Expert(s):
Security Awareness Advocatefeature_status*/ ?>
KnowBe4

Comments Dotted : 66
January 13, 2021

Ubiquiti Urges Customers To Quickly Enable 2FA
Cybercriminals utilize various attack vectors to access organizations.

Cybercriminals utilize various attack vectors to access organizations. A primary example is via social engineering techniques such as phishing emails to employees or by leveraging third-party access through another organization. Organizations need to increase their third-party access procedures, training and technology to reduce the risk of attack by a third-party vendor.


Cybercriminals will continue to leverage attacks against smaller organizations to work their way into larger ones that are

.....Read More

Cybercriminals utilize various attack vectors to access organizations. A primary example is via social engineering techniques such as phishing emails to employees or by leveraging third-party access through another organization. Organizations need to increase their third-party access procedures, training and technology to reduce the risk of attack by a third-party vendor.


Cybercriminals will continue to leverage attacks against smaller organizations to work their way into larger ones that are already authorizing the users. For all third-party access, organizations want to monitor all access, machine to machine communications and any interactive user sessions. When an interactive user is accessing your organization, multifactor authentication (MFA) is crucial to further reduce the risk of lost passwords or a compromised third party. Supply chain and third-party attacks are rising, especially with the recent data breaches discovered in December.

  Read Less
November 18, 2020

Experts Insight On Web Hosting Giant Managed.com Hit By Ransomware And Taken Offline
All communications should be internally authorized before making them public.
It's essential to have documented procedures for handling various incidents and responses to support an event within any organization. These repeatable, established procedures should include communication paths and outlined responsibilities for all people involved in the incidents, whether it's an endpoint system infected with malware or an enterprise server environment compromised by ransomware. It can damage the brand, reputation and possible bottom-line revenue if an outage source is not.....Read More
It's essential to have documented procedures for handling various incidents and responses to support an event within any organization. These repeatable, established procedures should include communication paths and outlined responsibilities for all people involved in the incidents, whether it's an endpoint system infected with malware or an enterprise server environment compromised by ransomware. It can damage the brand, reputation and possible bottom-line revenue if an outage source is not transparent to an organization’s customers. All communications should be internally authorized before making them public to avoid any confusion or concern by those who might use the victimized organization's product or service.  Read Less
November 11, 2020

Security Expert Re: Scammers Impersonate IRS, Threaten Legal Action As Tax Payment Deadline Looms
Emails will leverage topics similar to late tax payments or cases entered in court with fake case numbers.
One of the lures of social engineering scams is the use of fear. Cybercriminals will create an email profile to appear to be from a government agency to help strike fear into the victim. Emails will leverage topics similar to late tax payments or cases entered in court with fake case numbers. In fear of prosecution, the victim will write a check or submit payment to the cybercriminals and, unfortunately, learn when it\'s too late that it was all a scam. The IRS and other government agencies.....Read More
One of the lures of social engineering scams is the use of fear. Cybercriminals will create an email profile to appear to be from a government agency to help strike fear into the victim. Emails will leverage topics similar to late tax payments or cases entered in court with fake case numbers. In fear of prosecution, the victim will write a check or submit payment to the cybercriminals and, unfortunately, learn when it\'s too late that it was all a scam. The IRS and other government agencies will not contact you to request payment through email. If they do, it is usually through certified mail.  Read Less
November 05, 2020

Cyber Experts Comment On Bitdefender Report: The ‘New Normal’ State Of Cybersecurity
Keeping the external systems current with the latest software significantly reduces the risk of a successful attack.
All organizations must have a robust security program that includes a repeatable change management program to keep up to date on known vulnerabilities. Without up-to-date patching, it's an easy attack vector for cybercriminals, nation-states, and a beginning hacker to scan the internet to find network devices that are not up to date. Having vulnerabilities exposed to the internet is like leaving the front door unlocked to your house when you go away on vacation. While you might be able to stop .....Read More
All organizations must have a robust security program that includes a repeatable change management program to keep up to date on known vulnerabilities. Without up-to-date patching, it's an easy attack vector for cybercriminals, nation-states, and a beginning hacker to scan the internet to find network devices that are not up to date. Having vulnerabilities exposed to the internet is like leaving the front door unlocked to your house when you go away on vacation. While you might be able to stop them from stealing your essential items with an alarm system, the bad guys have been able to break in and could get away with valuables. Keeping the external systems current with the latest software significantly reduces the risk of a successful attack and the potential damage to the brand, revenue, and resources. For all employees working remotely, it's critical to have a policy for all workers to utilize a VPN connection from their homes to the office to reduce any risk from other devices on the employee's home network attempting to access corporate devices. Having a robust security awareness training program that will educate employees to spot phishing emails will reduce the risk of a business email compromise attack. This training can ensure that employees can make smarter security decisions and protect an organization from various cyber-attacks.  Read Less
October 29, 2020

