Business email compromise (BEC) attacks are arguably the most sophisticated of all email phishing attacks, and some of the most costly. From 2016-2018, BEC alone made $5.3 billion, but it's not an attack that everyone is familiar with. more
The year 2020 has created an increased impetus for change - especially as companies embrace digital transformation at an accelerated pace. Cybercriminals have also upped their game, switching their attention to hot targets such as healthcare and pharmaceutical brands. more
The attack surface of every Internet user gets wider every day, but it doesn't mean there's nothing that can be done about it. For one, analyzing possible attack vectors, such as suspicious or malicious domain names and IP addresses, can help with attack surface management. more
Just as no man is an island, no company can perform core functions without other organizations' help. This fact is highlighted in today's age of outsourcing, partnership, and third-party connections. Unfortunately, threat actors have also found a massive opportunity in these relationships. more
Almost every transaction on the Internet is riddled with risks, and the use of online payment processing platforms is no exception. With more people opting to transact online and use digital wallets, threat actors have much to gain by targeting online payment processing platforms. more
Every organization faces two kinds of cyber threats daily - "known" and "unknown" ones. Known threats are those that security experts have discovered, often published in blogs and major news outfits with accompanying indicators of compromise (IoCs). Unknown threats, meanwhile, are those that remain hidden to victims and researchers. IoCs for these have yet to be identified and disclosed. more
Following a public announcement from the FBI and CISA warning the public to avoid spoofed election-related internet domains, CSC announced research findings that show the overwhelming majority of registered typo domains related to the election are vulnerable. more
Most businesses rely on third-party entities to outsource certain functions, save on costs, and strengthen their cybersecurity capabilities. While working with external providers makes perfect business sense, it also poses cyber risks. more
Threat actors usually ride on a brand's popularity to make phishing campaigns believable. A common approach involves registering typosquatting domains that closely resemble those of the legitimate owners. Yet monitoring typosquatting domains may just be the tip of the iceberg in the fight against phishing. more
Dridex, Trickbot, and Emotet are banking Trojans that have enabled cybercrime groups to steal hundreds of millions of dollars from their victims. These malware have evolved over the years, and just recently, Emotet was seen using stolen attachments to make their spam emails more credible. more