social engineering

Results 1 - 25 of 30Sort Results By: Published Date | Title | Company Name

Radically Reduce Susceptibility to Email Attacks

Published By: Barracuda     Published Date: Oct 14, 2019
Traditional email-security defenses aren’t enough anymore. In today’s rapidly evolving threat environment, to stop email-borne threats, you must effectively defend against phishing and other potentially-devastating social-engineering attacks. These sophisticated threats are often able to bypass defenses using back-door techniques, including email spoofing, spear phishing and personal email fraud to penetrate network defenses and wreak havoc. Here’s a total email-protection strategy that can help radically reduce an organization’s susceptibility to attacks.
Tags : 
    
Barracuda

Cybercrime Tactics and Techniques Q1 2019

Published By: MalwareBytes EMEA     Published Date: May 10, 2019
Enterprises, beware. Threat actors are continuing to eye businesses for high returns on investment in Q1 2019, breaching infrastructure, exfiltrating or holding data hostage, and abusing weak credentials for continued, targeted monitoring. From a steadfast increase of pervasive Trojans, such as Emotet, to a resurgence of ransomware lodged against corporate targets, cybercriminals are going after organizations with a vengeance. Yet every cloud has a silver lining, and for all the additional effort thrown at businesses, consumer threats are now on the decline. Ransomware against consumers has slowed down to a trickle and cryptomining, at a fever pitch against consumers this time last year, has all but died. Interestingly, this has resulted in an overall decline in the volume of malware detections from Q4 2018 to Q1 2019. While threat actors made themselves busy with challenging new victims, they ensnared targets in the old ways, using tried-and-true malspam and social engineering tactic
Tags : 
    
MalwareBytes EMEA

The Human Factor Report 2017

Published By: Proofpoint     Published Date: Jun 22, 2017
Human targeted attacks continued to lead the pack in 2016. Attackers’ used automation and personalisation to increase the volume and click-through rates of their campaigns. Taking a page from the B2B e-marketer’s playbook, cyber criminals are adopting marketing best practices and sending their campaigns on Tuesdays and Thursdays when click-through rates are higher. Meanwhile, BEC and credential phishing attacks targeted the human factor directly--no technical exploits needed. Instead, they used social engineering to persuade victims into sending money, sensitive information and account credentials. Timing is everything—attackers know that hitting your employees with a well-crafted email at the just the right time produces the best results. Of course, this varies by region. So if you are responsible for worldwide SecOps, you need visibility into not only attack patterns but also when and which employees tend to click.
Tags : 
security solutions, ransomware, security technologies, protection technologies, malicious email, it security, server protection
    
Proofpoint

Call Center Fraudsters: Part I Unmasked

Published By: Pindrop Security     Published Date: Apr 26, 2018
As fraudsters grow in sophistication and experience, they often aren’t acting alone. Syndicated crime rings are big business around the world. In the fraud economy, different fraudsters specialize in different aspects of the attack, from gathering data and creating profiles of targeted victims, to socially engineering call center agents, to creating tools like robotic dialers. These fraudsters might work alone, selling their skills on the black market. In other cases, fraudsters are running entire call centers overseas dedicated to executing attacks.
Tags : 
    
Pindrop Security

Call Center Fraudsters: Part I Unmasked

Published By: Pindrop Security     Published Date: Apr 26, 2018
As fraudsters grow in sophistication and experience, they often aren’t acting alone. Syndicated crime rings are big business around the world. In the fraud economy, different fraudsters specialize in different aspects of the attack, from gathering data and creating profiles of targeted victims, to socially engineering call center agents, to creating tools like robotic dialers. These fraudsters might work alone, selling their skills on the black market. In other cases, fraudsters are running entire call centers overseas dedicated to executing attacks.
Tags : 
    
