social engineering

Results 1 - 25 of 25Sort Results By: Published Date | Title | Company Name
Published By: Proofpoint     Published Date: Jun 22, 2017
Human targeted attacks continued to lead the pack in 2016. Attackers’ used automation and personalisation to increase the volume and click-through rates of their campaigns. Taking a page from the B2B e-marketer’s playbook, cyber criminals are adopting marketing best practices and sending their campaigns on Tuesdays and Thursdays when click-through rates are higher. Meanwhile, BEC and credential phishing attacks targeted the human factor directly--no technical exploits needed. Instead, they used social engineering to persuade victims into sending money, sensitive information and account credentials. Timing is everything—attackers know that hitting your employees with a well-crafted email at the just the right time produces the best results. Of course, this varies by region. So if you are responsible for worldwide SecOps, you need visibility into not only attack patterns but also when and which employees tend to click.
Tags : 
security solutions, ransomware, security technologies, protection technologies, malicious email, it security, server protection
    
Proofpoint
Published By: Pindrop Security     Published Date: Apr 26, 2018
As fraudsters grow in sophistication and experience, they often aren’t acting alone. Syndicated crime rings are big business around the world. In the fraud economy, different fraudsters specialize in different aspects of the attack, from gathering data and creating profiles of targeted victims, to socially engineering call center agents, to creating tools like robotic dialers. These fraudsters might work alone, selling their skills on the black market. In other cases, fraudsters are running entire call centers overseas dedicated to executing attacks.
Tags : 
    
Pindrop Security
Published By: Pindrop Security     Published Date: Apr 26, 2018
As fraudsters grow in sophistication and experience, they often aren’t acting alone. Syndicated crime rings are big business around the world. In the fraud economy, different fraudsters specialize in different aspects of the attack, from gathering data and creating profiles of targeted victims, to socially engineering call center agents, to creating tools like robotic dialers. These fraudsters might work alone, selling their skills on the black market. In other cases, fraudsters are running entire call centers overseas dedicated to executing attacks.
Tags : 
    
Pindrop Security
Published By: Proofpoint     Published Date: Aug 10, 2017
BEC attacks are a growing threat to businesses because they prey on vulnerabilities that can’t be patched: people. That’s why employee training, financial controls, and especially technology are the keys to a strong defense and timely response. You need need a solution that does not solely depend on reputation and basic email filtering. With granular controls, advanced email solutions can identify and quarantine impostor emails before they reach an employee’s inbox.
Tags : 
security awareness, social engineering, impostor emails, email flags, financial institution, bec threats, suspicious messages
    
Proofpoint
Published By: McAfee     Published Date: Sep 15, 2014
Attacks today incorporate increasingly sophisticated methods of social engineering and client-side software manipulation to exfiltrate data without detection. Some attackers leverage so-called spearphishing to entice employees to give up access information and spread their attacks to other enterprise systems; others use password crackers against compromised applications in order to gain further access rights to the network. The attackers might also set up channels for command and control communications with the compromised systems, as in the case of the Zeus or SpyEye bot infections.
Tags : 
network protection, it security, firewall, hacker detection, security management
    
McAfee
Published By: Vectra Networks     Published Date: Aug 03, 2015
The Dyre family of banking malware is back in the news after researchers recently observed that the malware incorporated tricks to avoid detection in malware sandboxes. Previously, Dyre was most notable for targeting high value bank accounts, including business accounts, and incorporating sophisticated social engineering components to overcome the 2-factor authentication used by most banks.
Tags : 
malware, data, malware, banking, malware sandbox, authentication, two-factor authentication
    
Vectra Networks
Published By: Sophos     Published Date: Mar 30, 2017
Many papers on the topic of advanced persistent threats (APTs) begin with ominous references to the changing threat landscape and stories of how highly sophisticated cyber attacks are becoming more prevalent. That can be misleading. The majority of attacks today still use many techniques that have been around for years—social engineering, phishing emails, backdoor exploits and drive-by downloads, to name the biggest ones. Such attacks are neither advanced nor particularly sophisticated when broken down into their individual components and often rely on the weakest link in any organization—the user. However, the way in which hackers use combinations of techniques and the persistent behavior of the attackers is something that does set APTs apart from other attempts to compromise security. This paper is designed to give you an overview of the common characteristics of APTs, how they typically work, and what kind of protection is available to help reduce the risk of an attack.
Tags : 
network security, firewall, data security, antivirus protection, email protection, virtual security, web protection, wireless protection, it security
    
Sophos
Published By: Pindrop Security     Published Date: Mar 21, 2018
As fraudsters grow in sophistication and experience, they often aren’t acting alone. Syndicated crime rings are big business around the world. In the fraud economy, different fraudsters specialize in different aspects of the attack, from gathering data and creating profiles of targeted victims, to socially engineering call center agents, to creating tools like robotic dialers. These fraudsters might work alone, selling their skills on the black market. In other cases, fraudsters are running entire call centers overseas dedicated to executing attacks.
Tags : 
    
