DOCSLIB.ORG

With the Increase in Online Activity During the Pandemic, Cybercriminals Are Finding New and Innovative Ways to Target Customers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
With the Increase in Online Activity During the Pandemic, Cybercriminals Are Finding New and Innovative Ways to Target Customers A GULF NEWS SPONSORED SUPPLEMENT Tuesday, October 20, 2020 With the increase in online activity during the pandemic, cybercriminals are finding new and innovative ways to target customers PAGE 2 2 Tuesday, October 20, 2020 dle East and North Africa– many of which were likely used for financial gain.” Scamsters have capitalised on the pan- demic with creative attack campaigns that play to the present mood. With peo- ple’s health, jobs and finances all under threat, cyber monitors report an in- crease in e-mails enticing users to click on unsafe links, purportedly offering in- formation on rising local case numbers, advice on safety measures, tips for claim- ing stimulus cheques, as well as alerts on coronavirus-linked investment opportu- nities or relief donations. Focused attacks CK TO “Ransomware, privileged access RS abuse, data loss and poorly configured TE services that create vulnerabilities are UT significant risks,” says Ammar Enaya, Re- SH gional Director – Middle East at Vectra, an artificial intelligence-based threat de- tection platform that counts UAE banks THE COVID EFFECT among its clients. “Cybercriminals partic- ularly target banking customers and sup- ply chain partners so those connections tion, there is often a general escalation and credentials must be controlled and BY KEITH J FERNANDEZ in cybercriminals’ activity,” says Anoop monitored too. Banks are also a target SPECIAL TO GN FOCUS Das, cybersecurity expert at the cloud for politically motivated attacks seeking services provider Mimecast Middle East. to disrupt and destabilise a region’s infra- n August, Hozefa Arsiwala was having “There has been a spike in cybercrime structure. For customers using banking a late lunch with his wife and daughter across the board and crime for financial digital services, their credentials will be during a staycation when an SMS came gain has been among the most signifi- a prized target for attackers. Banks need Iin. It confirmed that he had just spent cant. Criminals know that many people ANOOP DAS, to ensure robust access and identity Dh50 to buy a T-shirt online. Except that are struggling financially and are looking Cybersecurity technical controls and also focus on cus- the Sharjah resident hadn’t. He immedi- for ways to prey on their desperation.” expert, Mimecast tomer security awareness education.” ately rang his bank, one of the largest in He offers a chilling example from a re- Middle East Organisations — including banks — have the UAE, and learnt the purchase had cent Mimecast investigation. The log- also been unprepared to have their entire gone through. A quick Google in page of a major UAE bank workforce operating remotely. The sud- search told him the store had been cloned, with the den shift to working from home opened was located in the US. fake website live since up security gaps for hackers. This week, The same card was July. Customers had backup software solutions company Ac- also being charged Cybercriminals potentially been ronis revealed the results of a global an additional Am- particularly target affected for sev- survey of 3,400 companies: 39 per cent azon Prime pay- eral months. “If of companies experienced a videoconfer- ment for the banking customers and a banking cus- AMMAR ENAYA encing attack in the past three months. preceding three supply chain partners tomer were to Regional Director Malware attacks such as ransomware months, some- so those connections click on a phish- Middle East, Vectra also have increased during the pandemic, thing Arsiwala ing link, they with 31 per cent of companies reporting was pursuing and credentials must be would be sent daily cyberattacks and 50 per cent being with the technol- controlled and to the malicious targeted at least once a week. ogy services pro- fraudulent web- “The attack surface is being expanded vider. “The bank monitored.” site,” he says. by remote work and unsecured personal offered to open a AMMAR ENAYA, “This log-in page devices used by employees, increasing complaint to pursue REGIONAL DIRECTOR is then used to har- the risk to the business,” says Adam Palm- the matter and uncov- MIDDLE EAST AT vest the credentials er, Chief Cybersecurity Strategist at Tena- er more details about VECTRA of the customer, as they ble, a global IT company that tracks cyber both incidents, but given the are prompted to fill in their ADAM PALMER, exposure. He tells GN Focus that tradition- time and potential costs involved, information, including their Chief Cybersecurity al risk management is failing, and organ- it wasn’t worth the trouble,” he says. password. Criminals can then use this Strategist, Tenable isations should integrate their security Arsiwala doesn’t know if he’d been information to access the user’s bank ac- into one central identity and access