Expert Reacted On Microsoft Says Iranian Hackers “Phosphorus” Targeted Conference Attendees
All organisations should have a robust security awareness training program to ensure that employees can make smarter security decisions.
The mailing lists for previous conferences could have been collected via a data breach or other theft, and the cybercriminals are using those lists to target the users specifically. The user may feel more relaxed and not scrutinise the email, as it appears to come from a trusted source; especially if he/she had previously attended the conference. End users receiving these types of emails will want to make sure they know the social engineering scams and techniques used by cybercriminals to.....Read More
The mailing lists for previous conferences could have been collected via a data breach or other theft, and the cybercriminals are using those lists to target the users specifically. The user may feel more relaxed and not scrutinise the email, as it appears to come from a trusted source; especially if he/she had previously attended the conference. End users receiving these types of emails will want to make sure they know the social engineering scams and techniques used by cybercriminals to engineer them to fall victim to these attacks. All organisations should have a robust security awareness training program to ensure that employees can make smarter security decisions like recognising a spear-phishing email and taking the necessary actions to protect an organisation from various attacks.  Read Less
October 29, 2020

Security Blueprints Of Many Companies Leaked In Hack Of Swedish Firm Gunnebo – Experts Reaction
They can discover these systems and publicly known vulnerabilities, which helps them gain access to an organization.
When it comes to ransomware attacks, it's important to note that the data encryption process is the last stage of the attack. The cybercriminals have already been in your network and will have either stolen the data or encrypted it. These days, most ransomware attacks involve stealing data. Cybercriminals are increasing their ransomware attacks while leveraging exploits against unpatched and insecure devices that organizations have connected to the internet. They can discover these systems and .....Read More
When it comes to ransomware attacks, it's important to note that the data encryption process is the last stage of the attack. The cybercriminals have already been in your network and will have either stolen the data or encrypted it. These days, most ransomware attacks involve stealing data. Cybercriminals are increasing their ransomware attacks while leveraging exploits against unpatched and insecure devices that organizations have connected to the internet. They can discover these systems and publicly known vulnerabilities, which helps them gain access to an organization. It is becoming more vital for organizations to have a defense in depth security program which can protect, monitor, and act quickly to any cyber attack. If they discover a ransomware attack in progress and prevent or stop the attack from happening, it's critical to understand that the criminals have been in the system and have possibly already stolen important information from the organization. Technology is instrumental when matched with human involvement. Having a robust security awareness training program to ensure that employees can make smarter security decisions will help to protect an organization from various attacks.  Read Less
October 26, 2020

Experts Reacted On Massive US Voters And Consumers Databases Circulate Among Hackers
Cybercriminals could generate spear phishing emails appearing to be sent from a particular political party's candidate.
During voting season, being able to assemble an extensive database of the population of the United States of America's citizens is undoubtedly going to generate a lot of buzz on the dark web and make a lot of money for those who compiled the list when sold. With this kind of information readily available, cybercriminal groups will leverage this information, intimidate voters into not voting or use other social engineering tactics to get users to fall victim to phishing or vishing attacks......Read More
During voting season, being able to assemble an extensive database of the population of the United States of America's citizens is undoubtedly going to generate a lot of buzz on the dark web and make a lot of money for those who compiled the list when sold. With this kind of information readily available, cybercriminal groups will leverage this information, intimidate voters into not voting or use other social engineering tactics to get users to fall victim to phishing or vishing attacks. Cybercriminals could generate spear phishing emails appearing to be sent from a particular political party's candidate with disconcerting information to dissuade a voter from voting for the other party's candidate. With this information available to cybercriminals, there could be an immense number of phishing or social engineered emails sent to the American public. These emails will manipulate the user with fear or curiosity to take specific actions that he/she otherwise might not take and change his/her vote or click a link and be attacked by cybercriminals.  Read Less
October 15, 2020

