Cyber Defense eMagazine November Edition for 2021
Cyber Defense eMagazine November Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, International Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES See you at RSA Conference 2022 - Our 10th Year Anniversary - Our 10th Year @RSAC #RSACONFERENCE #USA - Thank you so much!!! - Team CDMG
Cyber Defense eMagazine November Edition for 2021 #CDM #CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, US Editor-in-Chief, Pieruligi Paganini, International Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
See you at RSA Conference 2022 - Our 10th Year Anniversary - Our 10th Year @RSAC #RSACONFERENCE #USA - Thank you so much!!! - Team CDMG
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Our report also suggests that employees need to keep an eye out key calendar events in the year, as<br />
cybercriminals jump on key trends or holidays as lures in their attacks. For example, last year, the most<br />
malicious emails were received on the days surrounding Black Friday, one of the busiest days <strong>for</strong> online<br />
shopping.<br />
How are they evading detection?<br />
Employees – and the traditional security defences in place to protect them – typically rely on a set of<br />
guidelines and rules to determine whether something is malicious. For instance, does the email have a<br />
suspicious attachment or link? Does the message contain certain words that signal a threat? Does the<br />
sender’s domain contain incorrect characters?<br />
<strong>Cyber</strong>criminals are aware of these rules - and they are doing everything they can to reverse engineer the<br />
rules and remove these tell-tale signs from their campaigns to evade detection.<br />
In our report, <strong>for</strong> example, 75% of the malicious emails we detected and analysed didn’t contain an<br />
attachment.<br />
Zero payload attacks, which don’t rely on a malicious payloads like attachments or links, were used<br />
instead – a technique whereby the attacker builds a rapport with victims over time and persuades them<br />
to action a request once trust is established. Zero payload attacks can be as devastating as malicious<br />
payload attacks, and traditional antivirus and anti-phishing software – which often rely solely on keyword<br />
detection and deny/allow lists – struggle to detect them every time.<br />
What’s more, our researchers also found examples of account takeover – a type of attack whereby a<br />
cybercriminal sends an email to their victim using a legitimate account that they hacked into previously.<br />
To all intents and purposes, the sender’s email looks like the real deal. There would be no reason to flag<br />
it as malicious – if you’re relying on rules to detect threats.<br />
To sophisticate cyber defence policies, then, business decision makers must ensure employees are<br />
trained and made aware of the types of threats they could be exposed to. The training must be delivered<br />
regularly, if they are to keep up to date with the evolving threat scape.<br />
But it’s unrealistic to expect your employees to spot every threat, every time. Regardless of training,<br />
employees are prone to mistakes and can be tricked. So, businesses must also consider how to bolster<br />
their defences to keep the bad guys out of the inbox. Rules are not enough. For advanced threats, you<br />
need advanced machine intelligent security solutions which can detect, and flag, potentially malicious<br />
emails based on people’s behaviours on email and alert employees be<strong>for</strong>e it’s too late.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>November</strong> <strong>2021</strong> <strong>Edition</strong> 103<br />
Copyright © <strong>2021</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.