man- phished, that is, tricked into revealing count.” agement solution, while using privileged sensitive personal data, or if his data access management to restrict access to had been stolen in a cyberleak, but he Rise in attacks critical systems and data, to limit the abil- was certainly a victim of credit-card The company’s Threat Intelligence ity for attackers to reach critical systems. fraud, one of many different kinds of Centre picked up 115,000 Covid-19-relat- “It’s important to make sure remote work- online bank hoaxes being reported in ed registered spoof domains in the first ers’ devices are fully configured with end- the UAE. three months of the pandemic. These point protection and detection. Far too Earlier this year, the Central Bank of offered fake or non-existent goods such many people, including the most tech-sav- the UAE warned of a spike in cybercrime as protective masks or Covid-19 cures, or vy, ignore system updates and patches.” and bank fraud, as fraudsters capital- targeted individuals seeking compensa- ise on the coronavirus pandemic to find tion for holidays booked. “The general new ways to target consumers. The bank fear and uncertainty of this year has of- rolled out its first national fraud aware- fered criminals the perfect opportunity To access the first official ness campaign in April, which aims to to exploit vulnerable people,” Das says. page in the UAE for bank arm consumers with the skills to protect “Our researchers saw a massive 751 per customers to report bank fraud, themselves against scams. cent increase in unsafe clicks during the please visit: “During times of heightened disrup- first three months of the year in the Mid- www.uaebf.ae/en/fight-fraud 4 Tuesday, October 20, 2020 SIM swap NATIONAL CAMPAIGN fraud drops BOLSTERS UAE’S Jamal Saleh, Director READINESS TO FIGHT General of UBF, highlights the success the nation-wide initiative CYBERCRIME #TogetherAgainstFraud will run until the end of the year and IM swap fraud targeting banking customers in the UAE has dra- cover different types of fraud, including Covid-19 related scams matically declined after launch- Sing a major nationwide awareness campaign, a senior banking industry offi- ith hundreds of millions of peo- cial told Emirates News Agency (WAM). ple mandated to stay at home “SIM swap fraud, the worst among on- globally to limit the spread of line banking frauds, used to be reported Wthe coronavirus, Covid-19 related in hundreds in the past. But only one case fraud is expected to climb as fraudsters ex- was reported in recent months since we ploit people’s fear and anxiety during these started the campaign in April with the difficult times. Common scams include tar- Central Bank of the UAE, Abu Dhabi Po- geting victims via email, SMS, phone and lice and Dubai Police,” said Jamal Saleh, social media, with fraudsters posing as gen- Director General of UAE Banks Federa- uine organisations, including government tion (UBF). entities, banks, and healthcare providers, “And this is despite the number of on- to trick victims into disclosing personal or line banking fraud attempts having dou- financial information. bled since the start of coronavirus out- To counter this, UAE Banks Federation break, as people started spending more (UBF), the Central Bank of the UAE, Abu time at home and transacting online,” Dhabi Police, and Dubai Police launched the he added. UAE’s first national fraud awareness cam- paign in April, which will run until the end Identity theft of the year. Under the theme #Together- SIM swap fraud is a type of identity AgainstFraud, the joint initiative aims to ed- theft, where a fraudster manages to get ucate and protect consumers from financial a replacement SIM card of a victim’s reg- cybercrime and fraud, particularly in light istered mobile number, using fake iden- of the increased use of digital banking ser- tity documents to access online banking vices during the Covid-19 pandemic. services of the victim to steal money. “The banking sector’s digital transfor- “The awareness campaign and the mation and widespread implementation strict preventive measures taken by the of online solutions has increased both the Telecommunications Regulatory Author- complexity and magnitude of financial ity, Etisalat, and du have almost stopped fraud and cybercrime across the globe,” this type of fraud. For example, unlike in says AbdulAziz Al Ghurair, Chairman of UAE the past, the customer has now to go in Banks Federation. person with his/her original Emirates ID “This is a serious threat to society that and fingerprint to request a replacement must be addressed, particularly under ABDULAZIZ AL GHURAIR, CHAIRMAN OF SIM card,” Saleh explained. these challenging circumstances where UAE BANKS FEDERATION fraudsters have become increasingly so- the country, this initiative underpins our Campaign success phisticated taking advantage of the fear will and readiness to tackle fraud and cy- The #TogetherAgainstFraud aware- and uncertainty created by the outbreak of bercrime, and strengthen our collaborative ness campaign was well received by the pandemic.