Pindrop Security

State of Threat Detection

Published By: Fidelis Cybersecurity     Published Date: May 15, 2019
Cybercriminals have been upping their game this year; the use of file-less attacks with macros and PowerShell scripts to evade preventive defenses and sandboxes mean that they are getting better than ever at using phishing, social engineering and drive-by techniques to gain initial footholds in private domains – and once they arrive, they are often avoiding detection for extended periods of time. Between April and July 2018, Fidelis interviewed over 580 security professionals from around the globe to understand how they are shifting their detection strategies and how confident organizations are in their ability to not only prevent targeted attacks – but root out threats that have by-passed traditional preventive defenses.
Tags : 
    
Fidelis Cybersecurity

The BEC Survival Guide

Published By: Proofpoint     Published Date: Aug 10, 2017
BEC attacks are a growing threat to businesses because they prey on vulnerabilities that can’t be patched: people. That’s why employee training, financial controls, and especially technology are the keys to a strong defense and timely response. You need need a solution that does not solely depend on reputation and basic email filtering. With granular controls, advanced email solutions can identify and quarantine impostor emails before they reach an employee’s inbox.
Tags : 
security awareness, social engineering, impostor emails, email flags, financial institution, bec threats, suspicious messages
    
Proofpoint

Advanced Network Protection with McAfee Next Generation Firewall

Published By: McAfee     Published Date: Sep 15, 2014
Attacks today incorporate increasingly sophisticated methods of social engineering and client-side software manipulation to exfiltrate data without detection. Some attackers leverage so-called spearphishing to entice employees to give up access information and spread their attacks to other enterprise systems; others use password crackers against compromised applications in order to gain further access rights to the network. The attackers might also set up channels for command and control communications with the compromised systems, as in the case of the Zeus or SpyEye bot infections.
Tags : 
network protection, it security, firewall, hacker detection, security management
    
McAfee

Dyre malware games the test

Published By: Vectra Networks     Published Date: Aug 03, 2015
The Dyre family of banking malware is back in the news after researchers recently observed that the malware incorporated tricks to avoid detection in malware sandboxes. Previously, Dyre was most notable for targeting high value bank accounts, including business accounts, and incorporating sophisticated social engineering components to overcome the 2-factor authentication used by most banks.
Tags : 
malware, data, malware, banking, malware sandbox, authentication, two-factor authentication, identity management
    
Vectra Networks

Whitepaper: Site Reliability Engineering

Published By: Rackspace     Published Date: Apr 15, 2019
Scale events — like online sales and digital product launches — present great revenue opportunities, but they also present large risks to your business. Whether you are a retailer preparing for Black Friday and Cyber Monday, or a digital vendor launching a new service, your brand is both at its most visible and its most vulnerable during these scale events. Many more customers visit your site over a short period of time, raising the potential for resource constraints and discovery of software bugs. Information about issues spreads quickly via social media and news outlets. And, your customers typically spend more per transaction, so every lost order has a greater negative impact on your bottom line. Site reliability engineering (SRE) can help you better prepare for scale events through an iterative cycle of data-driven improvement.
Tags : 
    
Rackspace

Advanced Persistent Threats: Detection, Protection and Prevention

Published By: Sophos     Published Date: Mar 30, 2017
Many papers on the topic of advanced persistent threats (APTs) begin with ominous references to the changing threat landscape and stories of how highly sophisticated cyber attacks are becoming more prevalent. That can be misleading. The majority of attacks today still use many techniques that have been around for years—social engineering, phishing emails, backdoor exploits and drive-by downloads, to name the biggest ones. Such attacks are neither advanced nor particularly sophisticated when broken down into their individual components and often rely on the weakest link in any organization—the user. However, the way in which hackers use combinations of techniques and the persistent behavior of the attackers is something that does set APTs apart from other attempts to compromise security. This paper is designed to give you an overview of the common characteristics of APTs, how they typically work, and what kind of protection is available to help reduce the risk of an attack.
Tags : 
network security, firewall, data security, antivirus protection, email protection, virtual security, web protection, wireless protection
    
