Use your campus library much? You may be the target of the latest phishing scam. According to SC Magazine, ” The Mabna Institute, an Iranian firm whose members were indicted last year for cyberattacks against U.S. universities and other organizations, appears to have launched a new global phishing operation targeting the education sector last July and August.”
The wars of the future won’t be fought with bombs and planes they’ll be fought with 1s and 0s. And while the U.S. is worried about North Korea getting nuclear weapons, it should be more worried about their cyberattacks.
The latest salvo from North Korea is a spear-phishing attack targeting U.S. firms “with an interest in nuclear deterrence, North Korea’s nuclear submarine program and North Korean economic sanctions.” Apparently this is an ongoing malware campaign aimed at U.S. companies.
To protect critical data from being lost, a system for data protection, recovery, and retrieval was established; the system is popularly known as email archiving.
Email archiving should be a significant aspect of the data management and protection policy for any organization. Emails are the global form of communications and thus, a vulnerable entry point and a popular vector for cyber attacks. Although the primary purpose of email archiving is to protect the emails, IT experts believe it to be more important than just that.
“Malicious actors target government contractors,” according to SC Magazine. While targeting government contractors certainly isn’t a new occurrence, it does seem to be on the rise. “Over the past few months we have observed the increasing use of yet another type of transaction-based social engineering scheme designed to hook companies dependent on government contracts: the invitation to bid.”
If you haven’t been paying attention, cities are getting killed by ransomware. The number of cities that have fallen victim to ransomware just 2019 is too long to list. And once a city does get hit by ransomware, the question that always comes up is, should the city pay the ransom? It’s not an easy question to answer.
One the one hand, paying the ransom is no guarantee that the city will get their systems back. On the other hand, not paying the ransom leaves the city with the unknown financial burden of restoring their systems.
Software-as-a Service (SaaS) has been around a while now. One of the strongest benefits of SaaS is that it affords businesses the luxury of not having to buy and/or build all of their IT services. And SaaS almost always saves companies money. But what was once a luxury, is rapidly becoming a necessity.
The number of cyberattacks and security breaches increases every year. Year by year, the percentage surges upwards. According to Gemalto, there was a 164 percent increase in cyberattack frequency between 2016 and 2017. Projections between 2017 and 2018 already show a trend towards even greater growth.
It’s one thing to be taken in by a hacker. It’s another thing to be taken in by a bot. Called trickbots, they are a network of bots, or Internet robots, that trick the recipient into divulging some personal information.
Now word comes that the latest trickbot, which is an updated version of an existing trickbot, is being used “to target three of the largest mobile carriers in the United States, namely Verizon Wireless (August 5), T-Mobile (August 12), and Sprint (August 19).” The trickbot in this instance is being used to grab user’s PIN code.
If you haven’t heard, cyberattacks are a big problem. They’re an even bigger problem for small companies. Why is that? Two reasons. First, because there are a lot of them and second, because they aren’t very well prepared.
Small and mid-size businesses (SMB) are the target of cyber-attacks quite often. “According to the Verizon 2019 Data Breach Incident Report (DBIR), 58% of SMBs experienced a cyber incident in 2018.”
Office 365 has successfully moved mountains of email from on-site servers to the cloud. But, does Office 365 really meet the criteria for archiving compliance, e-discovery, and legal holds? Should businesses consider and use a third-party email archiving solutions?
Join us as we explore these questions and their answers.
As a hosting provider, your IP reputation is of paramount importance. This is one of the factors that determines whether your customers’ emails arrive at their inbox or junk folders.
Unfortunately, traditional SMTP providers collect reputation data at the server level. This puts shared hosting and VPS providers in a tight spot.
If you host hundreds of customers on a single server, one bad actor sending spam emails can ruin the reputation of every single other user. This significantly damages the user experience for all your legitimate customers and generates a ton of support tickets, thereby straining your resources considerably.
Mobile phishing is not a new phenomenon. Almost anyone old enough to remember using pre-smartphone mobile devices also remembers getting suspicious texts and calls from early scammers. Often, these scam artists used some variant of the now-campy Nigerian Prince scheme to trick victims.
But times have changed. Today’s mobile phishing attacks are sophisticated, high-tech, and largely automated. Mobile phones have taken on a more important role in users’ lives than ever before, and the world’s hackers have access to more data than the previous generations could dream of. Without mobile phishing protection, users are vulnerable.
Do you ever wonder why Microsoft consistently tops the list of favorite brands to target with phishing scams? Because it’s one of the most widely used brands, AND because apparently it’s security isn’t very good.
Now comes word of a spear phishing scam, targeting a company in the energy sector, “using a savvy trick to get around the company’s Microsoft email security stack.”
You can purchase anything as a service today—even malware. According to ThreatPost, “A phishing campaign that spoofs a PDF attachment to deliver Adwind spyware has been taking aim at national grid utilities infrastructure.”
“Adwind, a.k.a. JRAT or SockRat, is being used in a malware-as-a-service model in this campaign. It offers a full cadre of info-gathering features, including the ability to take screenshots, harvest credentials from Chrome, Internet Explorer and Microsoft Edge, record video and audio, take photos, steal files, perform keylogging, read emails and steal VPN certificates.” One stop shopping to create havoc.
It’s everywhere you turn. Advertisements for security awareness training. The last line of defense. The human firewall.
There’s nothing wrong with training your employees to recognize security exploits. We recommend it. But it should be one part of a holistic defense-in-depth approach to security. Why is that? Because the math of having employee awareness training be your only line of defense is frightening. How frightening?
Phishing scams are more common than you might think. In fact, a person receives an average of six malicious emails per day, threatening the security of their computer and their systems.
Between 2013 and 2016, American businesses faced a staggering $500 billion in losses due to phishing scams. This led to an extensive FBI investigation of over 22,000 reported phishing scams.
What is a lateral phishing attack? A lateral phishing attack occurs when “one or more compromised employee accounts in an organization are used to target other employees in the same organization. Lateral phishing is similar to business email compromise (BEC), but while the latter is usually about getting victims to carry out fraudulent wire transfers, the main goal of the former is usually credential theft.” I suppose it means the attack occurs laterally across the org chart.
Been called to jury duty lately? Even if you haven’t, you might still get phished. Last week, in Ventura County, CA, a phishing scam was going around telling people that they missed their jury duty appointment.
According to the Citizens Journal, “In the calls and emails, recipients are pressured to provide confidential information, potentially leading to identity theft and fraud. These calls and emails, which threaten recipients with fines and jail time if they do not comply are fraudulent and are not connected with the Camarillo Police Department or the Ventura County Sheriff’s Office.”
Email forwarding is so common place, most people don’t give it another thought. But, as I pointed out in a recent post, email forwarding isn’t always smart to do.
In that post, I point out a handful of reasons why blindly forwarding emails can get you into a little hot water. First, there are the copyright issues. When someone writes an email, it is by definition, copyrighted. Depending on who you are forwarding it to, where and how often, you could be in violation of copyright law.
If you follow the news at all, you know that phishing attacks, cyber breaches and ransomware are everywhere. It’s practically an epidemic. But, not all victims are created equal.
It’s one thing if a bank or a big corporation or even a government entity gets hit with a cyber-attack. They either have, or can find the resources to recover from such an event. Many even have some form of insurance to bail them out. But lately, hackers have pulled out all the stops and have started targeting some of the most vulnerable in society.