As a long-established online attack strategy, phishing remains a popular tool for fraudsters because of its effectiveness. The Anti-Phishing Working Group reported more than 300,000 distinct phishing attacks in December 2021 -- more than three times the number reported in early 2020, and the highest monthly total ever identified. more
We've all heard the term, "you're only as strong as your weakest link." Whether talking about a tug of war on the playground, a sports team, or a business, this rings as true as ever. Every business relies on a series of suppliers and vendors -- be it the dairy farm supplying milk to the multinational food manufacturer or the payment systems that retailers use. These links form supply chains that every business, large and small, deals with. There is simply no way around it. more
The invasion of Ukraine by Russia on 24 February, and the events since, have shocked and horrified the world. The immediate focus must be on protecting the safety, security and human rights of the Ukrainian population. But we can already see how the war will also impact broader global events, discussions and behaviour, particularly relating to the digital environment. more
Hackers are using company domain names for malicious attacks more than ever before. Established research shows that phishing and related malware attacks most commonly occur from a compromised or hijacked legitimate domain name, a maliciously registered, confusingly similar domain name, or via email header spoofing. Domain security intelligence is the first line of defense in preventing domain cyberattacks. more
The UK government is proposing new regulations to strengthen cyber resilience in the private sector. Their intention is to expand cybersecurity rules for critical infrastructure (CI) operators to include managed service providers (MSPs), more stringent breach notification requirements, and legislation to establish the UK Cyber Security Council as the standards development organization for the cybersecurity profession. This is a welcomed development, but more details about implementation and enforcement are needed. more
As a designated committee of experts prepares to draft a new treaty to combat the use of information and communications technologies in cybercrime at the UN in January 2022, it is paramount that other stakeholders oversee these discussions to avoid violating human rights on the Internet. This initiative was kickstarted by a 2019 resolution led by Russia and endorsed by other countries considered by many to behavior controversially on cybersecurity matters, such as China, Venezuela, Cambodia, North Korea, and others. more
Recently I was asked by a customer how they can easily set up rollback capabilities on the endpoints in their corporate network. They had seen the marketing hype by various security technology providers that their products included rollback capabilities they could utilize if/when one of their workstations or servers was infected by malware. Having gotten this question more than once, I thought it would be a good subject to share with a broader audience. more
With cybercrime on the rise, companies in 2021 have experienced increased ransomware attacks, business email compromise (BEC), phishing attacks, supply chain attacks, and online brand and trademark abuse. While domain cyber risk is rising, the level of action being taken by Forbes Global 2000 companies to improve their domain security posture has remained unchanged, leaving these companies exposed to even more risk. The risk of not addressing your domain security can be catastrophic. more
Much has been said about the criticality of the small coterie of large-scale content distribution platforms and their critical role in today's Internet. These days when one of the small set of core content platforms experiences a service outage, then it's mainstream news, as we saw in June of this year with outages reported in both Fastly and Akamai. In the case of Akamai, the June outage impacted three of Australia's largest banks, their national postal service, the country's reserve bank, and one airline... more
Colonial Pipeline, which accounts for close to half of the United States East Coast's fuel, has shut down its operations due to a cyberattack. The incident, believed to be the largest successful cyberattack on oil infrastructure in the U.S., was disclosed over the weekend. more
In light of the Biden administration's recent efforts in protecting critical infrastructure from cyber threats, new research from CSC indicates that a majority of the top energy companies in the U.S. are vulnerable to attack due to shortcomings in their online operations. Specifically, these organizations are vulnerable to domain name and domain name system (DNS) hijacking and phishing attacks based on their lack of effective domain security. more
We see the problems that we are facing within an increasingly digital society and economy. We cannot go backward; the only way forward is to ensure that this new digital environment is made as safe as possible from a personal, social, political and economic perspective. We are currently struggling on these fronts. Unfortunately, we have now clearly entered a situation of cyber warfare. States now use digital technologies to impose and undermine ideologies. more
Cyber attackers are very skilled at infiltration. They'd find ways into a house through cracks and holes that the homeowner doesn't know about. Analogically speaking, that's what the new cyber attack group dubbed "Hafnium" did when they identified several zero-day Microsoft Exchange vulnerabilities to get into target networks. With thousands of users for every Microsoft Exchange server, the attack has far-reaching implications. First, it establishes the presence of a new threat actor group in town. What else could they be up to? more
Domain names, domain name systems (DNS), and digital certificates are fundamental components of the most important applications that enable your company to conduct business - including your website, email, voice-over IP, and more. However, these vital applications are being attacked with an increasingly high level of sophistication and severity. more
A recent survey conducted by the Neustar International Security Council confirmed the heightened interests on domain name system (DNS) security. The survey reveals that over three-quarters of cybersecurity professionals anticipate increases in DNS attacks, especially with more people shopping online amid the pandemic. Yet, close to 30% have reservations about their ability to respond to these attacks. more
A World-Renowned Source for Internet Developments. Serving Since 2002.