DNS hijacking and spoofing DNS is the underlying directory framework of the Internet. It turns a web address into an IP address that ultimately directs the user to legitimate website. If this DNS gets hijacked or taken over by a hacker group, the web address can be redirected to a completely different website. This malicious website...Continue Reading
Business Email Compromise (BEC) attacks Business Email Compromise (BEC), formerly known as Man-in-the-Email scams are a blended Spear-phishing attack. BEC attacks follow similar traits to phishing, technical subterfuge with social engineering. BEC threats actually compromise legitimate business email accounts in order to conduct unauthorised transfer of funds to criminal controlled bank accounts. Essentially the employee of...Continue Reading
Banking malware families and variants are constantly evolving, bank transaction authentication methods are also evolving. It is a cat and mouse game where the user expects convenience and with an ease of use. As malware flavors continue to chart new territory from the days of Spyeye, Zeus & Citadel to the likes of Prime,Dridex, Gozi, Tinba,...Continue Reading
Puddle Phishing, a variant of Spear Phishing, is a resurgent threat. Phishing is a broad term to describe the type of attack that combines some technological components with social engineering. Traditional or classical phishing has been previously discussed in this blog, and is well documented across security blogs and research whitepapers. Let us take a look...Continue Reading
gTLDs Phishing, Fraud, Abuse Observations – Top Level Domains (TLDs), such as .com, .org, .biz, .net, a part of the domain name that is installed in the root zone, now come in many different variations and flavours – such as generic TLDs (gTLDS), Country-Code TLDs (ccTLDS). These new TLDS have opened up the Domain Name system...Continue Reading
Spear phishing is a variant of the traditional phishing attack that is highly targeted. The phishing message, usually an email, is sent to a discrete audience, a small group of employees, a specific individual or a high profile executive within a targeted business. Similar to classic and traditional based phishing attacks spear phishing leverages social engineering...Continue Reading
SMiShing – a phishing based threat against the Mobile Channel. SMiShing is a phishing based attack that leverages the Short Message Service (SMS) or phone based text message. SMiShing or Smishing has been around for many years now so it is not a new threat but a persistent threat that is evolving. With SMiShing...Continue Reading
Domain shadowing provides the cybercriminal a series of methodologies to manipulate a genuine domain registrant account allowing the creation of fake subdomains and disrupting DNS configurations for malicious purposes. Our resources show that domain shadowing has now become a greater challenge amongst our client’s and their peers over the previous 12 months. This is a disturbing...Continue Reading
Social Media presents a new set of challenges for the business and is a growing area of online brand abuse and fraud. Social Media provides a new mechanism for cybercrime affording the opportunity to distribute phishing and malware content. Social engineering is a key component of Advanced Persistent Threats — APT attacks and often infrastructure breaches...Continue Reading
Mobile applications afford a seamless user experience, however, Unofficial, Unauthorised, Rogue, Malicious Mobile Apps provide an emerging threat for cybercrime and brand abuse. Phishing and malware attacks have evolved to target the mobile device and Mobile Apps are a main vector in the delivery of phishing based apps and the delivery of malicious payloads. Mobile Apps...Continue Reading
Electronic channels are a highly efficient mechanism of delivering online services, capabilities and transacting with the end user customer presenting many favorable outcomes for the organisation as well as the end user. However, the electronic channel is open to range of abuse and fraud, ranging from benign to malicious activity. The following is an outline of...Continue Reading
This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media.
If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked.