You are here

Home

Cybersecurity

Most BEC Scams Perpetrated with Plain Text Emails, According to Study of 3,000 Incidents

To better understand the goals and methodology of business email compromise (BEC) scams, cybersecurity company Barracuda compiled statistics from 3,000 incidents it observed. Among other findings, Barracuda observed that about 60 percent of BEC attacks do not involve a link: the attack is simply a plain text email intended to fool the recipient to commit a wire transfer or send sensitive information. Because they don't contain any suspicious links, these messages often go undetected by email security systems.

Cyber Resilience – Leverage Your Best Asset to Support Your Cybersecurity Program

Utilities struggling to build a cyber-defense team do not have to look beyond their own walls to find qualified staff to help defend the organization. Tripwire offers food for thought on the benefits of cybersecurity education and awareness in cultivating security champions for your organization that will help, rather than hinder your cybersecurity efforts. Phrases like “cybersecurity is a shared responsibility,” and “create a culture of cybersecurity from the breakroom or the boardroom” have been key topics promoted by the cybersecurity community in recent years.

FBI Launches Education for Public on Recognizing and Combating Foreign Influence

The FBI has launched a webpage on combating foreign influence, which include covert actions by foreign governments to influence U.S. audiences. The goal of foreign influence operations directed against the U.S. is to spread disinformation, sow discord, and undermine confidence in democratic institutions and values. Foreign influence operations have taken many forms and used many tactics over the years.

Scammers Threaten to “Review Bomb” Companies Unless They Pay

In the latest development in how cyber criminals are evolving their means of trying to extort cash from victims, a group threatened to spread fake, negative reviews and complaints about companies unless they paid the group a fee. “We are experts in destroying personal or company reputation online,” the group, calling itself STD Company, wrote to its targets.

Seven Steps to Start Searching for Your Organization’s Publicly Accessible Internet-Connected Devices with Shodan

DARKReading has posted a seven step tutorial for how to start using Shodan, a search engine for discovering Internet-connected devices, including industrial control system devices part of water and wastewater utilities’ networks. Shodan can be a powerful tool for security professionals as they seek to understand where parts of their networks are observable to outsiders, and potentially vulnerable to their attacks. WaterISAC has encouraged its members to identify areas of their OT networks that are publicly accessible, lest adversaries do this first.

ICS Cyber Resilience - Don't Forget About Legacy Equipment

Tripwire has posted an article on the importance of considering, or rather not forgetting about legacy ICS equipment in the overall cyber resilience strategy. Originally designed to last for decades - a significantly longer lifespan than most modern technology - legacy equipment often lacks the ability to be updated/upgraded in place without the need to replace devices or completely overhaul the system.

Malicious Actors Hide in Plain Sight

Windows OS utilities like Powershell, PSExec, and other commonly available tools have made life easier for cyber threat actors. Symantec discusses this concept widely known as “living-off-the-land” that often provides attackers with greater benefits than creating their own malware. Malicious actors are taking advantage of these utilities to hide in plain sight as they know defenders often do not flag related activity for looking suspicious.

The Role Al Qa’ida Plays in Cyber Terrorism

Although al Qa’ida is better known for its physical terror attacks than its cyber presence, it has practiced cyber terrorism and appears to be attempting to grow its capabilities in this area, according to an article in Small Wars Journal. Historically, the group’s cyber activities have been limited to using the Internet and social media to spread its jihad message as well as a few relatively minor attacks, such as website defacements.

Pages

Subscribe to Cybersecurity