Regardless of the political fall-out from Special Counsel Robert J. Mueller’s indictment of twelve Russian intelligence operatives for tampering with the 2016 U.S. Presidential election, this much seems clear after reading the 29-page, John LeCarre-like document: It has become unreasonable to expect any organization to successfully defend against such a massive, coordinated cyberattack.
Tags: Mueller, U.S. election, presidential election, spear-phishing, phishing, cyberattacks, Russian hackers, Russian operatives, Russian intelligence, GRU, Clinton Campaign, DNC, Democratic National Committee, DCCC, Democratic Congressional Campaign Committee, isolation, browser isolation, remote browsing, credential theft, malware, Podesta, Clinton, cryptojacking, cryptocurrency, X-Agent
It’s another day and another cyber attack headline in the media. This time it’s another ransomware-style attack; this one is called “Bad Rabbit”. According to media reports, it has impacted organizations in Russia and Ukraine mostly, with reports of some businesses in Turkey and Germany (and possibly in Poland and Japan) also being affected (that we know of so far).
Tags: ransomware, bad rabbit, credential theft, javascript, isolation technology, web isolation, cyber threats
The financial services industry is consistently among the most highly targeted industries for cyberattacks. Financial services institutions (FSIs) are a popular and frequent focus of attackers because, to quote famed bank robber Willie Sutton, when asked why he robbed banks: “That’s where the money’s at.”
Tags: financial services industry, cyberattacks, phishing, phishing attacks, phishing prevention, malware, ransomware, isolation, banking credentials, keyloggers, employee credential theft, credential theft, watering hole attacks, drive-by exploits, spear-phishing
While Black Hat USA 2017 ended three weeks ago, I wanted to share my thoughts and experiences on my very first Black Hat USA 2017 after being in security for 15+ years.
Tags: Black Hat Conference, black hat, Ichthyology, cyber attacks, cyber theft, cybersecurity, cyber training, authentication and application security, phishing training, phishing attacks, credential theft, malware, ransomware, spearphishing, isolation
It’s 2017, and many organisations are still grappling with solving two of the biggest routes of attack into their business from the Internet - via their employees' in-boxes and web browsers.
Tags: cyber attacks, spear-phishing, anti-phishing, credential theft, isolation, infosec euope, cybersecurity
Over 350,000 of the world’s top 1 million web sites may be running vulnerable software -- which the recent WannaCry cyber attack has shown can spell considerable risk of hacker exploitation. According to the Menlo Security State of The Web report, software on some web sites dates back to over a decade ago, as far back as the year 2000. The cyber security research reveals that nearly half (46%) of the Internet’s top 1 million web sites, as ranked by Alexa, are risky, and that 1 in 5 domains run vulnerable software.
Tags: wannacry, cyber attacks, malware vulnerabilities, ransomware, credential theft, hackers, financial security firms, banks, credit unions, isolation, web threats, email threats, spear-phishing, phishing prevention
Exhibiting at the recent FS-ISAC Annual Summit 2017 at the Dolphin Convention Center (which could have doubled as a meat locker at times because it was so cold, while other times it could have been a large sauna it was so hot and steamy!), there was a mini-monsoon outside at one point. It was like Mother Nature was mimicking the downpour of cyber attacks confronting the financial services players at the event. It was a deluge!
Tags: FS-ISAC Annual Summit 2017, spear-phishing, cyber attacks, financial services, malware, ransomware, drive-by exploits, isolation, credential theft, cybersecurity
Tags: spear-phishing, phishers, spammers, patient zero, anti-phishing, anti-spam, isolation, risk, browser-based attacks, credential theft
I just spent a week in several new geographical markets for Menlo Security, the United Arab Emirates and Qatar, meeting and talking to new and existing customers. Online risks are no different in the Middle East than they are in the USA, Asia or Europe. The risks may have different names, but the impact remains the same.
Tags: United Arab Emirates, Qatar, Shamoon attack, cyber attacks, spear-phishing, malware vulnerabilities, credential theft, isolation
You’ve probably heard about businesses that have fallen victim to successful spear-phishing attacks leading to the theft of employee W-2s. But, the IRS began warning tax professionals in January they are under attack, too!
Tags: phishing, security, credential theft, financial services, spear-phishing
