue-clad representatives, passing out .SUCKs items that were prohibited in the hall. The Vox Populi message was communicated clearly -- It only costs $2500/year to reserve this gTLD.
"Isn't that a small amount to pay to know that no one else uses it with your brand?..."
Topics: risk management, brand abuse, online brand protection, Reputation Management, INTA, trademark, intellectual property, Risk, gTLDs, cyber threats, Chief Security Officer, online risk, unauthorized associations