How online learning may have opened the door for ransomware in higher ed
PYSA ransomware, a variant of Mespinoza ransomware, has been actively targeting the education sector in the past months. According to the FBI, ransomware, malware and DDoS attacks have compromised a number of critical sectors, yet educational institutions in the US and the UK seem to be the preferred target for now. Has online learning triggered […]
F.B.I. Reveals 70% Year-Over-Year Increase in Reported Cybercrime
The F.B.I. has just published its latest report on cybercrime complaints it received in 2020. The picture drawn should raise concerns for most CISOs, and unfortunately raises even more questions than providing answers. The main take-away from the report is that 791,790 cybercrime complaints were made in 2020. Those complaints were responsible for over US$4.2 […]
Renting A Canadian Bot for Less than the Price of Dinner for Two
A botnet is a network of computers infected with malware that allows a malicious actor – the botmaster – to control them remotely. The infected computers – the bots – communicate with a command and control server (C&C) to receive their orders. The use cases for bots are too numerous to list here, but […]
How Long Have You Thought about Backup Management this Month?
We all know we should have backups. It’s not a task we particularly love doing, and it is definitely something that we forget to do unless automated. How many people religiously plugged in their iPhone in their computer to back it up a few years ago, when backups were not sent automatically to the cloud […]
The Criminal Underground: the Last Refuge of Banner Ads
In the 2000s, banner ads became popular notably through Google. The search engine has enabled marketers to reach a vast audience through a standard visual message that fit on any web page. Just like containers for shipping, banner ads were standardized to make it easier to share and post on multiple platforms. While useful for […]
The Mirage of Encrypted Phones, and Why They Fail
In June 2014, the company Silent Circle launched the first version of its Blackphone. This device, running a modified version of Android, promised to reign in difficult to understand privacy and security settings to make it easy to communicate securely. Blackphone users were supposed to be able to make encrypted calls and send encrypted messages […]
5 Dark Web Questions Security Professionals Need Answered
We recently participated in Datavore conference where we reflected on our 9 years of experience in collecting intelligence on the dark web and monitoring malicious actors. Over the years, the tools, strategies and targets have changed considerably, and this walk down memory lane was an opportunity to gather our insights in how and why we […]
The Threat of Synthetic Identity Fraud for Businesses and Consumers
Financial crimes have increased during the pandemic, with nearly 60% of companies reporting synthetic identity fraud attacks and account takeover in 2020. The Federal Reserve warns this is one of the most prevalent types of fraud in the U.S., actively targeting financial institutions such as banks and credit bureaus. In 2017, for instance, 1 million […]
Outsourcing Security to MSSP or MDR Services Could Bridge the Gap Between Talent and Budget
Is cybersecurity still going to be part of the conversation when the pandemic is over? If Covid-19 has taught us anything, it is to accept that, moving forward, cybersecurity will be a critical component of hybrid work environments. The pandemic has likely made security teams more aware of digital risks and of the importance of […]
The Ins and Outs of Illicit Chat Rooms
Over the past decade, the dark web has attracted much of the attention in the security field as the premier source of threats for companies. Our years of monitoring the dark web have helped better understand what it is, and most importantly, is not. The dark web is host to many dynamic malicious actor communities. […]
