In its Email Fraud Threat Report: Year in Review 2017, Proofpoint (our parent company) highlights the rise of business email compromise (BEC) attacks during the course of 2017. The report draws from analysis of more than 160 billion emails sent to more than 2,400 organizations across 150 countries. Following are some of the key findings related to these specialized phishing attack patterns.
This white paper was written by the State, Local, Tribal, and Territorial Government Coordinating Council, however it can pertain to any organization. It discusses how cybersecuriy risks are exacerbated when weak or non-existent cybersecurity programs are embedded into the organization.
Created by the State, Local, Tribal, and Territorial Government Coordinating Council, this white paper describes issues related to the “Internet of Things” (IoT). The Internet of Things (“IoT”) can be defined as the interconnection, via the internet, of computing devices embedded in everyday objects, enabling them to send and receive data.
Table of Contents:
- Security and Privacy Implications For IoT Devices
- Weaponization Of IoT Devices
- Securing the Internet of Things
- Laws, Standards and Guidelines
In this first segment of a two-part video blog, Wombat brings end users up to speed on the concept of social engineering. Viewers will understand what this threat is and the ways they might encounter social engineers in their work and personal lives, including phishing attacks, smishing text messages, social media fraud, vishing calls, and imposter scenarios.
Brian Krebs just reported on a massive 46M dollar Cyberheist. Tech firm Ubiquiti Networks Inc. disclosed this week that cyber thieves recently stole 46.7 million dollars using an increasingly common scam in which crooks spoof emails from executives at the victim firm in a bid to initiate unauthorized international wire transfers.
- Have multiple layers (and different AV engines) of malware scanning in place; the firewall, your mail server/email gateway, and the desktop. That means a different vendor, using a different AV engine for your firewall, your mail server/email gateway and your endpoint AV. Then filter out almost all email attachment types except a few essential ones. Check out which AV engines your vendors use, because there is a lot of OEM-ing going on in the AV space, which might result in you using the same engine, but with a different label. Not good.
- Step your users through effective security awareness training and follow up with regular simulated phishing attacks which will keep them on their toes with security top of mind.
- Have good backup routines that are constantly tested to ensure if your data is lost that it can be easily recovered.
- Facebook pages dedicated to victim relief contain links to scam websites.
- Tweets are going out with links to charitable websites soliciting donations, but in reality included spam links or links that lead to a malware infection.
- Phishing emails dropping in a user’s inbox asking for donations to the Nepal Earthquake Fund.