Pindrop Security
Published By: Mimecast     Published Date: Jan 03, 2017
Mimecast has detected and blocked a dangerous new campaign that uses social engineering and advanced sandbox evasion techniques to deliver stealthy malware. This Email Security Advisory from Mimecast offers: - Detailed attack analysis - Mimecast viewpoint - reduce sandbox reliance - Weaponized attachments - prevention and recommendations
Tags : 
mimecast, security, email security, email, cyber security, malware
    
Mimecast
Published By: Mimecast     Published Date: Apr 18, 2017
"Whaling attacks have risen in recent months and these emails are more difficult to detect because they don’t contain a malicious hyperlink or attachment, and rely solely on social-engineering to trick their targets. In order to combat these attacks, organizations must be aware of the dangers presented by whaling, or CEO fraud, and put the right safeguards in place. Mimecast conducted a whaling attack survey with 500 organizations around the globe and the results were alarming. Read this report to learn: - The five key phases of a whaling attack - How to protect your organization from a whaling attack through company exercises, education, and technology. - What Mimecast is offering to combat these attacks in its industry-leading Targeted Threat Protection service."
Tags : 
cyber security, cyber fraud, impersonation attacks, ceo fraud, whaling
    
Mimecast
Published By: OKTA     Published Date: Sep 26, 2017
Cyberbreaches aren’t just in the news—they are the news. Yet headlines rarely mention the No. 1 source of those breaches: weak or stolen passwords. Whether they involve malware, hacking, phishing, or social engineering, the vast majority of breaches begin with account compromise and credential theft, followed by dormant lateral network movement and data exfiltration. In fact, weak or stolen passwords account for a staggering 81% of breaches, according to the Verizon 2017 Data Breach Investigations Report. Not surprisingly, a new Okta-sponsored IDG survey finds that identity access management (IAM) is a top priority for nearly three-quarters (74%) of IT and security leaders. Yet the same survey uncovers widespread concern that their current IAM implementations are falling short. Just one worrisome example: Fewer than one-third (30%) of respondents report a good or better ability to detect a compromise of credentials. The following report explores the gap between respondents’ aspiratio
Tags : 
    
OKTA
Published By: McAfee     Published Date: Feb 06, 2013
There is no single anti-malware product that can block all malware infiltration and subsequent activity. The only way to combat the malware threats is through an end-to-end, integrated, real-time, context-aware, holistically-managed system.
Tags : 
threat protection, security threat landscape, malicious sites, phases of network attack, social engineering, configuration error, persistant code, rootkits, website filtering, device control, buffer overflow, physical file transfer, desktop firewall, web filtering, email filtering, web gateway, email gateway, application control, application whitelisting, host ips
    
McAfee
Published By: LogRhythm     Published Date: Aug 08, 2016
Among the countless changes in Windows 10 Microsoft has provided IT organizations more visibility into auditable actions on Windows 10 machines and the resulting events in the Security Log. Understanding these enhancements is important because we need every edge we can get to detect endpoint intrusions. Threat actors use a sophisticated mix of phishing, social engineering, and malware to attempt to compromise any user within an organization. A seemingly benign order request sent to a salesperson or a benefits summary to someone in HR can contain attachments infected with malware. Once such payloads are in, the goal is to determine how to leverage current users and other accounts on the compromised machine to access valuable and sensitive data, as well as how to spread out within the organization and repeat the process.
Tags : 
microsoft, security, best practices, data, business technology
    
LogRhythm
Published By: FICO     Published Date: Feb 06, 2018
Interpol reports social engineering as the “broad term that refers to the scams used by criminals to trick, deceive and manipulate their victims into giving out confidential information and funds.” Scammers use sophisticated psychological manipulation techniques to build a level of trust with their victim, having them divulge confidential information or authenticate the fraudulent activity as genuine. They will typically claim to be from the bank or well known and trusted consumer brands.
Tags : 
social, engineering, fraud, cyber, security, scams
    
FICO
Published By: Proofpoint     Published Date: Apr 06, 2012
Download Proofpoint's free email security whitepaper discussing the latest trends in email phishing attacks, how they work, and how to protect your email users against them.
Tags : 
phishing, email security, phish, email, attacks, blended threats, social engineering, outbound spam, anti-phishing, anti-virus, anti-malware, saas, proofpoint, security
    
Proofpoint
Published By: ESET     Published Date: Feb 11, 2010
This document combines the thoughts of both Research teams in ESET Latin America and ESET, LLC into a single paper, proposing a comprehensive vision of how the threatscape is likely to evolve in 2010.
Tags : 
eset, cybercrime, security, threat, crimeware, botnets, malware, social engineering, antivirus
    
