Expert(s):
Senior Security Advisor feature_status*/ ?>
DomainTools

Comments Dotted : 16
December 01, 2020

Moggmentum Linked To Kremlin Twitter Output
It shows how difficult campaigns of interference in domestic political matters can be to spot.
The news that the Kremlin’s extensive covert social media apparatus has been mobilised behind the ‘grassroots’ campaign to have Jacob Rees-Mogg become the next UK PM should come as no surprise; As an ardent Brexiter Rees-Mogg would be a welcome change to the current leadership in the eyes of a Russia who want to see the European Union weakened. What is as surprising as it is worrying is that #Moggmentum has been presented as a grassroots social media campaign supported by Conservative.....Read More
The news that the Kremlin’s extensive covert social media apparatus has been mobilised behind the ‘grassroots’ campaign to have Jacob Rees-Mogg become the next UK PM should come as no surprise; As an ardent Brexiter Rees-Mogg would be a welcome change to the current leadership in the eyes of a Russia who want to see the European Union weakened. What is as surprising as it is worrying is that #Moggmentum has been presented as a grassroots social media campaign supported by Conservative members. It shows how difficult campaigns of interference in domestic political matters can be to spot. Social media companies and individuals who get their news from these websites need to engage with a comprehensive campaign to root out outside influence in political matters – Failure to do so could place democracy in the UK at risk.  Read Less
June 11, 2020

Comment: Google: Here’s How Phishing And Malware Attacks Are Evolving
Attackers always hope their campaigns will reach the less tech-savvy users.
Google’s work to inform the public on the regional Covid-19-themed phishing attacks is certainly valuable to protect users from these opportunistic campaigns. It should come to no surprise that cybercriminals are trying to capitalise on this global crisis in every way they can: in March, when countries were just entering lockdown, DomainTools identified over 600 malicious domains associated with the Coronavirus pandemic. The best thing that can be done in these circumstances is to raise.....Read More
Google’s work to inform the public on the regional Covid-19-themed phishing attacks is certainly valuable to protect users from these opportunistic campaigns. It should come to no surprise that cybercriminals are trying to capitalise on this global crisis in every way they can: in March, when countries were just entering lockdown, DomainTools identified over 600 malicious domains associated with the Coronavirus pandemic. The best thing that can be done in these circumstances is to raise awareness. Attackers always hope their campaigns will reach the less tech-savvy users, and that their social engineering tricks will result in someone acting impulsively and clicking on the wrong link. While the uncertainty that has characterised this crisis makes the need for information understandable, people should remember not to let their guard down and to always double check the legitimacy of what comes through their inbox. Companies across the globe are doing their best to stop malicious email campaigns, but users’ caution is still the most effective defence against these type of threats.  Read Less
April 22, 2020

Expert Insight On News: SBA Website Leaks Personal Data Of 8,000 Small-Business Loan Applicants
The SBA, on its part, will have to take all the necessary steps to restore the trust of the businesses it exists to support.
Although contained in size, this data breach is unfortunate both because of the sensitivity of the information exposed and because of the nature of the institution involved. Information is still too limited to assess the potential impact of the incident, but despite no signs of the data being used for malicious purposes, it is still important for all the affected parties to watch out for socially engineered attacks such as spear phishing and BEC compromise. The SBA, on its part, will have to.....Read More
Although contained in size, this data breach is unfortunate both because of the sensitivity of the information exposed and because of the nature of the institution involved. Information is still too limited to assess the potential impact of the incident, but despite no signs of the data being used for malicious purposes, it is still important for all the affected parties to watch out for socially engineered attacks such as spear phishing and BEC compromise. The SBA, on its part, will have to take all the necessary steps to restore the trust of the businesses it exists to support.  Read Less
March 09, 2020

Google Just Made It Easier To Use 2FA To Secure Your Accounts – Expert Comments
Usability issues are notoriously a hindrance when it comes to protecting users from phishing.
Usability issues are notoriously a hindrance when it comes to protecting users from phishing. Most of the time, phishing attempts are successful not because they are particularly well designed, but because the receiver instinctively clicks on a link or downloads an attachment with productivity and business operations in mind. Google’s upgrade on 2FA, designed to encourage the adoption of extra security measures, is definitely a welcome step in the right direction. The more email providers.....Read More
Usability issues are notoriously a hindrance when it comes to protecting users from phishing. Most of the time, phishing attempts are successful not because they are particularly well designed, but because the receiver instinctively clicks on a link or downloads an attachment with productivity and business operations in mind. Google’s upgrade on 2FA, designed to encourage the adoption of extra security measures, is definitely a welcome step in the right direction. The more email providers will show commitment towards security, the closer we will be to making phishing an unprofitable and, therefore, obsolete form of cybercrime.  Read Less
February 19, 2020

61% Of CISOs Surveyed Fearing A Decline In Cyber Security Skills – Cybersecurity Expert Reaction
Statistics around the skills shortage are never in short supply, but remain concerning regardless.
Statistics around the skills shortage are never in short supply, but remain concerning regardless. A recent report from the ISC2 claims a 145% increase in global workforce is needed to alleviate cybersecurity hiring concerns, as the threat landscape grows exponentially. This year’s DomainTools and Ponemon report on cybersecurity hiring and automation, which surveyed over one thousand IT professionals, found that the majority of respondents believed that automation will decrease the security.....Read More
Statistics around the skills shortage are never in short supply, but remain concerning regardless. A recent report from the ISC2 claims a 145% increase in global workforce is needed to alleviate cybersecurity hiring concerns, as the threat landscape grows exponentially. This year’s DomainTools and Ponemon report on cybersecurity hiring and automation, which surveyed over one thousand IT professionals, found that the majority of respondents believed that automation will decrease the security headcount, but will not replace human expertise. Therefore, the security industry needs to continue to think creatively about drawing talent into cybersecurity, and governments need to recognise the importance of properly funding training schemes for cybersecurity: As data surpassed oil in 2019 as the most valuable commodity on earth, keeping this data safe and out of the hands of criminals should be a top priority.  Read Less
February 13, 2020

