banner-blog.jpg

blog

How to Mitigate Phishing Threats inYour Organization

Posted by Kowsik Guruswamy on Dec 5, 2019

From a bad actor perspective, phishing is the cheapest and easiest way to infiltrate organizations and personal information
to make a profit. By nature, humans are curious and are oft en overconfident when it comes to security. Phishing is an even greater threat for mobile users, too. Without key visual cues, like the ability to hover over a link to determine its destination, it is much easier for a user to make the simple mistake of clicking a bad link and falling victim to a phishing attempt. The popularity of social media has also made it much easier for hackers to find valid email addresses and research users’
life activities to create sophisticated, tailored phishing attacks.  From a security perspective, there are typically three approaches to solving the phishing problem – email security gateways, web proxies and security training awareness – but each has its own limitations.

Read More

Tags: phishing, email attachments, anti-phishing, phishing prevention, Google Docs email scam, email threats

How Isolation Would Have Stopped The Russian Election Cyberattacks

Posted by Jay Kelley on Jul 19, 2018

Regardless of the political fall-out from Special Counsel Robert J. Mueller’s indictment of twelve Russian intelligence operatives for tampering with the 2016 U.S. Presidential election, this much seems clear after reading the 29-page, John LeCarre-like document: It has become unreasonable to expect any organization to successfully defend against such a massive, coordinated cyberattack.

Read More

Tags: malware, phishing, isolation, credential theft, spear-phishing, remote browsing, cyberattacks, browser isolation, presidential election, Russian hackers, Russian operatives, Russian intelligence, DNC, DCCC, Podesta, cryptojacking, X-Agent, Mueller, U.S. election, GRU, Clinton Campaign, Democratic National Committee, Democratic Congressional Campaign Committee, Clinton, cryptocurrency

Compromised Websites and Download Bomb Attacks

Posted by Andrew Prince on Jul 11, 2018

Compromised Websites and Download Bomb Attacks

In recent weeks a resurgence of download bomb attacks has been observed in the wild, attempting to add legitimacy to malicious websites serving a tech support based phishing scam. For users of Menlo Security’s Isolation Platform (MSIP), this attack is trivially defeated with zero malicious content reaching the end user’s device. However, the same may not be said for reputation based security, as we review below.

Read More

Tags: malware, phishing, isolation, javascript, compromised websites, download bomb

10 Reasons Why You Shouldn't Consider Isolation

Posted by Jay Kelley on Dec 7, 2017

 

While this post is intended to be a little tongue-in-cheek for readers, it’s been written to provoke discussion on how organizations continue to do the same things they have done for the last 15 years, without thinking of all the issues they bring with them…

Read More

Tags: phishing, isolation, ransomware, spear-phishing, web isolation, malvertising

Cyber Monday: Going Phishing?

Posted by Jay Kelley on Nov 21, 2017

 

The holiday shopping season kicks off this week with Black Friday (November 24 th) and Cyber Monday (November 27 th). And, if it’s any indication of how much online shopping will occur, last year (2016), Cyber Monday set a new sales record of $3.45 billion USD!
Read More

Tags: malware, phishing, isolation, cyber attacks, isolation platform, cyber Monday, Black Friday

The SWIFT Security Controls Framework and Isolation

Posted by Jay Kelley on Nov 7, 2017

If you are in the financial services community, you are likely well-aware of and well-acquainted with SWIFT and the services it performs. As a quick primer for the uninitiated, SWIFT is an acronym for the Society for Worldwide Interbank Financial Telecommunication, a cooperative built over forty years ago by banks and financial institutions globally to address a mutual problem: A better, more secure, and automated way to communicate inter-bank payments across borders. SWIFT addressed this common issue, and today, it is a world-leading provider of secure messaging services for over 11,000 banks, financial organizations, and enterprises in over 200 countries.

Read More

Tags: malware, phishing, spear-phishing, cyber attacks, isolation technology, isolation platform, SWIFT

Why Financial Institutions Are Phishing’s “Big Catch”

Posted by Jay Kelley on Aug 29, 2017

The financial services industry is consistently among the most highly targeted industries for cyberattacks. Financial services institutions (FSIs) are a popular and frequent focus of attackers because, to quote famed bank robber Willie Sutton, when asked why he robbed banks: “That’s where the money’s at.”  

Read More

Tags: malware, phishing, isolation, ransomware, credential theft, drive-by exploits, phishing prevention, spear-phishing, watering hole attacks, phishing attacks, financial services industry, cyberattacks, banking credentials, keyloggers, employee credential theft

Phishing: It’s Not About Stupidity, It’s About Sophistication

Posted by Greg Maudsley on Jul 18, 2017

There was a time not long ago when victims of phishing attacks were considered stupid. But now that the general population is becoming more aware of the phishing problem, the “pool of stupidity” is shrinking. Easy prey is becoming more difficult to find, so phishing is evolving to new levels of sophistication. Attacks using OAuth, Data URI, PDF credential phish, and PunyCode are now so difficult to detect, even security administrators themselves are falling victim.

Read More

Tags: malware, phishing, malware vulnerabilities, anti-phishing, punycode, oAuth, gmail phishing campaign, uniform resource identifier (URI) scheme

The (Human) Face of Ransomware

Posted by Jay Kelley on May 19, 2017

When you start to realize the scope and impact the ransomware attack that began on Friday, May 12, 2017, and continued to roll onward into last weekend had not only a huge negative effect on businesses and their operations, but on everyday people, it begins to become all too real.

Read More

Tags: phishing, isolation, ransomware, drive-by exploits, spear-phishing, cyber attacks, Telefonica, Vodafone, Gas Natural, watering hole attacks, wannacry

Increasingly Clever Phishing Attacks like OAuth Are The New Normal

Posted by Greg Maudsley on May 4, 2017

In the past, an attacker looking to steal credentials would craft a convincing email and landing page that did not trigger any red flags to the user. Attackers could be certain that at least 11% of people, even those who’d had phishing awareness training, would click malicious email links. Looking to up this percentage, attackers have evolved phishing exploits to use novel techniques, and OAuth is an important part of this evolution. This new approach is making it more challenging than ever for users to know when it is safe to click.

Read More

Tags: phishing, isolation, phishing prevention, Eugene Pupov, phishing scams, Google Docs email scam

Connect with us

Lists by Topic

see all

Recent Posts