Cybercrime is first and foremost financially motivated. Cybercriminals look for lucrative targets, including social media networks with hundreds of millions of monthly active users. We put this perspective to the test by analyzing the domain attack surface of three of today's largest social media platforms.
Just as no man is an island, no company can perform core functions without other organizations' help. This fact is highlighted in today's age of outsourcing, partnership, and third-party connections. Unfortunately, threat actors have also found a massive opportunity in these relationships.
Almost every transaction on the Internet is riddled with risks, and the use of online payment processing platforms is no exception. With more people opting to transact online and use digital wallets, threat actors have much to gain by targeting online payment processing platforms.
Every organization faces two kinds of cyber threats daily - "known" and "unknown" ones. Known threats are those that security experts have discovered, often published in blogs and major news outfits with accompanying indicators of compromise (IoCs). Unknown threats, meanwhile, are those that remain hidden to victims and researchers. IoCs for these have yet to be identified and disclosed.
For those actively pursuing mergers and acquisitions, now is the time to do extensive due diligence to understand any implications around intellectual property (IP) and, more importantly, to understand what cybersecurity risks there may be.
Following a public announcement from the FBI and CISA warning the public to avoid spoofed election-related internet domains, CSC announced research findings that show the overwhelming majority of registered typo domains related to the election are vulnerable.
When brands think about registering a trademark, it's natural to consider the classes that match the direct nature of their products and services. A car manufacturer would register under vehicles; an apparel brand would register in clothing, footwear, and headwear – and perhaps jewelry if they offer accessories.
Most businesses rely on third-party entities to outsource certain functions, save on costs, and strengthen their cybersecurity capabilities. While working with external providers makes perfect business sense, it also poses cyber risks.
Threat actors usually ride on a brand's popularity to make phishing campaigns believable. A common approach involves registering typosquatting domains that closely resemble those of the legitimate owners. Yet monitoring typosquatting domains may just be the tip of the iceberg in the fight against phishing.
Phishing attacks' success can be partially attributed to threat actors' use of branded domain names, including both legitimate and misspelled variants. It's no wonder, therefore, that blacklisting sites like PhishTank provide users a way to search phishing URLs by target brand.