Load more

Recommended publications
  • Watchguard Internet Security Report Q4 2020
    INTERNET SECURITY REPORT Quarter 4, 2020 Contents The Firebox Feed™ provides quantifiable 03 Introduction data and trends about hackers’ latest 05 Executive Summary attacks, and understanding these trends can help us improve our defenses. 06 Firebox Feed Statistics 08 Malware Trends 09 Overall Malware Trends 11 Most-Widespread Malware 13 Catching Evasive Malware 14 Individual Malware Sample Analysis 18 Network Attack Trends 19 Most-Widespread Network Attacks 21 Top 10 Network Attacks Review 22 Overall Geographic Attack Distribution 24 DNS Analysis 25 Top Malware Domains 27 Firebox Feed: Defense Learnings 28 Endpoint Threat Trends 30 Top Ransomware Variants in 2020 33 Endpoint Defense Learnings 34 Top Security Incident 35 SolarWinds Breach 39 Important Takeaways 40 Conclusion and Defense Highlights 43 About WatchGuard Internet Security Report: Q4 2020 • 2 Introduction The Q4 report covers: As digital technology has evolved and become much more Firebox Feed Threat Trends: interconnected, your individual company’s cybersecurity This section highlights the top malware, network posture has expanded to affect others far beyond just your own 06 attacks, and threatening domains we see targeting organization. This complex cyber-ecosystem means it’s now in customers. We break these results down both by your best interest to improve everyone’s cybersecurity stance, raw volume and by the most widespread threats, not just your own. I believe cybersecurity needs to become a while also giving a regional view. We also highlight community effort that creates a tide to lift all boats. individual standout threats, such as Emotet, Tesla Agent, the return of cryptominers, and an IoT trojan Both the pandemic and the SolarWinds breaches seeded my targeting consumer routers called The Moon.
    [Show full text]
  • (Public Pack)Agenda Document for Licensing Sub-Committee, 16/04
    Public Document Pack LICENSING SUB-COMMITTEE MEETING TO BE HELD IN CIVIC HALL, LEEDS ON TUESDAY, 16TH APRIL, 2019 AT 10.00 AM MEMBERSHIP Councillors H Bithell - Kirkstall; C Knight - Weetwood; G Wilkinson - Wetherby; Enquiries specific to Agenda compiled by: Entertainment Licensing: Governance and Scrutiny Support Stephen Holder Civic Hall Tel No: 0113 3785332 LEEDS LS1 1UR Tel No: 0113 3788662 Produced on Recycled Paper A CONFIDENTIAL AND EXEMPT ITEMS The reason for confidentiality or exemption is stated on the agenda and on each of the reports in terms of Access to Information Procedure Rules 9.2 or 10.4(1) to (7). The number or numbers stated in the agenda and reports correspond to the reasons for exemption / confidentiality below: 9.0 Confidential information – requirement to exclude public access 9.1 The public must be excluded from meetings whenever it is likely in view of the nature of the business to be transacted or the nature of the proceedings that confidential information would be disclosed. Likewise, public access to reports, background papers, and minutes will also be excluded. 9.2 Confidential information means (a) information given to the Council by a Government Department on terms which forbid its public disclosure or (b) information the disclosure of which to the public is prohibited by or under another Act or by Court Order. Generally personal information which identifies an individual, must not be disclosed under the data protection and human rights rules. 10.0 Exempt information – discretion to exclude public access
    [Show full text]
  • How to Delist a Blacklisted IP Address
    How to delist a blacklisted IP address PROBLEM My IP address is blacklisted by some sender reputation RBL and emails are not delivered. How can I remove it form the blacklists? RBLs Our dedicated IP are only assigned to one account at a time, so we expect those users to take responsibility for all of the mail that is sent through their account. Please note: in the event that a sending domain (and not the IP address) is blacklisted, that domain’s controller will be responsible for handling the delisting request. RBLs are blacklists of IP addresses. One IP address enters into a blacklist for spamming activity. Here you can find instructions on what to do once the IP address entered into one or more blacklists. Why did you get into the blacklist in the first place? First of all, make sure you identified the reason for the blacklisting. If you didn’t identify and resolve it, you will just make things worse by asking for delisting. The IP will be quickly re-blacklisted and it will be harder to delist it. So, check why the IP has been blacklisted and fix the source of the problem before going ahead. Once you resolved all the problems (if it is a new IP address there is no problem to resolve, of course), you can go ahead with the delisting with the following instructions. First time cleanup If you just acquired this IP address, make sure that the dns reverse lookup is set before requesting removal from blacklists. When asked for a reason for requesting delisting, tell that you just acquired the IP address.
