Category: cyren

Security Awareness Training Won’t Give CISOs or Employees Peace of Mind

I attended a virtual roundtable discussion with CISOs this week. The session opened with a somber question: what keeps you up at night? The overwhelming majority of CISOs said they’re afraid users will click on something they shouldn’t. And rightfully so – according to the 2019 Global Data Exposure Report,

Email spoofing BEC attack targeting numerous employees at once

Spear-phishing spoofed attacks have been and remain one of the most substantial cyber threats that organizations face nowadays. And once we talk about spear-phishing, we can’t help but mention business email compromise (BEC) attacks which if successful result in staggering losses for the companies: the FBI’s Internet Crime Complaint Center

Phishers abusing Google App Engine

Over the last few weeks Cyren has observed a massive spike in phishing sites hosted on the appspot.com domain that Google uses for its free Google App Engine. Taking advantage of soft routing on Google App Engine Google App Engine is a cloud-based development platform used to host and develop

Microsoft reports a “leap in attack sophistication”

Last month Microsoft released a sobering Digital Defense Report. From their perch powering 600,000 enterprises’ cloud inboxes (in the United States alone), they report: Malware attacks are decreasing. Instead 70% of attacks are through phishing emails, largely to harvest credentials. Attackers are laying long-term traps that scour the internet looking

Anatomy of a Phishing Attack: Stolen Microsoft 365 Credentials

Phishing attacks designed to steal Microsoft 365 credentials are launched every day and growing more sophisticated. We recently detected a massive attack that hid a fake Microsoft 365 login page in the incoming emails’ attachments. Related: Microsoft 365 Is Wildly Successful and Profoundly Vulnerable – Here’s Why The attack On

PEMPEMPEM – Hiding Behind Fake Certificates!

Over the years, enterprise security teams and threat actors have been involved in a never-ending game of cat and mouse. Organizations pour millions of dollars to stop advanced threats, but threat actors continue finding ways to evade detection by either enhancing their code or simply repackaging malware in more ways

Microsoft Finally Acknowledges COVID-19-Related Cybercrimes

On July 7, Microsoft revealed they’ve been working since December 2019 to wrest control of key domains used in vast cyber attacks in 62 countries. This particular phishing scheme used COVID-19-related lures to defraud Microsoft 365 customers. It’s one of many attacks we’ve seen. With tensions high and IT resources

Spear Phishing, Whaling, and Delayed Detonation, Oh My!

Companies worldwide are up against sophisticated email attacks like Business Email Compromises (BEC). These attacks are also known as spear phishing, impersonation, and whaling, with the goal of convincing an end-user to release money or provide account information. Related: Microsoft 365 Is Wildly Successful and Profoundly Vulnerable – Here’s Why

How Machine Learning Is Building a Better Spam Trap

Bad actors are constantly raising the ante on email scams. According to Microsoft, “phishers have been quietly retaliating, evolving their techniques to try and evade protections. In 2019, we saw phishing attacks reach new levels of creativity and sophistication.” To keep pace with these evasive attacks, threat protection software has