Expert Advice To Protect Universities In This New Year Against Latest Iranian Hackers
and students alike to understand how to spot a phishing email, realise what a fake link looks like
One of the common tactics used by nation-state threat actors or cybercriminals for phishing attacks is to use a similar website address of the target. In this case, it was the university’s research systems. Unfortunately, students do not receive security awareness training as part of their education. Like corporate organisations, educational institutions must provide security awareness training for staff, professors, and students alike to understand how to spot a phishing email, realise what .....Read More
One of the common tactics used by nation-state threat actors or cybercriminals for phishing attacks is to use a similar website address of the target. In this case, it was the university’s research systems. Unfortunately, students do not receive security awareness training as part of their education. Like corporate organisations, educational institutions must provide security awareness training for staff, professors, and students alike to understand how to spot a phishing email, realise what a fake link looks like, and how to report it to the proper department within the school system. As a college professor, I see this curriculum is missing for all enrolled students and needs to be taught in all departments to avoid future cybersecurity incidents.  Read Less
October 06, 2020

Comment: Ransomware at healthcare firm delays clinical trials
If the cybercriminals are successful, an effective monitoring program will detect the exfiltration of data.
Healthcare organizations are a prime target for ransomware, as they contain sensitive patient data. For large, profitable organizations, cybercriminals know that they have the means to pay the ransom after their data is stolen. Unfortunately, cybercriminals are stealing intellectual property to auction it to the dark web to increase their financial profits from the attack. Having a defense-in-depth infrastructure makes it harder for cybercriminals to access the organization's intellectual.....Read More
Healthcare organizations are a prime target for ransomware, as they contain sensitive patient data. For large, profitable organizations, cybercriminals know that they have the means to pay the ransom after their data is stolen. Unfortunately, cybercriminals are stealing intellectual property to auction it to the dark web to increase their financial profits from the attack. Having a defense-in-depth infrastructure makes it harder for cybercriminals to access the organization's intellectual property to install malware or ransomware. If the cybercriminals are successful, an effective monitoring program will detect the exfiltration of data. Security awareness training for employees contributes to a robust cybersecurity program strategy since many of these attacks come from phishing emails.  Read Less
October 04, 2020

Expert On News: Treasury Warns Against Keeping Ransomware Payments Quiet
There is a ransomware attack on average every fourteen seconds in the U.S., and it doesn't appear to be slowing down.
Many years ago, in Italy, there were many kidnappings by organised crime groups of the wealthy and affluent families. They would request large sums of money in exchange to return the victim's loved ones. The kidnappings got so bad that the Italian government initiated a ban on paying any ransom to organised crime groups. The government would seize all financial assets to prevent the kidnapped families from getting the money to pay. At first, the crime groups called the bluff of the families who .....Read More
Many years ago, in Italy, there were many kidnappings by organised crime groups of the wealthy and affluent families. They would request large sums of money in exchange to return the victim's loved ones. The kidnappings got so bad that the Italian government initiated a ban on paying any ransom to organised crime groups. The government would seize all financial assets to prevent the kidnapped families from getting the money to pay. At first, the crime groups called the bluff of the families who couldn't pay and killed the family member. However, after a short while, the organised crime groups realised they couldn't pay, and quickly, the kidnapping and ransoms came to an end. There is a ransomware attack on average every fourteen seconds in the U.S., and it doesn't appear to be slowing down. The U.S. Treasury Department has delivered sanctions against various cybercriminal organisations where no U.S. organisations can conduct transactions with the group. Even if the organisation wishes to pay the ransom, they would have to collaborate with the U.S. Treasury, FBI, and other government agencies to send the funds. The U.S. government's recommendation of not paying comes with a similar notion of not negotiating with terrorists and never paying the ransom when involved with kidnappings and thus, the anticipated action of reducing ransomware attacks. To protect themselves, organisations should train their employees to spot social engineering attacks such as phishing emails and report them to the necessary people quickly to remediate any risk of further attacks.  Read Less