    [Show full text]
  • Mimecast Cloud Archive
    S Mimecast Cloud Archive The Best Defense is a Good Offense Effective information management is a business-critical issue for organizations of all sizes and across a wide variety of industries. As the massive volumes of data being created converge with increasingly stringent restrictions on how information must be maintained, the data management quandary is fast approaching a boiling point; and organizations are struggling to keep pace. From enforcing complex regulatory policies and reducing legal exposure to ensuring efficient data retrieval and safeguarding employee productivity, companies need solutions that can tame complexity, minimize risk, reduce costs, and decrease the burden on already over-taxed resources. Mimecast helps companies protect their employees, intellectual property, customer data, and brand reputations by providing comprehensive, cloud-based security and compliance solutions that mitigate risk and reduce the cost and complexity of creating a cyber-resilient organization. The Mimecast Cloud Archive solution is a multi-purpose platform that serves the needs of legal, compliance, and IT leaders. With capabilities for managing retention, e-discovery, compliance, and supervision, Mimecast Cloud Archive helps reduce cost, complexity, and risk, while bringing greater insights and decision-making power to the people who need it. A leader in the Gartner Magic Quadrant for Enterprise Information Archiving for four years’ running, the solution allows you to: • Ensure Compliance – Mimecast Cloud Archive removes the guess work The Archiving Imperative from compliance by automating the application of customer-defined retention policies. Customers can reduce the risk, cost, and complexity T erag Dover abyt of navigating dynamic regulatory requirements, while controlling 1,0001 audit-readiness.
    [Show full text]
  • Monthly Security Bulletin
    Advanced Security Operations Center Telelink Business Services www.telelink.com Monthly Security Bulletin March 2020 This security bulletin is powered by Telelink’s Advanced Security Operations Center The modern cybersecurity threat landscape is constantly evolving. Why Advanced Security New vulnerabilities and zero-day attacks are discovered every day. The Operations Center (ASOC) by old vulnerabilities still exist. The tools to exploit these vulnerabilities are Telelink? applying more complex techniques. But are getting easier to use. • Delivered as a service, which Mitigating modern cyber threats require solutions for continuous guarantees fast implementation, monitoring, correlation, and behavior analysis that are expensive and clear responsibility in the require significant amount of time to be implemented. Moreover, many Supplier and ability to cancel the organizations struggle to hire and retain the expensive security experts contract on a monthly basis. needed to operate those solutions and provide value by defending the • Built utilizing state of the art organizations. leading vendor’s solutions. • Can be sized to fit small, The ASOC by Telelink allows organizations get visibility, control, and medium and large business recommendations on improving their security posture for a fixed and needs. predictable monthly fee. • No investment in infrastructure, team, trainings or required technology. • Flexible packages and add-ons that allow pay what you need approach. • Provided at a fraction of the cost of operating your own SOC. LITE
    [Show full text]
  • Best Practices for Securing the Enterprise in Today's Collaboration
    Best Practices for Securing the Enterprise in Today’s Collaboration-Based World A New Multi-Sponsor Survey, eGuide and Lead-Generation Program In Collaboration with Effectus Media Group, LLC Optional Participation in a Virtual Summit Project OR-JULYESC Effectus Media Group, LLC 2901 West Coast Highway, Suite 200 Newport Beach, CA 92663 C O N F I D E N T I A L WHO SHOULD CONSIDER THIS PROGRAM? This program is intended for sponsorship by any vendor that provides solutions designed to protect collaboration applications and data stores from advanced threats like phishing, ransomware and CEO Fraud/Business Email Compromise/whaling (BEC). Even smaller organizations can use in excess of 100 collaboration applications, including Microsoft Office 365, Microsoft Teams, Slack, Skype, Box, Google Apps, GotoMeeting, and Docusign, as well as a host of apps for individual departments. The intended audience for the eGuide will be decision makers and influencers in mid- sized and large organizations who are charged with evaluating and selecting security solutions. The goal of this program will be to help decision makers and influencers understand the risks of a growing number of collaboration applications, the growing volume of data that they contain, and the growing number and sophistication of advanced threats that can put corporate data at risk. In short, within this threat landscape, what are the best practices enterprises can employ and how can IT organizations regain control of their environments? OVERVIEW Vertical and horizontal collaboration applications with enterprises are now growing by leaps and WHAT THIS PROGRAM bounds. These applications go well beyond just INCLUDES: social networks, but include unified communications, document and workflow A mini-survey of management, and mobile and remote device corporate decision makers connectivity that can serve all employees.
