“The best way to stop these [BECs] is to switch on DMARC with the strongest policy (“p=reject”) as default.” – Phil Muncaster (Infosecurity-Magazine) Phil Muncaster shares this advice – which could help protect against a Business Email Compromise (BEC) scam – in his article on the uncovering of information that… Continue Reading DMARC: Defenses against Business Email Compromise Attacks

Ransomware attacks in Maryland could soon attract fines of up to $100,000 and 10 years in prison. Maryland Senate bill 151, cross-filed with House bill 211, indents to define ransomware attacks that result in losses greater than $1000 as felony, and would be punishable by fines of up to $100,000… Continue Reading Ransomware Attacks Could Soon become a Felony with Maryland Bill

While going through articles published on ZDnet by Stilgherrian, I came across one of his old articles published in 2017 on a cyber-heist incident involving a subcontractor. The article led me to the Australian Cyber Security Centre (ACSC) website. ACSC recommends eight cybersecurity strategies for organizations. These strategies can help mitigate cyber… Continue Reading The Essential Eight – Strategies to Mitigate Cyber Threats

Note: We request users and network administrators to go through the documents listed at the bottom of this article, and share them with your cybersecurity experts. The three documents might help you review your security measures, and guard against SamSam ransomware attacks. As per the 2017 State of Endpoint Security Risk… Continue Reading How to Protect Your Network Against SamSam Ransomware Attacks

In an article last week, we highlighted the case of a Dutch firm that lost €19m ($21m) to a Business Email Compromise (BEC) scam to push forward the idea of having strong security measures for preventing BEC Scams. Today, we came across the news of a (rather old) BEC incident… Continue Reading Preventing BEC Scams: Manual controls and multi-person authorization

The 2nd quarter phishing activity trends report published by the anti-phishing working group (APWG) has reported a jump in the number of phishing attacks using encryption to fool victims. As per the APWG report, 35% of phishing attacks in the second quarter of 2018 were hosted on websites with HTTPS and… Continue Reading Phishing Trends Report a Jump in Phishing Attacks Using Encryption

I just came across this post by Alastair Paterson of Security Week highlighting that attackers are monetizing non-traditional methods to compromise business accounts (BEC and EAC). Alastair points at three alternative methods that are being successfully put at work: Using email credentials purchased from criminal forums, Re-trying the credentials of already… Continue Reading 7 Security Measures Against BEC You CANNOT Neglect

On September 27th, with a public service announcement, the Internet Crime Complaint Center (IC3) has warned businesses and individuals that RDP accesses are being sold on dark markets, and malicious actors can infiltrate the connection between machines and inject malware or ransomware into the remote system. Possible threats include ransomware… Continue Reading RDP access is too risky to use, IC3 warns

Recovering from a ransomware attack without paying ransom is BIG news – especially for small healthcare providers whose operations could get disrupted indefinitely in case of such a breach. An Iowa clinic has managed to do and that too within a day’s period. Jones eye clinic and its affiliated surgery… Continue Reading Iowa Clinic Ends Ransomware Attack without Paying

On Sept 5, 2018, law enforcement alerted Inova Health of a data breach. It appears that their billing systems were accessed by a bad actor using an employee’s credentials first in January 2017, and then again, between July-October 2017. The breach has impacted 12,331 patients. An article by Databreaches.net points… Continue Reading What makes strong passwords so important?