Daily Archives: May 18, 2019

May I have a word about… Pegasus spyware | Jonathan Bouquet

Is the powerful virus that infected WhatsApp a flying horse or a Trojan horse? Don’t ask the woman who developed it

The unsavoury revelations about the hacking of WhatsApp by software developed by Israeli company, NSO Group, raised some interesting imagery. NSO has developed a powerful smartphone virus called Pegasus, described by NSO co-founder Shalev Hulio as the company’s Trojan horse that could be sent “flying through the air” to infiltrate devices.

Right, let’s get this straight. Pegasus was the son of mortal Medusa and Poseidon, god of the sea. Pegasus and his brother Chrysaor were born from the blood of their beheaded mother, who was tricked and killed by Perseus. Pegasus was represented as a kind-hearted, gentle creature, somewhat naive but always eager to help.

Continue reading...

Number of hacktivist attacks declined by 95 percent since 2015

According to a study conducted by IBM, the number of hacktivist attacks that caused quantifiable damage has declined by 95 percent since 2015.

Even if in Italy the cells of the popular Anonymous collective are very active, the overall number of hacktivist attacks that caused in quantifiable damage to the victim has declined by 95 percent since 2015.

Researchers analyzed data collected by IBM’s X-Force threat intelligence unit between 2015 and 2019. Collected information shows a drop in the hacktivist attacks from 35 in 2015 to only 2 attacks in 2018.

hacktivists attacks 2

However, IBM experts only collected data on hacktivist attacks that resulted in quantifiable damage.

Most of the hacktivist attacks carried out between 2015 and 2018 were attributed to Anonymous (45%), followed at a distance by Lizard Squad (9%), and DownSec and New World Hackers (4%).

hacktivists attacks

“The “IBM X-Force Threat Intelligence Index 2019” highlighted troubling trends in the cybersecurity landscape, including a rise in vulnerability reporting, cryptojacking attacks and attacks on critical infrastructure organizations.” reads a blog post published by IBM. “Yet amid all the concern, there is one threat trend that our data suggests has been on the decline: hacktivism — the subversive use of internet-connected devices and networks to promote a political or social agenda.”

The experts believe that the decline in the number of attacks carried out by hacktivists is caused by two major factors: a drop in attacks launched by Anonymous, and the intensification of the operations conducted by law enforcement that led to the arrests of hacktivists.

Since 2010, Anonymous has become one of the most active collectives of hacktivists in the world, reaching a peak of activity in early- to mid-2016,

At the time, Anonymous hit several high-profile organizations, but according to IBM the group started to decline “possibly due to an attrition of key leadership, differences of opinion and a struggle to find an ideological focus.”

X-Force data shows only eight Anonymous attacks in 2015 and 2016, and only one in 2018.

Arrests and legal warnings targeting hacktivists had an important deterrent action, according to IBM law enforcement agencies in the U.S., U.K. and Turkey have arrested at least 62 hacktivists since 2011, but the actual number could be greater.

“Three of the arrested hacktivists received sentences in 2018 and 2019, all with prison time of three years or greater, including one with a 10-year prison sentence.” continues IBM.

The alleged Anonymous member, Martin Gottesfeld, was accused of launching DDoS attacks against the two US healthcare organizations in 2014, the Boston Children’s Hospital and the Wayside Youth and Family Support Network.

In January, the hacktivist was sentenced to 121 months in prison and the judge ordered to pay nearly $443,000 to compensate the damages.

“Where are hacktivist attacks likely to go from here? We are reluctant to say that the era of hacktivism has come to an end. Acute social justice issues, greater organizational capabilities among hacktivist groups and a stronger shift to areas that lay beyond the reach of law enforcement all have the potential to dramatically change the face of hacktivism in a relatively short period of time.” concludes IBM. “More likely than not, we are experiencing a lull in hacktivist activity rather than a conclusion.”

If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

Thank you

Pierluigi Paganini

(SecurityAffairs – hacktivist attacks, hacking)

The post Number of hacktivist attacks declined by 95 percent since 2015 appeared first on Security Affairs.

Hackers Inject Scripts in WordPress Live Chat Plugin

Site administrators using WP Live Chat Support for WordPress are advised to upgrade the plug-in to the latest version to close persistent cross-site scripting (XSS) vulnerability that is exploited without any authentication.

Installed on more than 60,000 websites, the plug-in is presented as a free alternative to complete customer loyalty and chat solution.