    [Show full text]
  • Hot Topics and Trends in California Consumer Class Actions
    Hot Topics and Trends in California Consumer Class Actions Presented by: Robert B. Milligan, Daniel Joshua Salinas & Darren W. Dummit April 15, 2021 Seyfarth Shaw LLP “Seyfarth” refers to Seyfarth Shaw LLP (an Illinois limited liability partnership). ©2021 Seyfarth Shaw LLP. All rights reserved. Private and Confidential Legal Disclaimer This presentation has been prepared by Seyfarth Shaw LLP for informational purposes only. The material discussed during this webinar should not be construed as legal advice or a legal opinion on any specific facts or circumstances. The content is intended for general information purposes only, and you are urged to consult a lawyer concerning your own situation and any specific legal questions you may have. Seyfarth Shaw LLP “Seyfarth” refers to Seyfarth Shaw LLP (an Illinois limited liability partnership). ©2020 Seyfarth Shaw LLP. All rights reserved. Private and Confidential Agenda 01 COVID-19 Consumer Class Action Developments 02 Latest TCPA Decisions and Trends 03 Eavesdropper and Call Recording Claims Under CIPA 04 Recent Developments in Privacy/Data Breach 05 False Advertising Claims 06 Latest Developments Concerning Arbitration and Class Waivers Latest Decisions and Trends Involving Live Sports, Entertainment, 07 and Recreation ©2021 Seyfarth Shaw LLP. All rights reserved. Private and Confidential 3 Speakers Robert Milligan Daniel Joshua Salinas Darren W. Dummit Litigation Trade Secrets, Computer Litigation LOS ANGELES/ Fraud & Non-Competes LOS ANGELES/ CENTURY CITY LOS ANGELES/ CENTURY CITY CENTURY
    [Show full text]
  • Mimecast's Unified Email Management
    Sponsored by Mimecast Mimecast delivers cloud-based email management for Microsoft Exchange and Microsoft Office 365, including archiving, continuity and security. By unifying disparate and fragmented email environments into one holistic solution that is always available from the cloud, Mimecast minimizes the risk and reduces cost and complexity, while providing total end-to-end control of email. Founded in the United Kingdom in 2003, Mimecast serves more than 10,000 customers worldwide with millions of users and has offices in Europe, North America, Africa, Australia and the Channel Islands. www.mimecast.com 2 M#$3'&%01-#$02)89/:0$6') A+)O@)P'1'&)A&4CC'%') M#"+&-6:1Q)HIJR) ) ) Conversational Exchange Published by Conversational Geek Inc. www.conversationalgeek.com All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. Trademarks Conversational Geek, the Conversational Geek logo and J. the Geek are trademarks of Conversational Geek. All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. We cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.
    [Show full text]
  • Mimecast Enterprise Information Archiving a Single, Secure and Accessible Cloud Archive for Your Business’ Most Important Information
    DATASHEET Mimecast Enterprise Information Archiving A single, secure and accessible cloud archive for your business’ most important information. Mimecast delivers a secure, dependable and highly scalable solution to meet growing information management challenges. A single, tightly integrated cloud platform delivers unified and secure archiving of emails, files and IM conversations. It supports rapid access to content for compliance with regulations, comprehensive e-discovery and litigation readiness as well as granular user search. KEY FEATURES: KEY BENEFITS: l A single, secure cloud platform with unified l Instantly protect valuable intellectual property search for rapid access to all archived content – assets with a purpose-built, highly secure and email, files, IM trusted cloud platform supported by a 100% service availability SLA and guaranteed data l Archive integrity is provided through compliance storage region driven chains of custody for all your archive data l Delight users and speed workflows with rapid l Perpetual retention ensures a long term archive is search and content retrieval through a single, available to support compliance and e-discovery intuitive search interface across a choice of without needing to deploy any additional desktop and mobile apps hardware or significant software l Comprehensive compliance, e-discovery and l Folder based retention and replication of a user’s litigation support through compliance driven Exchange mailbox folder structure combined chains of custody for all your archive data with Exchange
    [Show full text]
  • Fall 2019 Email Security
    2019 FALL CUSTOMER SUCCESS REPORT EMAIL SECURITY SOFTWARE CATEGORY EMAIL SECURITY SOFTWARE OVERVIEW Email security software monitors a company’s outbound and inbound email traffic for malicious and unwanted messages. These tools quarantine or block spam, phishing attacks, and malware. Advanced solutions also provide data loss prevention capability as well as email encryption features for outbound email. Email security software helps to ensure staff compliance and prevent internet threats. The program funnels incoming emails through spam filters and scans messages before transmitting them across a firewall. These tools include user governance or labeling functions to determine malicious actors and stop them from communicating further. Their archiving capabilities enable enterprises to keep a log of past communications for both reference and compliance purposes. 2 Customer Success Report Ranking Methodology The FeaturedCustomers Customer Success ranking is based on data from our customer reference Customer Success Report platform, market presence, web presence, & social Award Levels presence as well as additional data aggregated from online sources and media properties. Our ranking engine applies an algorithm to all data collected to calculate the final Customer Success Report rankings. The overall Customer Success ranking is a weighted average based on 3 parts: Market Leader Content Score is affected by: Vendor on FeaturedCustomers.com with 1. Total # of vendor generated customer substantial customer base & market share. references (case studies, success stories, Leaders have the highest ratio of customer testimonials, and customer videos) success content, content quality score, and social media presence relative to company size. 2. Customer reference rating score 3. Year-over-year change in amount of customer references on FeaturedCustomers platform 4.
