HIT Consultant Insightful coverage of healthcare innovation
 

social engineering

Results 1 - 25 of 27Sort Results By: Published Date | Title | Company Name
Published By: Group M_IBM Q2'19     Published Date: Apr 11, 2019
The increase in sophisticated, targeted security threats by both external attackers and malicious insiders have made it extremely difficult for organizations to properly protect critical and sensitive information. The task of protecting these assets has only grown harder as IT environments have become more complex and widely distributed across geographic locations and in the cloud. Many recent high-profile breaches have one thing in common: They were accomplished through the compromise of passwords. In many cases, end-user passwords are initially hacked through various social engineering techniques. Then permissions are escalated to gain access to more privileged accounts — the keys to the kingdom. This unauthorized access can easily go undetected for weeks or even months, allowing hackers to see and steal information at their convenience. Unfortunately, many IT users lack a full understanding of how privileged accounts function, as well as the risks associated with their compromise an
Tags : 
    
Group M_IBM Q2'19
Published By: Proofpoint     Published Date: Jun 22, 2017
Human targeted attacks continued to lead the pack in 2016. Attackers’ used automation and personalisation to increase the volume and click-through rates of their campaigns. Taking a page from the B2B e-marketer’s playbook, cyber criminals are adopting marketing best practices and sending their campaigns on Tuesdays and Thursdays when click-through rates are higher. Meanwhile, BEC and credential phishing attacks targeted the human factor directly--no technical exploits needed. Instead, they used social engineering to persuade victims into sending money, sensitive information and account credentials. Timing is everything—attackers know that hitting your employees with a well-crafted email at the just the right time produces the best results. Of course, this varies by region. So if you are responsible for worldwide SecOps, you need visibility into not only attack patterns but also when and which employees tend to click.
Tags : 
security solutions, ransomware, security technologies, protection technologies, malicious email, it security, server protection
    
Proofpoint
Published By: Pindrop Security     Published Date: Apr 26, 2018
As fraudsters grow in sophistication and experience, they often aren’t acting alone. Syndicated crime rings are big business around the world. In the fraud economy, different fraudsters specialize in different aspects of the attack, from gathering data and creating profiles of targeted victims, to socially engineering call center agents, to creating tools like robotic dialers. These fraudsters might work alone, selling their skills on the black market. In other cases, fraudsters are running entire call centers overseas dedicated to executing attacks.
Tags : 
    
Pindrop Security
Published By: Pindrop Security     Published Date: Apr 26, 2018
As fraudsters grow in sophistication and experience, they often aren’t acting alone. Syndicated crime rings are big business around the world. In the fraud economy, different fraudsters specialize in different aspects of the attack, from gathering data and creating profiles of targeted victims, to socially engineering call center agents, to creating tools like robotic dialers. These fraudsters might work alone, selling their skills on the black market. In other cases, fraudsters are running entire call centers overseas dedicated to executing attacks.
Tags : 
    
Pindrop Security
Published By: Proofpoint     Published Date: Aug 10, 2017
BEC attacks are a growing threat to businesses because they prey on vulnerabilities that can’t be patched: people. That’s why employee training, financial controls, and especially technology are the keys to a strong defense and timely response. You need need a solution that does not solely depend on reputation and basic email filtering. With granular controls, advanced email solutions can identify and quarantine impostor emails before they reach an employee’s inbox.
Tags : 
security awareness, social engineering, impostor emails, email flags, financial institution, bec threats, suspicious messages
    
Proofpoint
Published By: McAfee     Published Date: Sep 15, 2014
Attacks today incorporate increasingly sophisticated methods of social engineering and client-side software manipulation to exfiltrate data without detection. Some attackers leverage so-called spearphishing to entice employees to give up access information and spread their attacks to other enterprise systems; others use password crackers against compromised applications in order to gain further access rights to the network. The attackers might also set up channels for command and control communications with the compromised systems, as in the case of the Zeus or SpyEye bot infections.
Tags : 
network protection, it security, firewall, hacker detection, security management
    
McAfee
Published By: Vectra Networks     Published Date: Aug 03, 2015
The Dyre family of banking malware is back in the news after researchers recently observed that the malware incorporated tricks to avoid detection in malware sandboxes. Previously, Dyre was most notable for targeting high value bank accounts, including business accounts, and incorporating sophisticated social engineering components to overcome the 2-factor authentication used by most banks.
Tags : 
malware, data, malware, banking, malware sandbox, authentication, two-factor authentication
    
Vectra Networks
Published By: Rackspace     Published Date: Apr 15, 2019
Scale events — like online sales and digital product launches — present great revenue opportunities, but they also present large risks to your business. Whether you are a retailer preparing for Black Friday and Cyber Monday, or a digital vendor launching a new service, your brand is both at its most visible and its most vulnerable during these scale events. Many more customers visit your site over a short period of time, raising the potential for resource constraints and discovery of software bugs. Information about issues spreads quickly via social media and news outlets. And, your customers typically spend more per transaction, so every lost order has a greater negative impact on your bottom line. Site reliability engineering (SRE) can help you better prepare for scale events through an iterative cycle of data-driven improvement.
Tags : 
    
