SCW Blog

Certain methods used by hackers are more effective than others, and it’s largely in part due to these methods working around and subverting popular security measures. They might take on the look of a legitimate email or web source, like social media, in an attempt to convince the user that it is indeed a message they can trust. The latest in this type of hacking attack includes Google Docs.

Phishing attacks are nothing new in the business world, and they will almost certainly become more prevalent as time passes. Unfortunately, phishing attacks have adapted their practices to get around advancements in security technology, so businesses must work extra hard to spread awareness of phishing to their employees and train them appropriately.

Hackers and scammers are always trying to turn a profit on businesses just like yours, and you might be surprised by some of their ingenuity. One such way that some hackers choose to make a profit is by twisting the “as a service” business model into something that is particularly dangerous. Even Microsoft has gone on record and called out a particular group of Phishing-as-a-Service providers as a problem.

Believe it or not, someone can actually purchase access to your organization’s network under the right circumstances. This is the unfortunate reality that we live in, where the commoditization of data and network access has become a real problem. According to a study from KELA, hackers can sell access to compromised networks for a pittance compared to the amount of work you have invested in building your business. Therefore, you must do everything in your power to protect your network and prevent this from happening.

With every new day comes a new data breach that exposes the personal data of countless people. The most recent in this troubling trend is the LinkedIn data breach, an event that exposed 700 million profiles and led them to be put on sale on a hackers forum. LinkedIn denies the data breach, but how much truth is in this statement? Let’s take a closer look.

Major cyberattacks seem a dime a dozen these days, especially with businesses that might not seem like possible targets. For example, McDonald’s restaurants recently suffered a data breach. Let’s take a look at the situation, how it played out, and what we can learn from it.

Ransomware attacks are nothing new, but when was the last time they made headlines by instigating a gas crisis? A Russia-backed hacking collective called DarkSide targeted Colonial Pipeline, a company responsible for almost 45 percent of the fuel for the Southeastern United States, with a devastating ransomware attack. The attack led to a spike in fuel prices and spotty availability while also showing cracks in the nation’s energy infrastructure, and it has even sparked a renewed interest in cybersecurity.

Cyberattacks are spending less time on their victims’ networks before they are discovered, which sounds like good news, but the reality isn’t so straightforward. Let’s take a few moments and dig into the situation at hand, and what it means for your cybersecurity.

We’ve all seen advertisements for the websites that offer to connect you with the professionals ready to help you with a specialized task around your home, from repair work to childcare to cleaning services. Unfortunately, cybercriminals have adopted a similar tactic to help market their services, leading to the creation of a sort of hackers’ gig economy on the Dark Web.

It’s a bit of a nightmare scenario for a business, born of watching too many crime thrillers: a criminal syndicate hacks into their systems, wreaking havoc and stealing all their data, while also destroying that company’s reputation. Is this scenario a fantasy? To a point, yes—but not so much as you might think.

Bad news—thanks to four flaws in Microsoft Exchange Server software, over 60,000 individuals and organizations have had their emails stolen by a cyberespionage unit based in China, with over 30,000 of those targeted being in the United States. Let’s review what has taken place up to the time of this writing, and what can be done about it.

It was pretty evident from the start of the COVID-19 pandemic that many businesses were not prepared to pivot their operations offsite. Many of these company’s leaders spent the past several years convinced that allowing people to work remotely would sap productivity in unsustainable ways. Cybercriminals have taken advantage of many organizations since then. Today, we will talk about what needs to be done to secure your endpoints when supporting a remote workforce. 

With just shy of a month before the 2020 United States Election, there has been quite a bit of concern over the idea that external interests may try to sway the results—and it seems for good reason. Only recently, Microsoft interrupted a massive coordinated hacking plot that could have altered the very infrastructure needed to support a fair election. Let’s examine this plot, and what Microsoft did, in some more detail.

Right now, a lot of people have had a lot more time on their hands than they typically would, so many of them are spending a lot of time on the assorted streaming services to entertain themselves. Unfortunately, cybercriminals have taken note. In light of all this, it seems like an apt time to discuss a particular threat known as credential stuffing.

Since 2008, Verizon has released an annual report that details the cybersecurity incident trends from the beginning of the year. As usual, this year’s edition provided some insights into the patterns witnessed in 2019, hopefully giving us a greater appreciation for how cybercriminals are shaping their attacks. Let’s go over some of the trends that the Verizon Business 2020 Data Breach Investigations Report (DBIR) revealed to us.

As a greater proportion of the workforce is spending time at home working remotely, it is important to keep security even more in mind than usual. Not only are people apt to be online more, they will also be outside of the protections that your business provides. This gives scammers an opportunity to embrace.

The World Health Organization has been increasingly associated with cybercrime as of late, both as a target and as a spoofed entity. Naturally, this is to be somewhat anticipated, giving the continued global health crisis that we are all facing. Let’s go over some of the events that the WHO has been associated with as of late.

It isn’t exactly news that businesses of all sizes need to be concerned about cyberthreats - especially since, as time passes, these threats have become more serious and insidious. Up until this point, there have been tried-and-true methods that businesses could leverage to stop these threats, but hackers are very clever when it comes to their attacks. What can a business do?

Working in conjunction with the Ponemon Institute, IBM Security completed a report tracking trends in 2018’s data breaches. As you might imagine, much of the data contained in this report could be seen as troubling to a business.

The dark web has a bad reputation - and for quite a few good reasons. However, like any tool, there is a lot of good that the dark web can be used for as well. Here, we’ll review what the dark web is, how it can be used (and abused), and what the landscape is like.