File-based threats are occurring with greater frequency and higher success rates as threat actors have continued to hone and adapt their social engineering and spearphishing skills to fit today’s trends, such as cloud transformation. Consider that hundreds of millions of users are now working remotely and relying on Software as a Service (SaaS) platforms and rich web apps to improve mobility and productivity.
Tags: isolation, security, SaaS, internet access, cloud-delivered security, remote access, CDR, Content Reconstruction
Threat actors can be ruthless. They use social engineering to comb through people’s personal and professional lives to uncover details that they can use in spearphishing campaigns to manipulate users into unwittingly downloading malware or giving up their credentials
Tags: phishing, isolation, security, Isolation Core, Cloud Proxy, Secure Remote Worker, Remote Working, SaaS, internet access, cloud-delivered security
Regardless of the political fall-out from Special Counsel Robert J. Mueller’s indictment of twelve Russian intelligence operatives for tampering with the 2016 U.S. Presidential election, this much seems clear after reading the 29-page, John LeCarre-like document: It has become unreasonable to expect any organization to successfully defend against such a massive, coordinated cyberattack.
Tags: malware, phishing, isolation, credential theft, spear-phishing, remote browsing, cyberattacks, browser isolation, presidential election, Russian hackers, Russian operatives, Russian intelligence, DNC, DCCC, Podesta, cryptojacking, X-Agent, Mueller, U.S. election, GRU, Clinton Campaign, Democratic National Committee, Democratic Congressional Campaign Committee, Clinton, cryptocurrency
In recent weeks a resurgence of download bomb attacks has been observed in the wild, attempting to add legitimacy to malicious websites serving a tech support based phishing scam. For users of Menlo Security’s Isolation Platform (MSIP), this attack is trivially defeated with zero malicious content reaching the end user’s device. However, the same may not be said for reputation based security, as we review below.
Tags: malware, phishing, isolation, javascript, compromised websites, download bomb
While this post is intended to be a little tongue-in-cheek for readers, it’s been written to provoke discussion on how organizations continue to do the same things they have done for the last 15 years, without thinking of all the issues they bring with them…
Tags: phishing, isolation, ransomware, spear-phishing, web isolation, malvertising
The past few years, the major studios and production companies that create movies, broadcast television, streaming content, and even online and video games have been under cyber attack.
Tags: malware, isolation, ransomware, malicious code, cyber attacks, phishing attack
The holiday shopping season kicks off this week with Black Friday (November 24 th) and Cyber Monday (November 27 th). And, if it’s any indication of how much online shopping will occur, last year (2016), Cyber Monday set a new sales record of $3.45 billion USD!
Tags: malware, phishing, isolation, cyber attacks, isolation platform, cyber Monday, Black Friday
Last month, the U.S. Department of Homeland Security directed federal agencies to begin employing enhanced security methods and protocols on all government email accounts. This action is an effort to halt the impersonation of U.S. government email domains, referred to as spoofing, by attackers intent on deploying a dizzying array of cyber attacks typically initiated by a phishing campaign. Given that many reports place the start of a cyber attack squarely on phishing campaigns—some reports place the figure at over 90% of cyberattacks are as the result of phishing—it makes sense that the DHS would require greater email security for federal government email accounts and inboxes.
Tags: isolation, cyber attacks, phishing attack, cyber security, DMARC
It seems that almost daily, there is a new story about another bank or financial services institution (FSI) falling victim to a phishing or other cyberattack.
Tags: malware, isolation, malicious code, anti-phishing, cyberattacks, CISO, multi-factor authentication, Trickbot banking Trojan, Trojans, remote browers
The financial services industry is consistently among the most highly targeted industries for cyberattacks. Financial services institutions (FSIs) are a popular and frequent focus of attackers because, to quote famed bank robber Willie Sutton, when asked why he robbed banks: “That’s where the money’s at.”
Tags: malware, phishing, isolation, ransomware, credential theft, drive-by exploits, phishing prevention, spear-phishing, watering hole attacks, phishing attacks, financial services industry, cyberattacks, banking credentials, keyloggers, employee credential theft