Sophos

Call Center Fraudsters: Part I Unmasked

Published By: Pindrop Security     Published Date: Mar 21, 2018
As fraudsters grow in sophistication and experience, they often aren’t acting alone. Syndicated crime rings are big business around the world. In the fraud economy, different fraudsters specialize in different aspects of the attack, from gathering data and creating profiles of targeted victims, to socially engineering call center agents, to creating tools like robotic dialers. These fraudsters might work alone, selling their skills on the black market. In other cases, fraudsters are running entire call centers overseas dedicated to executing attacks.
Tags : 
    
Pindrop Security

Privileged Account Management for Dummies

Published By: Group M_IBM Q2'19     Published Date: Apr 11, 2019
The increase in sophisticated, targeted security threats by both external attackers and malicious insiders have made it extremely difficult for organizations to properly protect critical and sensitive information. The task of protecting these assets has only grown harder as IT environments have become more complex and widely distributed across geographic locations and in the cloud. Many recent high-profile breaches have one thing in common: They were accomplished through the compromise of passwords. In many cases, end-user passwords are initially hacked through various social engineering techniques. Then permissions are escalated to gain access to more privileged accounts — the keys to the kingdom. This unauthorized access can easily go undetected for weeks or even months, allowing hackers to see and steal information at their convenience. Unfortunately, many IT users lack a full understanding of how privileged accounts function, as well as the risks associated with their compromise an
Tags : 
    
Group M_IBM Q2'19

Security Advisory: New Email-Borne Malware Campaign Highlights Danger Of Over Reliance On Sandboxes

Published By: Mimecast     Published Date: Jan 03, 2017
Mimecast has detected and blocked a dangerous new campaign that uses social engineering and advanced sandbox evasion techniques to deliver stealthy malware. This Email Security Advisory from Mimecast offers: - Detailed attack analysis - Mimecast viewpoint - reduce sandbox reliance - Weaponized attachments - prevention and recommendations
Tags : 
mimecast, security, email security, email, cyber security, malware
    
Mimecast

How to Stop the Rising Tide of Impersonation Attacks

Published By: Mimecast     Published Date: Apr 18, 2017
"Whaling attacks have risen in recent months and these emails are more difficult to detect because they don’t contain a malicious hyperlink or attachment, and rely solely on social-engineering to trick their targets. In order to combat these attacks, organizations must be aware of the dangers presented by whaling, or CEO fraud, and put the right safeguards in place. Mimecast conducted a whaling attack survey with 500 organizations around the globe and the results were alarming. Read this report to learn: - The five key phases of a whaling attack - How to protect your organization from a whaling attack through company exercises, education, and technology. - What Mimecast is offering to combat these attacks in its industry-leading Targeted Threat Protection service."
Tags : 
cyber security, cyber fraud, impersonation attacks, ceo fraud, whaling
    
Mimecast

A New Mandate for IAM with Multifactor Authentication

Published By: OKTA     Published Date: Sep 26, 2017
Cyberbreaches aren’t just in the news—they are the news. Yet headlines rarely mention the No. 1 source of those breaches: weak or stolen passwords. Whether they involve malware, hacking, phishing, or social engineering, the vast majority of breaches begin with account compromise and credential theft, followed by dormant lateral network movement and data exfiltration. In fact, weak or stolen passwords account for a staggering 81% of breaches, according to the Verizon 2017 Data Breach Investigations Report. Not surprisingly, a new Okta-sponsored IDG survey finds that identity access management (IAM) is a top priority for nearly three-quarters (74%) of IT and security leaders. Yet the same survey uncovers widespread concern that their current IAM implementations are falling short. Just one worrisome example: Fewer than one-third (30%) of respondents report a good or better ability to detect a compromise of credentials. The following report explores the gap between respondents’ aspiratio
Tags : 
    
OKTA

Understand the Four Phases of A Cyber Attack

Published By: McAfee     Published Date: Feb 06, 2013
There is no single anti-malware product that can block all malware infiltration and subsequent activity. The only way to combat the malware threats is through an end-to-end, integrated, real-time, context-aware, holistically-managed system.
Tags : 
threat protection, security threat landscape, malicious sites, phases of network attack, social engineering, configuration error, persistant code, rootkits
    