Rackspace
Published By: Sophos     Published Date: Mar 30, 2017
Many papers on the topic of advanced persistent threats (APTs) begin with ominous references to the changing threat landscape and stories of how highly sophisticated cyber attacks are becoming more prevalent. That can be misleading. The majority of attacks today still use many techniques that have been around for years—social engineering, phishing emails, backdoor exploits and drive-by downloads, to name the biggest ones. Such attacks are neither advanced nor particularly sophisticated when broken down into their individual components and often rely on the weakest link in any organization—the user. However, the way in which hackers use combinations of techniques and the persistent behavior of the attackers is something that does set APTs apart from other attempts to compromise security. This paper is designed to give you an overview of the common characteristics of APTs, how they typically work, and what kind of protection is available to help reduce the risk of an attack.
Tags : 
network security, firewall, data security, antivirus protection, email protection, virtual security, web protection, wireless protection, it security
    
Sophos
Published By: Pindrop Security     Published Date: Mar 21, 2018
As fraudsters grow in sophistication and experience, they often aren’t acting alone. Syndicated crime rings are big business around the world. In the fraud economy, different fraudsters specialize in different aspects of the attack, from gathering data and creating profiles of targeted victims, to socially engineering call center agents, to creating tools like robotic dialers. These fraudsters might work alone, selling their skills on the black market. In other cases, fraudsters are running entire call centers overseas dedicated to executing attacks.
Tags : 
    
Pindrop Security
Published By: Mimecast     Published Date: Jan 03, 2017
Mimecast has detected and blocked a dangerous new campaign that uses social engineering and advanced sandbox evasion techniques to deliver stealthy malware. This Email Security Advisory from Mimecast offers: - Detailed attack analysis - Mimecast viewpoint - reduce sandbox reliance - Weaponized attachments - prevention and recommendations
Tags : 
mimecast, security, email security, email, cyber security, malware
    
Mimecast
Published By: Mimecast     Published Date: Apr 18, 2017
"Whaling attacks have risen in recent months and these emails are more difficult to detect because they don’t contain a malicious hyperlink or attachment, and rely solely on social-engineering to trick their targets. In order to combat these attacks, organizations must be aware of the dangers presented by whaling, or CEO fraud, and put the right safeguards in place. Mimecast conducted a whaling attack survey with 500 organizations around the globe and the results were alarming. Read this report to learn: - The five key phases of a whaling attack - How to protect your organization from a whaling attack through company exercises, education, and technology. - What Mimecast is offering to combat these attacks in its industry-leading Targeted Threat Protection service."
Tags : 
cyber security, cyber fraud, impersonation attacks, ceo fraud, whaling
    
Mimecast
Published By: OKTA     Published Date: Sep 26, 2017
Cyberbreaches aren’t just in the news—they are the news. Yet headlines rarely mention the No. 1 source of those breaches: weak or stolen passwords. Whether they involve malware, hacking, phishing, or social engineering, the vast majority of breaches begin with account compromise and credential theft, followed by dormant lateral network movement and data exfiltration. In fact, weak or stolen passwords account for a staggering 81% of breaches, according to the Verizon 2017 Data Breach Investigations Report. Not surprisingly, a new Okta-sponsored IDG survey finds that identity access management (IAM) is a top priority for nearly three-quarters (74%) of IT and security leaders. Yet the same survey uncovers widespread concern that their current IAM implementations are falling short. Just one worrisome example: Fewer than one-third (30%) of respondents report a good or better ability to detect a compromise of credentials. The following report explores the gap between respondents’ aspiratio
Tags : 
    
OKTA
Published By: McAfee     Published Date: Feb 06, 2013
There is no single anti-malware product that can block all malware infiltration and subsequent activity. The only way to combat the malware threats is through an end-to-end, integrated, real-time, context-aware, holistically-managed system.
Tags : 
threat protection, security threat landscape, malicious sites, phases of network attack, social engineering, configuration error, persistant code, rootkits, website filtering, device control, buffer overflow, physical file transfer, desktop firewall, web filtering, email filtering, web gateway, email gateway, application control, application whitelisting, host ips
    
McAfee
Published By: LogRhythm     Published Date: Aug 08, 2016
Among the countless changes in Windows 10 Microsoft has provided IT organizations more visibility into auditable actions on Windows 10 machines and the resulting events in the Security Log. Understanding these enhancements is important because we need every edge we can get to detect endpoint intrusions. Threat actors use a sophisticated mix of phishing, social engineering, and malware to attempt to compromise any user within an organization. A seemingly benign order request sent to a salesperson or a benefits summary to someone in HR can contain attachments infected with malware. Once such payloads are in, the goal is to determine how to leverage current users and other accounts on the compromised machine to access valuable and sensitive data, as well as how to spread out within the organization and repeat the process.
Tags : 
microsoft, security, best practices, data
    