The danger of automatic attacks

Sucuri researchers discovered that versions of the plug-in earlier than 8.0.27 are susceptible to persistent XSS issues that can be exploited remotely by a hacker who does not have an account on the affected site.

The hackers can automate their attacks and cover more victims, without having to authenticate on the target site. So going by the popularity of the plugin if you add it, and with little effort of the plugin, you are in for trouble.

Talking about XSS error, it’s quite serious issues, because it allows the hacker to place malicious code on websites or web applications, and then it compromises visitor accounts or shares them on modified pages.

XSS can be persistent if a malicious code is added to a section stored on the server, for instance, user comments. When a user loads the infected page, the malicious code is scanned by the browser and the attacker’s instructions are executed.

The details from Sucuri elucidates how exploiting this vulnerability could be due to unprotected “admin_init hook” – a common attack vector for WordPress plugins.

The researchers say that the wplc_head_basic function did not use the appropriate authorization controls to update the plug-in’s settings.

“Because the ‘admin_init’ hooks can be called by visiting /wp-admin/admin-post.php or /wp-admin/admin-ajax.php, an unauthenticated attacker can use these endpoints to get the ‘wplc_custom_js ‘update arbitrarily’, “Castros details

The content of the option is included on every page that loads live chat support so that hackers who reach a vulnerable site can insert JavaScript code on multiple pages

Sucuri informed developers of the plug-in on April 30 and a corrected version was released on Wednesday.

Related Resources:

Protect Your WordPress Website from SQL Injection

Yet Another WordPress Hack Exploiting Plugin Vulnerabilities

How to Clean Malware-Infected WordPress Website [Infographic]

WordPress Acting Weird? 10 Signs Your Site May Be Hacked

 

The post Hackers Inject Scripts in WordPress Live Chat Plugin appeared first on .

Dozens of Linksys router models leak data useful for hackers

Dozens of Linksys router models are affected by a flaw that causes the leak of data that can be used by attackers …. and the company won’t fix it.

Security researcher Troy Mursch, Chief Research Officer of Bad Packets, discovered that over 20,000 Linksys wireless routers are leaking full historical records of every device ever connected to them.

The leaked information includes devices’ unique identifiers, names, and operating systems, clearly, these data could be abused by hackers for attacks.

According to Mursch, the root cause of the data leak is a persistent vulnerability that resides in dozens of models of Linksys routers. Unfortunately, the flaw is very easy to exploit, and it is possible.

The devices continue to leak the information even when their firewall is turned on.

The expert used the Binary Edge IoT search engine to find vulnerable devices, earlier this week he discovered 25,617 routers that were leaking a total of 756,565 unique MAC addresses.

The disclosure of the historical records of devices that have connected to a specific router exposes the users to attacks, the knowledge of MAC addresses could be abuse by APT groups in targeted attacks, like the recent supply chain attack against ASUS.

The situation could be worse if owners of the routers were using default admin credentials. The issue discovered by the expert, in fact, could be used by attackers to discover if the vulnerable routers are still using default administrative passwords.

Mursch discovered that about 4,000 of the vulnerable devices were still using the default admin credentials. The vulnerable routers have remote access enabled by default, a gift for hackers that can perform a broad range of malicious activities, such as change DNS settings and deliver malware.

Mursch reported the flaw to Linksys, but unfortunately, the company closed the issue as “Not applicable / Won’t fix.”

Mursch published the list of vulnerable devices released on Pastebin.

Linksys flaw

If you are using one of the vulnerable devices you would replace it.

If you manage a MongoDB instance follow the guidelines on “how to secure a MongoDB database” 

If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

Thank you

Pierluigi Paganini

(SecurityAffairs – LinkSys, Data leak)

The post Dozens of Linksys router models leak data useful for hackers appeared first on Security Affairs.

Breaches and Bugs: How Secure are Your Family’s Favorite Apps?

app safety

app safetyIs your family feeling more vulnerable online lately? If so, you aren’t alone. The recent WhatsApp bug and social media breaches recently have app users thinking twice about security.

Hackers behind the recent WhatsApp malware attack, it’s reported, could record conversations, steal private messages, grab photos and location data, and turn on a device’s camera and microphone. (Is anyone else feeling like you just got caught in the middle an episode of Homeland?)