McAfee

What’s New in the Windows 10 Security Log

Published By: LogRhythm     Published Date: Aug 08, 2016
Among the countless changes in Windows 10 Microsoft has provided IT organizations more visibility into auditable actions on Windows 10 machines and the resulting events in the Security Log. Understanding these enhancements is important because we need every edge we can get to detect endpoint intrusions. Threat actors use a sophisticated mix of phishing, social engineering, and malware to attempt to compromise any user within an organization. A seemingly benign order request sent to a salesperson or a benefits summary to someone in HR can contain attachments infected with malware. Once such payloads are in, the goal is to determine how to leverage current users and other accounts on the compromised machine to access valuable and sensitive data, as well as how to spread out within the organization and repeat the process.
Tags : 
microsoft, security, best practices, data, business analytics, business management, business technology
    
LogRhythm

Social Engineering - Fraud is evolving — are you?

Published By: FICO     Published Date: Feb 06, 2018
Interpol reports social engineering as the “broad term that refers to the scams used by criminals to trick, deceive and manipulate their victims into giving out confidential information and funds.” Scammers use sophisticated psychological manipulation techniques to build a level of trust with their victim, having them divulge confidential information or authenticate the fraudulent activity as genuine. They will typically claim to be from the bank or well known and trusted consumer brands.
Tags : 
social, engineering, fraud, cyber, security, scams
    
FICO

The New Phishing Threat: Phishing Attacks

Published By: Proofpoint     Published Date: Apr 06, 2012
Download Proofpoint's free email security whitepaper discussing the latest trends in email phishing attacks, how they work, and how to protect your email users against them.
Tags : 
phishing, email security, phish, email, attacks, blended threats, social engineering, outbound spam
    
Proofpoint

2010: Cybercrime Coming of Age

Published By: ESET     Published Date: Feb 11, 2010
This document combines the thoughts of both Research teams in ESET Latin America and ESET, LLC into a single paper, proposing a comprehensive vision of how the threatscape is likely to evolve in 2010.
Tags : 
eset, cybercrime, security, threat, crimeware, botnets, malware, social engineering
    
ESET

Survey Says You Have Big Concerns about Advanced Malware

Published By: McAfee     Published Date: Apr 25, 2014
You spoke and we listened. Today’s advanced malware threats have you spending a lot of resources fighting an uphill battle. The answer is McAfee Advanced Threat Defense—so you can find, freeze, and fix threats.
Tags : 
advanced malware, maware threats, malware problems, malware attacks - rootkits, phishing, zero-access, trojans, apts
    
McAfee

Defense throughout the Vulnerability Life Cycle with Alert Logic Threat and Log Manager

Published By: Alert Logic     Published Date: Jun 12, 2014
New security threats are emerging all the time, from new forms of malware and web application exploits that target code vulnerabilities to attacks that rely on social engineering. Defending against these risks is an ongoing battle. Download to learn more!
Tags : 
cloud security, vulnerability management, vulnerabilities, patching, patch management, security, it management
    
Alert Logic

Old Techniques, New Channel: Mobile Malware Adapting PC Threat Techniques

Published By: IBM     Published Date: Dec 01, 2014
With the rise of mobile usage and increased mobile banking functionality, cyber criminals are targeting the mobile channel with advanced malware, cross channel attacks across online and mobile and social engineering that have typically been seen on the PC.
Tags : 
mobile malware, mobile usage, mobile security, cybercrime, security, it management, wireless, knowledge management
    
IBM

How to Design an Effective Program to Protect Your Organization Against Social Engineering

Published By: Rapid7     Published Date: Apr 04, 2013
This whitepaper examines the many different methods employed in phishing attacks and social engineering campaigns, and offers a solution-based approach to mitigating risk from these attack vectors.
Tags : 
rapid7, protect organization, attacks via phishing, solution based approach, mitigating risks, intrusion detection, intrusion prevention, phishing
    
Rapid7
Previous   1 2    Next    
Search      

Add Research

Get your company's research in the hands of targeted business professionals.