Enterprises should not only be worried about attacks from outside but also activities by employees that make their networks vulnerable to risk. Often this employee activity is not intended to be malicious on purpose, but lack of education and mistakes by employees who do not know the consequences of their actions can lead to security […]
A study analyzed data from 600 IT and security professionals, 3,500 employees from IT firms, 100 million simulated phishing attacks and 15 million suspicious emails. 83% of organizations had a successful email-based phishing attack in 2021, up from 46% in 2020. 78% of organizations had a ransomware attack where a phishing email was the initial […]
Dormant ransomware is becoming more common, where attackers lurk on a target system for up to 18 months, conducting cyber-reconnaissance to determine when an organization is most vulnerable to attack. Attackers want to cause the most damage as possible to gain the most leverage for blackmail. Thus, attackers may know an organization’s systems better than […]
Even if hackers can get a user’s login credentials through a phishing scam, often multi-factor authentication (MTA) means that the account remains protected by a one-time passcode. However, a phishing attack framework using reverse proxies can bypass MTA. A feature added to Google in 2019 prevents login from reverse proxies. A new method forgoes the […]
A study by Enterprise Strategy Group surveyed 398 IT and cybersecurity professionals responsible for security hygiene and posture management. It found that many parts of cybersecurity are managed independently and with archaic tools, giving organizations limited visibility and weak defenses. Weaknesses identified by the study include the use of spreadsheets for security hygiene, poorly managed […]
A custom malware named SockDetour was recently found on U.S. defense contractors’ machines and works filelessly and socketlessly on infected Windows servers by hijacking network connections, making it harder to detect. SockDetour has been used as a backup backdoor to maintain access to compromised networks. The connection hijack is accomplished using an actual Microsoft Detours […]
The internet is not a secure communication network and it is highly possible a major company will be the target of sophisticated attacks aimed at breaching their private data. Companies should not only consider the likelihood of a data breach attack but also the magnitude. In order to weigh the costs of a data breach […]
