The Ongoing Reciprocal Relationship Between APTs and Cybercriminals

The two main villains of the cyber security world are the nation state-backed Advance Persistent Threats (APTs) and cybercriminals, with their comprehensive infrastructure and circles known as the dark web. Both threat actors are independent, each with its own goals, actors and methods. However, over the years there has been quite a lot of cross-pollination […]

Cyber Warfare May be Losing Its Advantage of Deniability

Cyberspace has been added to the fighting doctrine of almost all militaries today and for good reasons. One of the greatest advantages of attacking an enemy state through cyberspace is plausible deniability. Even if in the post-mortem of an attack the researchers are able to attribute it to a specific attacker, the attacker can always […]

Success of Ransomware Attacks Shows the State of Cybersecurity

Every few years a major threat emerges that dominates the attention of security vendors, start-ups, media and board meetings. APTs, IoT Security and Cloud Security are among such threats. Today, it is safe to say that Ransomware is dominating the conversation, especially after so many high profile incidents have been part of the news cycle, such as Colonial […]

Most Federal Credit Unions Lack Strong Email Security Set Ups

Financial institutions have always been at the forefront of battling cybercrime. As one of the most targeted industries, they face multiple threats, such as phishing, spear phishing and banking malware. Even less sophisticated scams, such as 419 scams, often abuse their brands in order to add credibility to the scammers behind them. As these aforementioned incidents […]

The Anti-Fraud Lifecycle

It is a known fact that cybercriminals choose the path of least resistance. Naturally, easy cashout methods with good returns are much more favorable than methods that are high risk, complicated or yield small profits. While this is not the only factor in determining how much fraud is committed through a certain vector (for example, […]

The Case for Taking Down Dark Web Sites

Ever since the first dark web monitoring services became available, around 2005, consumers of such services often asked – why aren’t these websites being taken down? After all, the sites that comprise the dark web are platforms and tools for illegal activities. The answer, which used to satisfy most, was that these sites are intelligence sources and taking them […]

Venture Capitals are Targeted by BEC Fraud

On February 19th, venture capital giant Sequoia disclosed to its investors that it has been the victim of a data breach. A few days later additional information became available, indicating that it was targeted in a Business E-mail Compromise (or BEC) attack. According to the company, attackers gained access to one of their employees’ corporate […]

The Lesser Known Threats of Rogue Mobile Applications

Ever since Apple introduced its App Store in 2008 and Android followed suit, apps have become an integral part of our lives. With millions of apps available on each official store, they quickly became the de-facto way of obtaining and installing new software on a smartphone. However, while the vast majority of apps that are […]

The Dark Web’s Popularity Draws New Members, Becomes More Local

The Dark Web has existed in its current form for over 15 years. While it has evolved and changed, the concept of threat actors, each with their own expertise, congregating in communities to trade their products and services has remained unchanged. For many years it was the focus of professionals, law enforcement agents and security […]

Introducing DAIC: A Suggested System for Preventing BEC Fraud

BEC Fraud (Business E-mail Compromise) has reached epidemic levels in recent years. In 2019, the FBI’s Internet Crime Compliant Center, reported that it received complaints with adjusted losses of over $1.7 billion from this type of scam. The reported cases to the IC3 is just a drop in the bucket compared to the overall amount of incidents online. […]