Blog

01May 2019 by Lucieg789 No Comments

Phishing Attacks See Massive Increases and Improvements in Execution with Social Engineering at the Helm

Management Consulting, Training, Uncategorized
With 98% of malicious emails that hit inboxes containing no malware, the evolution and future of the phish lies squarely in the hands of effective social engineering. If you were a cybercriminal and were planning on using email as the medium by which to carry out your evil plans, you quickly realize you need to fool the recipient no matter what – whether the desired action is to open a malicious attachment, click a link, or respond, you much con them into doing so. Read more
Read More
08Feb 2019 by Lucieg789 No Comments
Social Engineering Comes to Wikipedia

Social Engineering Comes to Wikipedia

Management Consulting, Training
Attackers are selectively editing Wikipedia articles to lend credibility to tech support scams, according to Rob VandenBrink at the SANS Internet Storm Center. The Wikipedia page for the SpyEye banking Trojan was changed in mid-December to include a typo-ridden paragraph which claims that only three tech companies can remove the malware, and that “Best buy, Geek squad, Office Depo will not be able to fix it at all.” VandenBrink says that the scammer made these edits to convince victims that “only we can help you fix this (fake of course) infection you have on your computer.” The edit history of the Wikipedia user who made the changes shows that the account made similar edits to the “Macro virus” Wikipedia page, but those changes have since been fixed by other users.…
Read More
05Feb 2019 by Lucieg789 No Comments
Report: Phishing Attacks in 2018 Resulted in Massive Jumps in Credential Compromise and Loss of Data

Report: Phishing Attacks in 2018 Resulted in Massive Jumps in Credential Compromise and Loss of Data

Training
It’s one thing to see specific threat vectors grow a bit over the course of quarters. When that happens, we all, generally, brush it off as a slight shift in tactics on the part of cybercriminals. But when you hear about material increases in the number of attacks, it’s time to stop what you’re doing and take notice. Proofpoint’s 2019 State of the Phish report shows that organizations are feeling the heat of phishing like never before – and feeling its’ impact as well. According to the report, all types of phishing attacks in 2018 occurred more frequently than in 2017: 96% of organizations said the rate of phishing attacks either increased or stayed consistent throughout the yearIT professionals experiencing spear phishing jumped nearly 21%USB-based Social Engineering attacks experienced jumped 25%Vishing (voice phishing) and smishing (SMS-based phishing) increased by 9%…
Read More
01Feb 2019 by Lucieg789 No Comments

Modern Ransomware Goes After Data Backups

Management Consulting, Training
Ransomware is using a variety of methods to reduce or nullify the effectiveness of data backups, writes Maria Korolov at CSO. Restoring from a backup is one of the best strategies that organizations can use to recover from a ransomware attack, so it’s obvious why attackers would want to target this data. Ransomware has been observed attacking shared network drives, Windows shadow copies, and any files that have backup file extensions. Some ransomware variants can even sync with the victim’s cloud service and encrypt files stored there. Read more here...
Read More
30Jan 2019 by Lucieg789 No Comments

Cybercrime could cost companies trillions over the next five years

Uncategorized
A new report (PDF) by Accenture indicates that over the next 5 years, cyberattacks could result in global costs totaling $5.2 trillion. That amount includes both lost revenue for companies and the expenses businesses are likely to incur due to attacks. The high costs have to do with the growth of the digital economy and the poor cybersecurity controls applying to new technologies.  Based on the survey of around 1,700 C-suite members from across the globe, Accenture claims that “Internet security is lagging behind the sophistication of cybercriminals and is leading to an erosion of trust in the digital economy”. Read More...
Read More
29Jan 2019 by Lucieg789 No Comments

[Heads-up!] New ‘Anatova’ Ransomware Disguised As A Game. Warn Your Users

Uncategorized
The ransomware strain was discovered in a private peer-to-peer (p2p) network and targets consumers by using the icon of a game or application to trick the user into downloading it. McAfee researchers today announced the discovery of a new ransomware family, “Anatova” that is targeting consumers at scale across the globe. The ransomware was discovered in a private peer-to-peer (p2p) network and targets consumers by using the icon of a game or application to trick the user into downloading it. Christiaan Beek, Lead Scientist & Principle Engineer at McAfee said, “Creating a quick and fast piece of ransomware is fairly easy for those with basic know-how. Ransomware packed with functionality that is also difficult to analyze, such as Anatova, is more difficult to create from scratch. Anatova has the potential to become…
Read More
28Jan 2019 by Lucieg789 No Comments

EY UK: “We’ve seen a huge proliferation of very successful phishing attacks”

Management Consulting, Training
Bethan Moorcraft at InsuranceBusiness Mag UK wrote an excellent article about the current state of cyber insurance in Europe. Here is an extract with the link to the full article at the bottom: “In 2018, we saw a huge proliferation of very successful phishingcampaigns,” said Ryan Rubin, partner, UK Forensic & Integrity Services team, Ernst & Young. “Unfortunately, cyber criminals are being very effective and are getting through organisations’ defences, despite there being an increasing awareness of cyber risk and a general improvement in security controls. What we’ve seen is that businesses often focus on trying to prevent the sophisticated cyberattacks from happening, and they’re less concerned about basic low-level attacks like phishing and business email compromise. Read the full article...
Read More
21Jan 2019 by Lucieg789 No Comments

The internet’s ‘father’ says it was born with two big flaws

Management Consulting, Training
Business Insider just posted an article that confirms something I have been saying for years. There is some contrary data though. We may be looking at a light version of rewriting history. Here are the highlights they started with: Vint Cerf, one of the creators of the internet, said the network had two big flaws when he launched it.The internet didn't have room for all the devices that would eventually be connected to it, said Cerf, now Google's chief internet evangelist.It also didn't have any built-in security protocols.Even though both shortcomings proved problematic, Cerf's not certain he would have fixed them if he had to do it all over again. Read the full article here....
Read More
17Jan 2019 by Lucieg789 No Comments
Most Cyber Attacks are composed of 4 Stages…

Most Cyber Attacks are composed of 4 Stages…

Management Consulting, Training
Survey, Delivery, Breach and Attack… Security Controls at each stage of an attack, can reduce your organisations exposure to a successful cyber-attack, however your first line of defence is you employees, train them to be aware of cyber threats and this can reduce the likely hood of an attack… contact us now for a discussion on how we can help in training your .... HUMAN FIREWALL...
Read More
16Jan 2019 by Lucieg789 No Comments
Increase in Office 365 Attacks and Data Breaches Should Be Expected as We Approach the 2019 Tax Season

Increase in Office 365 Attacks and Data Breaches Should Be Expected as We Approach the 2019 Tax Season

Training
Experts warn of uptick in phishing attacks against businesses leveraging Office 365 as the tax season begins, tensions run high, and opportunities to trick off-guard users will be plenty. Cybercriminals want two things to exist when they attack: First, they want a gullible victim who will fall for a scam email. Second, they want either an immediate payoff, or a quick way to gain access to data that will turn into money quickly. So, the combination of Office 365 users and tax season create a volatile and dangerous mix for businesses. Phishing scams related to taxes not being filed, unexpected refunds, changes to banking details, or huge tax bills are sufficient enough to get unsuspecting users to click on malicious links or attachments. And Office 365 can be the vehicle…
Read More