Could Phishing Expeditions Stop Cold with Deeper Insight?

VoIP, Partners, SMB Solutions, call center, certification, voip services, voip equipment, Media Processing, hardware, middleware, opensource, SIP, SBC, Wireless, ims, Triple Play, Switching, VoIP Peering, regulation

PREVIOUSLY PUBLISHED TO TMC NET SECURITY

Easy Solutions, a fraud protection company, recently did some research into phishing attacks against a Top 25 US Bank during a three-month period. From September of 2015 until December, it seems these “phishermen” were quite busy. What’s most alarming is that these attacks were done during a season that leaves us most vulnerable to attack and where many of us won’t even realize that have been a victim until much later on.

During such a busy time in commerce, many of us won’t even know we were victims until much later down the road. This next bit of information might tell us why.

Easy Solutions broke down over 3,030 cases at just that one bank. What’s most interesting about this finding is that in each case, the common denominator was that each instance targeted around 190 people on average.

If we factor in how many banks there are – not just in the United States, but all over the world – and consider that this is a yearlong plague, we start to see the bigger picture.

Easy Solutions grouped the attacks into three main categories. Parameters were based on how sites were created as well as whether or not the domains are registered – including the domain provider and the location of each server.

The company decided that many of these sites were created as traps, only meant to serve a few stragglers at a time.  These people would accidently stumble upon the site or be directed there through some other devious means. And, it has been proving successful.

Each group of sites were then broken down. Location was a big factor in the next step of the process. Other factors were Whois information, the types of phishkits used and the strategy for getting people to the site.

Daniel Ingevaldson, CTO of Easy Solutions, states, “When institutions can more effectively characterize their attackers, they can then more successfully combat phishing attacks – by tuning consumer education campaigns, changing web site countermeasures, or adjusting risk scoring during phishing campaigns.”

Armed with new information, consumers can better differentiate between a genuine source and a scam. They will know which sites to stay away from, and gain confidence in those that they trust.

In a day where we are including our entire business on a cloud platform, there are still many that refuse to use their credit card online for these purposes. Institutions, such as the IRS, PayPal (NewsAlert) and Bank of America, are repeat victims of fraud. Customers and those who aren’t even affiliated with the organizations are often tricked through scare tactics and extortion strategies.

By understanding the source, it’s easier to shut fraud down – one scammer at a time. By better understanding domains and locations that are frequently associated with this fraud, it’s easier to pinpoint all source of fraud on a regular basis… stopping it cold in its own tracks. 

Continue Reading

BrightPoint Security Enhances Community-Based Threat Intelligence Capabilities

Cloud Contact Center | TMC Net

PREVIOUSLY PUBLISHED TO TMCNET’S CLOUD SECURITY

It’s no secret that criminals will always search for ways around even the most advanced security, whether with the mission to takeover, destroy or steal. Cyber attacks are imminent for all businesses that find themselves doing well – or at least appearing to be. Early warning signs aren’t always there to shield businesses from threat; but when they are, BrightPoint Security can provide solutions, intelligence and protections amongst their IT infrastructures and partner ecosystems.

 BrightPoint Security’s Threat Intelligence Platform provides “automation, curation and the sharing of threat intelligence” amongst enterprises, helping them to shield against cyber attacks based on trends and vulnerability. In the latest Sentinel release BrightPoint Security has added enhancements to give IT security professionals better insight, almost immediately, for predicting when potential threats could strike, as well as the risk level that comes with it, enabling IT to enforce security controls.

Of interest here is the use of community-based threat intelligence which allows businesses to share experiences, providing insight to one another and awareness of current and emerging threats across enterprises, their digital ecosystems and infrastructures.  In this way community member will be able to at first assessment to remediate potential risk, while calculating velocity, time and frequency of future attacks.

An evolved technology from the already widely received Security Command Platform (SCP), Sentinel adds modules and deeper insight to how to avoid these attacks through Sentinel’s Trusted Circles. As BrightPoint Security notes, the solution is unlike other threat intelligence platforms that focus only on the tracking of popular, volume-based threats.  Utilizing early prediction forecasts, Sentinel is characterized as a weather map of trending threats to the digital ecosystem.

“An industry first, this predictive insight and threat trending dashboard gives organizations the solution to determine the urgency of response needed to protect themselves,” states Rich Reybok, BrightPoint CTO. Reybok continues, “Today’s offering helps customers drive security strategy and get the most out of their security investments and resources by now having the ability to respond to the most immediate and relevant impending threats and to mitigate exposure fast.”

The latest release of Sentinel allows integration with Carbon Black, scanning the environment for any and all internal threats to provide real-time insights within set perimeters. “Working with BrightPoint’s evidence-based solution enhances our support across customers’ ecosystems and infrastructures with predictive insights into risk-prioritized actions for remediation,” said Brian Hazzard, Bit9 (News – Alert) + Carbon Black VP of Technical Alliances. “Adding the endpoint into the mix of threat vectors deepens organizations’ overall view of the threat landscape of their organization and those with whom they share information in their ecosystems.” 

Continue Reading

Security Concerns Limit Cloud Technologies

Cloud Contact Center | TMC Net

Previously Published to TMC Net’s Cloud Security News

Netwrix Corporation conducted a survey on cloud security, interviewing more than 600 IT professionals around the world. These professionals cater to various tech, healthcare, finance and government sectors of industry. IT professionals amongst other sectors were also surveyed, answering questions on cloud security as a whole, in addition to the “expectation from cloud providers and the measures being taken to ensure data security.”

As convenient, efficient and cost-effective as cloud technology is, 13 percent of overall organizations reject the adoption of cloud technology in the future. Of those 30 percent , there are many professionals moved to reconsider this decision pending improvements in cloud security mechanisms. On the other end of the spectrum, 71 percent of all enterprises perceive continuous auditing of cloud infrastructure “very important” in guaranteeing the security of data and ensuring data integrity “in the cloud.” These professionals have adopted this technology and understand the necessary monitoring of cloud security in protecting valuable and proprietary information, on behalf of their employer.

Image via Pixabay

“We wanted to find out the exact reasons that prevent companies from cloud adoption and taking advantage of all the benefits it offers,” states Alex Vovk, CEO and Co-Founder of Netwrix. “The survey revealed the interesting fact that even though the cloud is not a new technology, the cloud market has a good potential to grow further. Advanced security solutions and true visibility into what is going on across the cloud infrastructure will help companies minimize security risks, take back control over business-critical assets and accelerate cloud adoption.”

Further insight reveals that while 6 percent of the surveyed professionals are most concerned with the security when “migrating to the cloud,” as much as 40 percent are actually concerned with the loss of physical control over the data.  They prefer storing sensitive data in-house. Therefore, total adoption of cloud-technologies is limited, as many are merely integrating them into their current infrastructure for remote accessibility, communications and collaboration. Only 37 percent of businesses are prepared to invest in additional security. Thus, a hybrid cloud model is preferred; 44 percent of respondents admit to this and only half of the respondents are even planning on improving their own security for identity and authentic management, utilizing encryption or establishing auditing changes and user activity.

Providing these statistics to the IT world will allow Netwrix to better serve the 150,000 IT departments relying on Netwrix for increased efficiency of IT operations and through infrastructure audits of changes and data access. These companies also rely on Netwrix’s ability to prepare compliance reports on their behalf. Award-winning and highly-favored amongst some of the world’s top corporations, Netwrix continues to provide accurate data to the businesses associated with the company’s long list of clientele.

Continue Reading