    [Show full text]
  • Design – TAG Cyber LLC Finance – M&T Bank Administration – Navitend Research – TAG Cyber LLC Lead Author – Dr
    Design – TAG Cyber LLC Finance – M&T Bank Administration – navitend Research – TAG Cyber LLC Lead Author – Dr. Edward G. Amoroso Researchers – Liam Baglivo, Matt Amoroso, Miles McDonald Facilities – WeWork, NYC TAG Cyber LLC P.O. Box 260, Sparta, New Jersey 07871 Copyright © 2018 TAG Cyber LLC. All rights reserved. This publication may be freely reproduced, freely quoted, freely distributed, or freely transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system without need to request permission from the publisher, so long as the content is neither changed nor attributed to a different source. Security experts and practitioners must recognize that best practices, technologies, and information about the cyber security industry and its participants will always be changing. Such experts and practitioners must therefore rely on their experience, expertise, and knowledge with respect to interpretation and application of the opinions, information, advice, and recommendations contained and described herein. Neither the author of this document nor TAG Cyber LLC assume any liability for any injury and/or damage to persons or organizations as a matter of products liability, negligence or otherwise, or from any use or operation of any products, vendors, methods, instructions, recommendations, or ideas contained in any aspect of the 2018 TAG Cyber Security Annual volumes. The opinions, information, advice, and recommendations expressed in this publication are not representations of fact, and are subject to change without notice. TAG Cyber LLC reserves the right to change its policies or explanations of its policies at any time without notice. September 7, 2017 To the Reader: This 2018 TAG Cyber Security Annual – Volume 1: Outlook for Fifty Cyber Security Controls is a companion guide to the report of similar name issued last year.
    [Show full text]
  • Cyber Resilience for Email TECHNICAL DEEP DIVE Cyber Resilience for Email | Technical Deep Dive
    Cyber Resilience for Email TECHNICAL DEEP DIVE Cyber Resilience for Email | Technical Deep Dive mail. It’s the number-one business application used by organizations. It doesn’t stop there. There are more ways to exploit email that haven’t EIt’s also the number-one method used to execute cyberattacks, enabling been put into broad practice. Mimecast recently provided an example of a malware delivery, phishing, impersonations, and the spread of threats that new attack type we named Ropemaker. Fortunately, we have yet to see this are already internal to your organization. In fact, 91 percent of all attack type in the wild! By using this exploit a malicious actor can change cyberattacks start with an email. And your organization can’t function for the displayed content of a delivered email at any time, post-delivery. This long without email. How many hours of email downtime can your could mean swapping a benign URL with a malicious one in an email already organization comfortably live with? If email isn’t accessible due to an delivered; turning simple text into a malicious URL; or editing any text in the adverse incident like malicious intent, human error or technical failure, your body of an email, whenever the attacker wants to – and all of this can be organization would likely suffer from reputational damage, internal done without direct access to an inbox – after delivery. The point is operational issues, and financial loss. attackers are not standing still and so the defenders must not either! Meanwhile, the use of Microsoft Office 365 is massive, and adoption It’s Time for a New Approach is accelerating.
    [Show full text]