There’s not much you and your family can do about an attack like this except to stay on top of the news, be sure to share knowledge and react promptly, and discuss device security in your home as much as possible.

How much does your family love its apps? Here’s some insight:

  • Facebook Messenger 3.408 billion downloads
  • WhatsApp 2.979 billion downloads
  • Instagram 1.843 billion downloads
  • Skype 1.039 billion downloads
  • Twitter 833.858 million downloads
  • Candy Crush 805.826 million downloads
  • Snapchat 782.837 million downloads

So, should you require your family to delete its favorite apps? Not even. A certain degree of vulnerability comes with the territory of a digital culture.

However, what you can and should do to ease that sense of vulnerability is to adopt proactive safety habits — and teach your kids — to layer up safeguards wherever possible.

Tips to Help Your Family Avoid Being Hacked

Don’t be complacent. Talk to your kids about digital responsibility and to treat each app like a potential doorway that could expose your family’s data. Take the time to sit down and teach kids how to lock down privacy settings and the importance of keeping device software updated. Counsel them not to accept data breaches as a regular part of digital life and how to fight back against online criminals with a security mindset.

Power up your passwords. Teach your kids to use unique, complex passwords for all of their apps and to use multi-factor authentication when it’s offered.

Auto update all apps. App developers regularly issue updates to fix security vulnerabilities. You can turn on auto updates in your device’s Settings.

Add extra security. If you can add a robust, easy-to-install layer of security to protect your family’s devices, why not? McAfee mobile solutions are available for both iOS and Android and will help safeguard devices from cyber threats.

Avoid suspicious links. Hackers send malicious links through text, messenger, email, pop-ups, or within the context of an ongoing conversation. Teach your kids to be aware of these tricks and not to click suspicious links or download unfamiliar content.

Share responsibly. When you use chat apps like WhatsApp or Facebook Messenger, it’s easy to forget that an outsider can access your conversation. Remind your children that nothing is private — even messaging apps that feel as if a conversation is private. Hackers are looking for personal information (birthday, address, hometown, or names of family members and pets) to crack your passwords, steal your identity, or gain access to other accounts.

What to Do If You Get Hacked

If one of your apps is compromised, act quickly to minimize the fallout. If you’ve been hacked, you may notice your device running slowly, a drain on your data, strange apps on your home screen, and evidence of calls, texts or emails you did not send.

Social media accounts. For Facebook and other social accounts, change your password immediately and alert your contacts that your account was compromised.

Review your purchase history. Check to see if there are any new apps or games installed that you didn’t authorize. You may have to cancel the credit card associated with your Google Play or iTunes account.

Revoke app access, delete old apps. Sometimes it’s not a person but a malicious app you may have downloaded that is wreaking havoc on your device. Encourage your kids to go through their apps and delete suspicious ones as well as apps they don’t use.

Bugs and breaches are part of our digital culture, but we don’t have to resign ourselves to being targets. By sharing knowledge and teaching kids to put on a security mindset, together, you can stay one step ahead of a cybercrook’s digital traps.

The post Breaches and Bugs: How Secure are Your Family’s Favorite Apps? appeared first on McAfee Blogs.

Account Hijacking Forum OGusers Hacked

Ogusers[.]com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users.

On May 12, the administrator of OGusers explained an outage to forum members by saying a hard drive failure had erased several months’ worth of private messages, forum posts and prestige points, and that he’d restored a backup from January 2019. Little did the administrators of OGusers know at the time, but that May 12 incident coincided with the theft of the forum’s user database, and the wiping of forum hard drives.

On May 16, the administrator of rival hacking community RaidForums announced he’d uploaded the OGusers database for anyone to download for free.

The administrator of the hacking community Raidforums on May 16 posted the database of passwords, email addresses, IP addresses and private messages of more than 113,000 users of Ogusers[.]com.

“On the 12th of May 2019 the forum ogusers.com was breached [and] 112,988 users were affected,” the message from RaidForums administrator Omnipotent reads. “I have uploaded the data from this database breach along with their website source files. Their hashing algorithm was the default salted MD5 which surprised me, anyway the website owner has acknowledged data corruption but not a breach so I guess I’m the first to tell you the truth. According to his statement he didn’t have any recent backups so I guess I will provide one on this thread lmfao.”

The database, a copy of which was obtained by KrebsOnSecurity, appears to hold the usernames, email addresses, hashed passwords, private messages and IP address at the time of registration for approximately 113,000 users (although many of these nicknames are likely the same people using different aliases).