LogRhythm
Published By: FICO     Published Date: Feb 06, 2018
Interpol reports social engineering as the “broad term that refers to the scams used by criminals to trick, deceive and manipulate their victims into giving out confidential information and funds.” Scammers use sophisticated psychological manipulation techniques to build a level of trust with their victim, having them divulge confidential information or authenticate the fraudulent activity as genuine. They will typically claim to be from the bank or well known and trusted consumer brands.
Tags : 
social, engineering, fraud, cyber, security, scams
    
FICO
Published By: Proofpoint     Published Date: Apr 06, 2012
Download Proofpoint's free email security whitepaper discussing the latest trends in email phishing attacks, how they work, and how to protect your email users against them.
Tags : 
phishing, email security, phish, email, attacks, blended threats, social engineering, outbound spam, anti-phishing, anti-virus, anti-malware, saas, proofpoint
    
Proofpoint
Published By: ESET     Published Date: Feb 11, 2010
This document combines the thoughts of both Research teams in ESET Latin America and ESET, LLC into a single paper, proposing a comprehensive vision of how the threatscape is likely to evolve in 2010.
Tags : 
eset, cybercrime, security, threat, crimeware, botnets, malware, social engineering, antivirus
    
ESET
Published By: McAfee     Published Date: Apr 25, 2014
You spoke and we listened. Today’s advanced malware threats have you spending a lot of resources fighting an uphill battle. The answer is McAfee Advanced Threat Defense—so you can find, freeze, and fix threats.
Tags : 
advanced malware, maware threats, malware problems, malware attacks - rootkits, phishing, zero-access, trojans, apts, botnets, social engineering, sandboxing, layered defenses, block and contain malware
    
McAfee
Published By: Alert Logic     Published Date: Jun 12, 2014
New security threats are emerging all the time, from new forms of malware and web application exploits that target code vulnerabilities to attacks that rely on social engineering. Defending against these risks is an ongoing battle. Download to learn more!
Tags : 
cloud security, vulnerability management, vulnerabilities, patching, patch management
    
Alert Logic
Published By: IBM     Published Date: Dec 01, 2014
With the rise of mobile usage and increased mobile banking functionality, cyber criminals are targeting the mobile channel with advanced malware, cross channel attacks across online and mobile and social engineering that have typically been seen on the PC.
Tags : 
mobile malware, mobile usage, mobile security, cybercrime
    
IBM
Published By: Rapid7     Published Date: Apr 04, 2013
This whitepaper examines the many different methods employed in phishing attacks and social engineering campaigns, and offers a solution-based approach to mitigating risk from these attack vectors.
Tags : 
rapid7, protect organization, attacks via phishing, solution based approach, mitigating risks
    
Rapid7
Published By: Thawte     Published Date: Nov 12, 2011
In this guide, you'll learn more about Phishing and how SSL and EV SSL technology can help protect your site, your business and ultimately, your bottom line.
Tags : 
phishing scams, anti-phishing, social engineering, certificate authority, ssl certificates, ssl security, extended validation, geotrust
    
Thawte
Published By: TraceSecurity     Published Date: Sep 15, 2010
This paper defines the different types of penetration tests, explains why the tests should be performed, details their benefits and even provides guidance for choosing the right vendor.
Tags : 
penetration, test, pen, tracesecurity, risk, assessment, social, engineering, internal, external, web application, network, security, secure, vulnerability, threat, identify, glba, compliance, testing
    
TraceSecurity
Published By: Cyveillance     Published Date: Jun 20, 2014
Phishing is defined by the Financial Services Technology Consortium (FSTC) as a broadly launched social engineering attack in which an electronic identity is misrepresented in an attempt to trick individuals into revealing personal credentials that can be used fraudulently against them. In short, it’s online fraud to the highest degree. Although it’s been around for years, phishing is still one of the most common and effective online scams. The schemes are varied, typically involving some combination of spoofed email (spam), malicious software (malware), and fake websites to harvest personal information from unwitting consumers. The explosive rise of mobile devices, mobile applications, and social media networks has given phishers new vectors to exploit, along with access to volumes of personal data that can be used in more targeted attacks or spear phishing. The fact that phishing attacks are still so common highlights their efficacy and reinforces the need to implement comprehensive phishing and response plans to protect organizations. An effective phishing protection plan should focus on four primary areas: Prevention, Detection, Response, and Recovery. High-level recommendations for each of the four areas are outlined in this whitepaper.
Tags : 
cyveillance, phishing, security, cyberattacks, cybercriminals, threats
    
Cyveillance
Previous   1 2    Next    
Search      

Add Research

Get your company's research in the hands of targeted business professionals.