ESET
Published By: McAfee     Published Date: Apr 25, 2014
You spoke and we listened. Today’s advanced malware threats have you spending a lot of resources fighting an uphill battle. The answer is McAfee Advanced Threat Defense—so you can find, freeze, and fix threats.
Tags : 
advanced malware, maware threats, malware problems, malware attacks - rootkits, phishing, zero-access, trojans, apts, botnets, social engineering, sandboxing, layered defenses, block and contain malware, security, it management
    
McAfee
Published By: Alert Logic     Published Date: Jun 12, 2014
New security threats are emerging all the time, from new forms of malware and web application exploits that target code vulnerabilities to attacks that rely on social engineering. Defending against these risks is an ongoing battle. Download to learn more!
Tags : 
cloud security, vulnerability management, vulnerabilities, patching, patch management, security, it management
    
Alert Logic
Published By: IBM     Published Date: Dec 01, 2014
With the rise of mobile usage and increased mobile banking functionality, cyber criminals are targeting the mobile channel with advanced malware, cross channel attacks across online and mobile and social engineering that have typically been seen on the PC.
Tags : 
mobile malware, mobile usage, mobile security, cybercrime, security, it management, wireless, knowledge management, enterprise applications
    
IBM
Published By: Rapid7     Published Date: Apr 04, 2013
This whitepaper examines the many different methods employed in phishing attacks and social engineering campaigns, and offers a solution-based approach to mitigating risk from these attack vectors.
Tags : 
rapid7, protect organization, attacks via phishing, solution based approach, mitigating risks
    
Rapid7
Published By: Thawte     Published Date: Nov 12, 2011
In this guide, you'll learn more about Phishing and how SSL and EV SSL technology can help protect your site, your business and ultimately, your bottom line.
Tags : 
phishing scams, anti-phishing, social engineering, certificate authority, ssl certificates, ssl security, extended validation, geotrust
    
Thawte
Published By: TraceSecurity     Published Date: Sep 15, 2010
This paper defines the different types of penetration tests, explains why the tests should be performed, details their benefits and even provides guidance for choosing the right vendor.
Tags : 
penetration, test, pen, tracesecurity, risk, assessment, social, engineering, internal, external, web application, network, security, secure, vulnerability, threat, identify, glba, compliance, testing
    
TraceSecurity
Published By: Cyveillance     Published Date: Jun 20, 2014
Phishing is defined by the Financial Services Technology Consortium (FSTC) as a broadly launched social engineering attack in which an electronic identity is misrepresented in an attempt to trick individuals into revealing personal credentials that can be used fraudulently against them. In short, it’s online fraud to the highest degree. Although it’s been around for years, phishing is still one of the most common and effective online scams. The schemes are varied, typically involving some combination of spoofed email (spam), malicious software (malware), and fake websites to harvest personal information from unwitting consumers. The explosive rise of mobile devices, mobile applications, and social media networks has given phishers new vectors to exploit, along with access to volumes of personal data that can be used in more targeted attacks or spear phishing. The fact that phishing attacks are still so common highlights their efficacy and reinforces the need to implement comprehensive phishing and response plans to protect organizations. An effective phishing protection plan should focus on four primary areas: Prevention, Detection, Response, and Recovery. High-level recommendations for each of the four areas are outlined in this whitepaper.
Tags : 
cyveillance, phishing, security, cyberattacks, cybercriminals, threats
    
Cyveillance
Published By: Microsoft Office 365     Published Date: Oct 14, 2016
“Hi, this is Kevin from IT. We've been notified of a virus on your department’s machines.” Add some authentic hold music, and a social-engineering attacker can trick employees into sharing company info, like passwords. Learn how to use technology and prevention strategies to guard against dumpster diving, spear phishing, and other tactics with: Real-world prevention strategies Tools to spot suspicious actions Real-time behavioral malware analysis
Tags : 
protection, prevention, malware, security, cyber attacks, information
    
Microsoft Office 365
Published By: Pindrop Security     Published Date: Mar 21, 2018
For a long time, the phone channel was thought to be isolated and less important to defend, when compared to the physical and online channels. The general consensus was that fraudsters could only steal so much over the phone, and it had little impact on fraud across the rest of the organization. But those assumptions are wrong, and they’re becoming grossly inaccurate as technology evolves. The phone channel is now more vulnerable and exploitable than ever before, as annual fraud loss is now a $14 billion problem. Between aggressive fraud rings, social engineering and sophisticated techniques, vulnerable call centers are feeling the sting. Legacy and stand-alone solutions won’t stand up to the perseverance and lengths to which fraudsters are willing to go.
Tags : 
    
Pindrop Security
Search      

Related Topics

Add Your White Papers

Get your white papers featured in the Data Center Frontier Paper Library contact:
Kevin@DataCenterFrontier.com