Cyren Security Blog

Subscribe to this Blog

Email spoofing BEC attack targeting numerous employees at once

by Daria Aleksandrova

Security Research & Analysis

Spear-phishing spoofed attacks have been and remain one of the most substantial cyber threats that organizations face nowadays.

Phishers abusing Google App Engine

by Magni Reynir Sigurðsson

Security Research & Analysis

Over the last few weeks Cyren has observed a massive spike in phishing sites hosted on appspot.com domain that Google uses for its Google App Engine. 

Microsoft reports a “leap in attack sophistication”

by Cyren Security Blog

Security Research & Analysis

Last month Microsoft released a sobering Digital Defense Report.

Christmas Eve Warning! Malware Targeting Amazon Shoppers

by Maharlito Aquino and Kervin Alintanahin

Security Research & Analysis Threat Analysis

Shopping for Christmas gifts has never been easier, especially with Amazon—and who doesn’t use Amazon? This is why using fake Amazon orders is a favorite method bad actors have been using this time of year to bait rushed Christmas shoppers. As a warning to anybody (everybody?) caught up in receiving last-minute Amazon deliveries, we've come across a malicious email campaign (see image below) to install a variant of the Emotet malware, a polymorphic banking Trojan that is virtual machine-aware and primarily functions as a downloader or dropper of other malwares.

Office 365 Top Brand Targeted by Phishing Kits in 2018

by Magni Sigurdsson, Sarah Neubauer

Phishing Security Research & Analysis

Criminals are nothing if not financial opportunists, and the boom in phishing has been like a cybercrime gold rush: While some are panning for gold, others are selling the tools and equipment. In 2018, the underground phishing economy has come of age, with the evolution of phishing kits offering spoofed web pages – basic ‘equipment’ for any phishing attack – a prime example. “Phishing-as-a-Service” has ushered in a new era of sophistication and access for the low-level cybercriminal – democratizing phishing attacks.  What used to take a team of skilled designers, developers, and hackers to architect, build and deploy can now be purchased on the internet for as little as fifty bucks, or rented as a turn-key service for roughly the same amount a month.

Office 365 Security Budgets Increase to Stop Phishing

by John Callon

Email Security Phishing Security Research & Analysis

With 78 percent of businesses that utilize Office 365 reporting one or more successful cyberattacks this year, it’s not surprising that IT managers at over half of Office 365-enabled organizations also say they’ve increased their security spending by a robust average 18 percent compared to 2017.