The publication of the OGuser database has caused much consternation and drama for many in the community, which has become infamous for attracting people involved in hijacking phone numbers as a method of taking over the victim’s social media, email and financial accounts, and then reselling that access for hundreds or thousands of dollars to others on the forum.

Several threads on OGusers quickly were filled with responses from anxious users concerned about being exposed by the breach. Some complained they were already receiving phishing emails targeting their OGusers accounts and email addresses. 

Meanwhile, the official Discord chat channel for OGusers has been flooded with complaints and expressions of disbelief at the hack. Members vented their anger at the main forum administrator, who uses the nickname “Ace,” claiming he altered the forum functionality after the hack to prevent users from removing their accounts. One user on the Discord chat summed it up:

“Ace be like:

-not replace broken hard drives, causing the site to time warp back four months
– not secure website, causing user info to be leaked
– disable selfban so people can’t leave”

It’s difficult not to admit feeling a bit of schadenfreude in response to this event. It’s gratifying to see such a comeuppance for a community that has largely specialized in hacking others. Also, federal and state law enforcement investigators going after SIM swappers are likely to have a field day with this database, and my guess is this leak will fuel even more arrests and charges for those involved.

Simple Mitigation Tips For Securing Android E-Readers

Android e-readers are not taking any headlines when manufacturers are announcing their products. However, the e-ink based Android tablets are still selling like hotcakes, given it provides more flexibility than the similarly priced Amazon Kindle e-readers. Like the latter, no matter what type of book you open, the text is rendered against an old type of paper called sepia. There is an option under the setting menu, and you can add different gradation backgrounds such as wood, leather, solid color and so on. Reading on white background may be stressful for some, and Android e-readers provide the ability to change the background color of a book to the color that the user prefers. Not only can users change the background, but they can also change the color of text, hyperlinks, and so on.

If users like fonts, line spacing, alignment, and control of margins, they will love Android e-readers. There are many options to change all these features, Android always has the edge over kindle when it comes to customization. It’s good to customize the settings that they apply to whatever book the user opens next. Page turning speeds are fast, impressive, and users can read in both horizontal and vertical modes (ie, horizontal and vertical). The direction is locked by default but can be canceled immediately in the settings menu. The only thing that potentially may annoy users is the whole page turning experience, a strange line that turns the screen off every time users turn a page. It’s not just a screen refresh, but page feed takes a bit more time than the behavior of the Amazon Kindle. As users send pages, gestures, and swipe, these lines will follow and fill the page.

But unlike the Kindle e-readers, which provides basic e-ink reading capability, Android e-readers are full-time Android tablets but with an e-ink screen. That means all the vulnerabilities of a regular Android device affects the Android e-readers, in reciprocity, the feature that keeps Android secure such as the built-in antimalware, Google Play Protect is also installed in the Android e-reader device. The only weak part of Android e-readers is they are considered as legacy devices, that means it only comes with Android 4.0 Ice Cream Sandwich, with the latest version rocking Android 6.0 Marshmallow which was released three years ago.

Android e-readers are no longer occupying store shelves, and usually can only be bought from online stores. As Android 4.x and 6.x are considered old versions of Android, and no longer receives patches from Google, a heightened level of security awareness is required to continue the safe usage of the device.

Here are some of our recommendations:

Only associate your Google Account if you need to access the Google Play Store
That means the Google Account does not need to be saved on the device. Associate the Google account only if a new app needs to be downloaded from the Play Store. That will help preserve the security and privacy of the Google account in the event the e-reader captures malware. In an infected Android device, the associated Google Account is at risk of getting used for nefarious purposes. So better not have the account associated with the device if there are no new apps that need to be installed.

Turn-off Bluetooth component if not used
Keep the device isolated, without access to Bluetooth, means there is no chance from a 3rd party to send files to the e-reader.

Only use legitimate apps (never sideload)
Apps should only be downloaded from the official source, the Google Play Store. This way, the Google Play Protect will kick-in and scan the apps first before installation.

See if using a full Android tablet or phone will be a better experience
Evaluate if you really need to continue using the e-reader, it is using a very old Android version which is considered as not safe for typical daily usage when connected online. Replace the device with a regular tablet or phone, if not keep it offline instead of being visible in the public Internet.