Expert Reaction On Estee Lauder Data Exposure
Unfortunately, in the wake of a data breach, criminals often exploit the circumstances to plan campaigns aimed at capitalising.
Cybercriminal operations thrive off the kind of data that this database left exposed: sensitive personal identifiable information can be sold online and exploited in all sorts of subsequent campaigns. Fortunately, security researchers promptly brought the misconfiguration to the attention of Estee Lauder, who quickly secured the database. Although there is no evidence that data was stolen, people potentially affected should be weary of any email they receive that requests them to reset their .....Read More
Cybercriminal operations thrive off the kind of data that this database left exposed: sensitive personal identifiable information can be sold online and exploited in all sorts of subsequent campaigns. Fortunately, security researchers promptly brought the misconfiguration to the attention of Estee Lauder, who quickly secured the database. Although there is no evidence that data was stolen, people potentially affected should be weary of any email they receive that requests them to reset their credentials or to provide any kind of authentication. Unfortunately, in the wake of a data breach, criminals often exploit the circumstances to plan campaigns aimed at capitalising on the victims of such a breach. They will be expecting a warning email from the organisation that was compromised and thus more likely to believe a well-designed malicious message.  Read Less
February 06, 2020

Experts Reaction On Researcher Finds Vulnerability In WhatsApp Desktop Platform
WhatsApp has an estimated 1.5 billion monthly users.
The fact that this vulnerability exists in such a prominent messaging platform is definitely a cause for concern. WhatsApp has an estimated 1.5 billion monthly users, and in developing democracies such as India where WhatsApp counts 200m user base, it has become a substitute of town-square talk. Users in India would have their ‘family’ and ‘friends’ chat groups, but often also use third-party apps to find and join WhatsApp groups aligned with their political views. For a vulnerability.....Read More
The fact that this vulnerability exists in such a prominent messaging platform is definitely a cause for concern. WhatsApp has an estimated 1.5 billion monthly users, and in developing democracies such as India where WhatsApp counts 200m user base, it has become a substitute of town-square talk. Users in India would have their ‘family’ and ‘friends’ chat groups, but often also use third-party apps to find and join WhatsApp groups aligned with their political views. For a vulnerability to be able to edit the content of messages is both a legitimate cause for concern from a cybersecurity perspective, but potentially also from a fake news perspective.  Read Less
January 13, 2020

Security Experts On Texas School District Loses $2.3m In Phishing Scam
Granted that it has become increasingly difficult to tell phishing messages from legitimate ones.
Educational institutions and schools are urged not to underestimate the risks associated with phishing. Malicious emails are often just entry vectors for larger-scale attacks, and should, therefore, be at the top of organisations' priorities when devising a cybersecurity strategy. Granted that it has become increasingly difficult to tell phishing messages from legitimate ones, organisations should instruct employees not to click on any link received by an external email address and not to.....Read More
Educational institutions and schools are urged not to underestimate the risks associated with phishing. Malicious emails are often just entry vectors for larger-scale attacks, and should, therefore, be at the top of organisations' priorities when devising a cybersecurity strategy. Granted that it has become increasingly difficult to tell phishing messages from legitimate ones, organisations should instruct employees not to click on any link received by an external email address and not to open attachments. Ultimately it is always better to take a little longer to complete administrative tasks than to have credentials stolen or databases breached.  Read Less
December 18, 2019

Experts Reaction On Cyber-Espionage Campaign Targets Hundreds Of Companies
How enterprises need to protect themselves in ways unimaginable in the past.
This kind of activity, likely perpetuated by a nation-state or serious organised crime group with the funds and man power to undergo such an operation, is an example of how enterprises need to protect themselves in ways unimaginable in the past; Industrial companies which fall under the remit of critical national infrastructure are just as valuable targets to a hostile nation state or an organised cybercriminal group as a government agency, and should defend themselves as such, employing the.....Read More
This kind of activity, likely perpetuated by a nation-state or serious organised crime group with the funds and man power to undergo such an operation, is an example of how enterprises need to protect themselves in ways unimaginable in the past; Industrial companies which fall under the remit of critical national infrastructure are just as valuable targets to a hostile nation state or an organised cybercriminal group as a government agency, and should defend themselves as such, employing the most sophisticated email filtering systems possible and focusing on cybersecurity awareness training at every level of the organisation.  Read Less
November 13, 2019

Cyberattack On UK Labour Party System – Experts Reactions
The incident is an example of just how susceptible to cybercriminal activity our democratic process can be.
This should be a significant concern to all voters in the UK regardless of their political viewpoints. During a General Election, it is imperative that the main political parties are all given a fair and impartial hearing, and considering the importance of digital campaigning in modern election cycles, a DDoS attack such as this could give other parties an advantage. While there is no indication of where this cyberattack comes from, and it is obviously encouraging that the Labour party said.....Read More
This should be a significant concern to all voters in the UK regardless of their political viewpoints. During a General Election, it is imperative that the main political parties are all given a fair and impartial hearing, and considering the importance of digital campaigning in modern election cycles, a DDoS attack such as this could give other parties an advantage. While there is no indication of where this cyberattack comes from, and it is obviously encouraging that the Labour party said these attempts failed, the incident is an example of just how susceptible to cybercriminal activity our democratic process can be.  Read Less