Today’s NCSAM Tip is on recognizing and avoiding the most commonly used social engineering techniques. The root of the problem is simple enough: people are too trusting of content on the Internet. There is a long promoted perception of community, information sharing, free items, help, and friendliness on the Internet that has lulled many into a false sense of safety or security. Unfortunately, the reality is that just about every “con, scam, grift, hustle, bunko, swindle, flim flam, gaffle, sting or bamboozle” known is alive and well on the Internet. When you more closely examine the social engineering techniques that are used by criminals on the Internet, you see they are often the same or variations of con games and scams that go way back, and that many people are familiar with. This too gives people a false sense of security in that many believe they can identify these malicious attempts to exploit them. But, many tests of these beliefs have shown that most fail.
Instead of looking at the complicated technical details or various techniques themselves, it is easier to see the human factors they are attempting to exploit. Cisco SIO did some research of those human factors commonly exploited in 2010, and included the findings in the Cisco 2010 Annual Security Report. What we found was that regardless of the technical details or specific techniques and variations, the attackers commonly attempted to exploit a short list of human weaknesses:
Read More »
Tags: cyber-security-month-2011, social engineering, social networking, spam
The axiom “Quality, not quantity” has been adopted by everyone from stock pickers to those trying to successfully navigate the online dating scene. Now cybercriminals are also putting this philosophy to practice.
The fundamental shift away from mass spam attacks to more targeted threats with potentially bigger payoffs is top of mind to me. This trend is detailed in a new report by Cisco’s Security Intelligence Operation (SIO).
Specifically on the issue of spam, Cisco’s research reveals that mass spam volumes dropped from 300 billion daily spam messages to 40 billion between June 2010 and June 2011. Although 40 billion is still a huge number, signifying that spam is still an issue, the trend that’s most alarming is the threefold increase in spearphishing and the fourfold increase in personalized scams and malicious attacks such as malware.
Read More »
Tags: advanced persistent threats, APT, cybercrime, security, security top of mind, spam, targeted attacks
We offer a few tips and staying legit to ensure your messages don’t set off spam alerts.
Information is the lifeblood of business. To protect your small business, you’ve put safeguards in place to protect your critical information, such as a firewall, antivirus and antispam software, and maybe even a web threat or intrusion prevention system.
The methods for sending spam continue to evolve and considering that malicious webmail represented 7 percent of all web-delivered malware in March 2011—an increase of 391 percent from January 2011, according to Cisco 1Q11 Global Threat Report, it’s not surprising, then, that you and your customers have spam filters and extra precautions, cranked up to block any potentially dangerous email. So how do you ensure your important communications actually reach those you do business with?
Read More »
Tags: email, security, small business, spam
Sorry, I couldn’t resist the New York Post headline.
We’re at a very exciting time in our industry. There is a shift underway to mobile devices and cloud computing, both of which have exciting ramifications for unleashing a new wave of productivity in the enterprise. But don’t think that scammers aren’t benefiting off this wave as well. They are also enjoying an increase in productivity.
Read More »
Tags: cloud_computing, mobile, security, social causes, spam
Haystack was supposed to be a revolutionary tool in the cause of freedom. Billed as a sort of steganographic communications tool for censored Iranians, the software hurtled to popularity in the media. But last week, it seems to have fallen quickly out of favor. Code that was not made generally available was reviewed by Jacob Applebaum, who was frank in his assessment. Applebaum is well-positioned to offer an expert opinion here, as he works for the Tor Project, which has significant experience designing software to anonymize network traffic. In the wake of Haystack’s trouble, I’m reminded of how our fragile psychologies fall victim to trusting things that we should not.
Read More »
Tags: data theft, security, social media, spam