Also, Read:

7 Android Security Features You Never Knew You Needed

Nexus and Pixel devices now has Google’s Android Security Patch

Fortnite’s Accidental Revelation of Android’s Security Weakness

Google Launches Play Protect for Android Device Security

The 6 Deadly Mobile Security Threats

The post Simple Mitigation Tips For Securing Android E-Readers appeared first on .

Unistellar attackers already wiped over 12,000 MongoDB databases

Unistellar attackers have already wiped roughly 12,000 unsecured MongoDB databases exposed online
over the past three.

Every time hackers deleted a MongoDB database they left a message asking the administrators to contact them to restore the data.

Unfortunately, the criminal practice of deleting MongoDB databases and request a ransom to restore data is common, experts observed several campaigns targeting unsecured archive exposed online.

In the last wave of attacks, crooks don’t request the payment of a specific ransom amount, instead, they provide an email contact to start a negotiation.

Bleeping Computer first reported the attacks and cited the expert Sanyam Jain as the person that discovered the deleted MongoDB databases.

“this person might be charging money in cryptocurrency according to the sensitiveness of the database.” explained Jain.

The expert discovered 12,564 unprotected MongoDB DBs that were wiped by an attacker tracked as Unistellar, he searched the text “hacked_by_unistellar” that the attacker left in the message.

Making the same search on Shodan experts at BleepingComputer found a smaller number, 7,656 databases, while doing the same search I found 8.133 compromised installs exposed online.
It is likely the attacker has automated its attacks chain due to the lange number of MongoDB databases deleted by Unistellar.

Unistellar MongoDB wiped

Jain first discovered the attacks on April 24, the note left by the Unistellar attacker reads “Restore ? Contact : unistellar@yandex.com

The attacker used two email addresses in these attacks, unistellar@hotmail.com or unistellar@yandex.com.

According to Jain, Unistellar creates restore points to restore the databases after the victims have paid the ransom.

If you manage a MongoDB instance follow the guidelines on “how to secure a MongoDB database” 

If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

Thank you

Pierluigi Paganini

(SecurityAffairs – Unistellar attacks, MongoBD)

The post Unistellar attackers already wiped over 12,000 MongoDB databases appeared first on Security Affairs.

Facebook banned Archimedes Group, misinformation made in Israel

A new political misinformation campaign was uncovered and blocked by Facebook, this time it was not operated by Russia but Israel’s Archimedes Group

Facebook uncovered and blocked a misinformation campaign powered by Israel’ Archimedes Group, the corporation used fake accounts to manipulated political campaigns.

According to Facebook, the Archimedes Group used hundreds of pages, accounts, and groups in the attempt to influence the public sentiment on political discussions.

The misinformation focused on specific countries in Africa (Nigeria, Senegal, Togo, Angola, Niger, and Tunisia), Latin America and Southeast Asia. The operators behind this campaign posed themselves as local people and organizations to fuel the debate on specific political events.

“Today we removed 265 Facebook and Instagram accounts, Facebook Pages, Groups and events involved in coordinated inauthentic behavior. This activity originated in Israel and focused on Nigeria, Senegal, Togo, Angola, Niger and Tunisia along with some activity in Latin America and Southeast Asia.” wrote Nathaniel Gleicher, Head of cybersecurity Policy at Facebook. “The people behind this network used fake accounts to run Pages, disseminate their content and artificially increase engagement.”

Facebook banned Archimedes Group and all of its subsidiaries from its social media platforms.

Facebook shared some interesting details about the efforts of the corporations in spreading fake news to change the perception of the reality:

  • Presence on Facebook and Instagram: 65 Facebook accounts, 161 Pages, 23 Groups, 12 events and four Instagram accounts.
  • Followers: About 2.8 million accounts followed one or more of these Pages, about 5,500accounts joined at least one of these Groups and around 920 people followed one or more of these Instagram accounts.
  • Advertising: Around $812,000 in spending for ads on Facebook paid for in Brazilian reals, Israeli shekel, and US dollars. The first ad ran in December 2012 and the most recent ad ran in April 2019.
  • Events: Nine events were hosted by these Pages. The first was scheduled for October 2017 and the most recent was scheduled for May 2019. Up to 2,900 people expressed interest in at least one of these events, and a portion of their accounts were previously identified and disabled as fake. We cannot confirm whether any of these events actually occurred.

