Business of Sending Spam
While malicious actors have developed countless attack methods, spam remains to this day a significant threat vector for companies. The most recent statistics on spam are indicative of the danger that spam poses: 95% of all attacks targeting enterprise networks are caused by successful spear phishing. A single spear phishing attack results in an average […]
What kind of data could your PDF files be leaking online?
In the 2003 timeframe leading up to the Iraq war, a British government representative published a Word document on their website, containing information related to “Iraq’s security and intelligence organizations.” This information had been previously referenced by Colin Powel during a United Nations address. When the British dossier was made public, it was revealed the […]
All Is Fair In Darknet Wars
For anyone trying to collect data on the darknet, the last three years have been an incredible challenge. The dark net used to be a collection of simple marketplaces that could be easily indexed and crawled, though sometimes slowly because of the size of some of the markets. Alpha Bay, for example, had an estimated […]
How online learning may have opened the door for ransomware in higher ed
PYSA ransomware, a variant of Mespinoza ransomware, has been actively targeting the education sector in the past months. According to the FBI, ransomware, malware and DDoS attacks have compromised a number of critical sectors, yet educational institutions in the US and the UK seem to be the preferred target for now. Has online learning triggered […]
F.B.I. Reveals 70% Year-Over-Year Increase in Reported Cybercrime
The F.B.I. has just published its latest report on cybercrime complaints it received in 2020. The picture drawn should raise concerns for most CISOs, and unfortunately raises even more questions than providing answers. The main take-away from the report is that 791,790 cybercrime complaints were made in 2020. Those complaints were responsible for over US$4.2 […]
Renting A Canadian Bot for Less than the Price of Dinner for Two
A botnet is a network of computers infected with malware that allows a malicious actor – the botmaster – to control them remotely. The infected computers – the bots – communicate with a command and control server (C&C) to receive their orders. The use cases for bots are too numerous to list here, but […]
The Criminal Underground: the Last Refuge of Banner Ads
In the 2000s, banner ads became popular notably through Google. The search engine has enabled marketers to reach a vast audience through a standard visual message that fit on any web page. Just like containers for shipping, banner ads were standardized to make it easier to share and post on multiple platforms. While useful for […]
The Mirage of Encrypted Phones, and Why They Fail
In June 2014, the company Silent Circle launched the first version of its Blackphone. This device, running a modified version of Android, promised to reign in difficult to understand privacy and security settings to make it easy to communicate securely. Blackphone users were supposed to be able to make encrypted calls and send encrypted messages […]
5 Dark Web Questions Security Professionals Need Answered
We recently participated in Datavore conference where we reflected on our 9 years of experience in collecting intelligence on the dark web and monitoring malicious actors. Over the years, the tools, strategies and targets have changed considerably, and this walk down memory lane was an opportunity to gather our insights in how and why we […]
The Threat of Synthetic Identity Fraud for Businesses and Consumers
Financial crimes have increased during the pandemic, with nearly 60% of companies reporting synthetic identity fraud attacks and account takeover in 2020. The Federal Reserve warns this is one of the most prevalent types of fraud in the U.S., actively targeting financial institutions such as banks and credit bureaus. In 2017, for instance, 1 million […]
