Business email compromise (BEC) attacks are arguably the most sophisticated of all email phishing attacks, and some of the most costly. From 2016-2018, BEC alone made $5.3 billion, but it's not an attack that everyone is familiar with. more
Cybercrime is first and foremost financially motivated. Cybercriminals look for lucrative targets, including social media networks with hundreds of millions of monthly active users. We put this perspective to the test by analyzing the domain attack surface of three of today's largest social media platforms. more
Phishing attacks' success can be partially attributed to threat actors' use of branded domain names, including both legitimate and misspelled variants. It's no wonder, therefore, that blacklisting sites like PhishTank provide users a way to search phishing URLs by target brand. more
Dridex, Trickbot, and Emotet are banking Trojans that have enabled cybercrime groups to steal hundreds of millions of dollars from their victims. These malware have evolved over the years, and just recently, Emotet was seen using stolen attachments to make their spam emails more credible. more
Threat actors are seasoned posers. They often pose as bank employees, police officers, or court officials. A coronavirus-themed campaign even had them posing as the Director-General of the World Health Organization (WHO). Insurance companies are also increasingly targeted, which can be attributed to the ongoing global health crisis. more
David Conrad, CTO of The Internet Corporation for Assigned Names and Numbers (ICANN), recently presented a keynote during a webinar we collaborated on with other internet organizations. This post summarises his explanation of the domain name system (DNS) ecosystem, its vulnerabilities, and threat mitigations. more
Cyber attacks can come from practically any angle, and more often than not, it's hard to see them coming without knowing all there is to know about a domain's WHOIS history and connected domain entities. Several aspects come into play in this scenario, one of which is old and forgotten pages on a website. more
As a huge chunk of the world's population is staying at home because of social distancing measures, video-conferencing businesses saw an opportunity to expand their freemium offers. more
Organizations that don't have a dedicated pool of cybersecurity experts often hire managed security service providers (MSSPs) to help them ward off attempts and attacks. Yet in today's ever-dangerous cyber threat landscape, even the best service providers may fall for cybercriminals' traps. more
Spear-phishing email attacks pose a significant challenge to most organizations. A successful attempt can cost a company an average of US$1.6 million per incident. more
A World-Renowned Source for Internet Developments. Serving Since 2002.