Facebook provided an example of the type of content that was removed, the following image is related to Martin Fayulu, leader of the Engagement for Citizenship and Development party in the Democratic Republic of the Congo.

screenshot-2019-05-17-at-07-17-23.png

Archimedes Group invested a total of $812,000 on Facebook ads, these figures could give you an idea about the strategic importance of social networks in misinformation campaigns.

“It has repeatedly violated our misrepresentation and other policies, including by engaging in coordinated inauthentic behavior,” Facebook says. “This organization and all its subsidiaries are now banned from Facebook, and it has been issued a cease and desist letter.”

Now the question is, who paid this campaign?

If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter”

https://www.surveymonkey.com/r/EUBloggerAwards2018

I’m one of the finalists thanks to your support

Thank you

Pierluigi

Pierluigi Paganini

(SecurityAffairs – Facebook, Archimedes Group

The post Facebook banned Archimedes Group, misinformation made in Israel appeared first on Security Affairs.

Our Long Collective Struggle To Secure Enterprise Email

Email is the oldest service on the Internet, launched in the 1970’s, it is older than the WWW or the World Wide Web itself for more than three decades. However, the fundamentals of sending and receiving email have not fundamentally changed, in fact, all the weaknesses of the email systems of the 70s are still hounding us today. In 1978, we witnessed the first spam email sent to thousands of corporate email users. The other threats such as malware and phishing through email followed soon after.

These threats take advantage of the basic foundation of email, which is accessibility and open-ended approach to transferring information. Security is never the foundation of email when it was first conceptualized by the fathers of the Internet. It is a direct product of the TCP/IP (Transmission Control Protocol/Internet Protocol), where scientists are able to communicate with one another the results of their experiments and research.

When email and the rest of the Internet became a “public sphere” as opposed to the initial “for military use only”, opportunity seekers look at it and found a new home when it comes to exploiting the weaknesses at the expense of unsuspecting users. The number of cyber attacks targeting countries and companies is increasing, and information security measures are now a matter of life and death for companies. At the same time, however, the combination of business and IT has progressed, and while numerous IT investments are required, the amount of investment in security is a reality. Similarly, many IT personnel are busy with various tasks, making it difficult to specialize in security measures.

Under such circumstances, effective use of security solutions is essential to obtain a safe and secure environment including business partners and customers. Above all, the most important point is how to secure the security of “mail” which is said to occupy 80 to 90% of the attack path. It goes without saying that even among the damage caused by cyber attacks, it is information leakage that brings fatal damage to companies. Targeted attack emails and emails such as phishing emails often use messages that spoof legitimate senders, such as business partners, financial institutions, and public organizations. And the reason why the damage globally has been increasing in the last two decades is that the methods for infecting the sentences and malware described in such malicious emails have been refined.

Is there a permanent solution?
As an attack method by email, attachment files of malware such as ransomware and URL spoofing (redirection) are often used. In the latter case, if you click on the URL link in the mail, you will be diverted to a falsified website, etc. and you will be forced to download malware, etc. And please be aware that in such email-based attacks, the pattern of spam emails, which was previously thought to cause no direct harm to the system, is rapidly increasing.

Spam email is an advertising email sent indiscriminately to an unspecified number of people, often referred to as “spam”. In the past, the damage caused by spam emails was such that sending many unnecessary emails interfered with business operations, and the effort for deletion would be unrelentingly costly. However, recently, in addition to these, as mentioned above, it has become a trigger for malware infection or is being used for phishing scams. Also, there are more cases where Botnet, which sends large-scale spam emails, is the source of ransomware.

There is no other defense but for users to develop a sense of doubt when receiving emails. A reasonable level of suspicion does not hurt, in fact, it is even safer to actually call the sender of the email to verify if that person actually sent an email. There is no system that can 100% prevent email risks, but there will always be a human standing in the way. The point of getting a network infected or a company falling for spear phishing is the human user of the system representing the company. All employees are the frontliners in all corporate IT security arrangement.

Also, Read:

Avoid These Mistakes, Ensure Better Enterprise Security

Is It Possible To Have Email Security Without OpenPGP/S-MIME?

Mimecast Quarterly Report: 25% Of Spam and Malicious Emails Bypass Security Systems

How Enterprises Can Combat Cybersecurity Challenges On The Cloud

Can Artificial Intelligence Boost Future Email Security?

The post Our Long Collective Struggle To Secure Enterprise Email appeared first on .