Cyren Security Blog

Subscribe to this Blog

Survey Says 44% of Companies Phished This Year

by John Callon

Email Security Phishing Ransomware Security Research & Analysis Web Security

The third annual Cyren-Osterman Research U.S. security survey shows a significant increase in phishing emails getting through to users and in the number of successful phishing attacks suffered by businesses during the past 12 months, among many topics covered in the 16-page report, "IT Security at SMBs: 2017 Benchmarking Survey", available for free download.

Exposure of car manufacturers’ data underscores risks posed by suppliers

by Duncan Mills

Email Security Industry Insights Security Research & Analysis Web Security

A single vendor can cause significant damage to multiple businesses in the wider supply chain, with breaches affecting customers, partners, and suppliers.

Cryptocurrency Exchange Targeted by Fake Phishing Site

by Maharlito Aquino and Kervin Alintanahin

Email Security Phishing Security Research & Analysis Web Security

Criminals gain access to cryptocurrency wallets and exchanges using phishing, ransomware, the creation of imitation wallets, and bitcoin-stealing malware.

Why is the security industry telling you that your users should protect themselves?

by Duncan Mills

Email Security Industry Insights Web Security

I’m a technology marketer, and the annual RSA security event is an opportunity for me to understand what my peers and competitors are saying to customers and potential customers. My takeaway this year is that many in the industry appear to be telling customers to shift the burden of protection to the end-user. 

Double Deceit: Bad Things Come in Pairs

by Maharlito Aquino and Kervin Alintanahin

Email Security Security Research & Analysis Threat Analysis Web Security

The chinese proverb may say that good things come in pairs, but in what appears to be a clever bit of social and technical engineering, we’ve discovered a new email threat carrying not one, but two different malicious attachments as bait, specifically a PDF file and a Microsoft Template file (OpenXML/DOTX), targeting a previously reported Microsoft Office vulnerability in order to deliver the remote access trojan (RAT) known as NetWiredRC. We believe the use of two attachments is intended to make the email seem more legitimate to recipients. Typically hackers only send one malicious attachment—by sending two, the hackers increase the chances that the target will open at least one of them. In addition, the techniques applied within the attachments add a few layers of complexity in both the delivery of the exploit and the final payload, and are intended to help evade detection.

Cybercriminals see real estate firms as profitable

by John Callon

Email Security Industry Insights Malware Phishing Security Research & Analysis Web Security

For the last two to three years, stories about real estate hacking and particularly phishing have appeared with increasing frequency in newspaper and blog headlines. Take for example the cybercriminals who stole client contact information from a DC-area real estate company, and then created a “business email compromise” (BEC) scam, which resulted in $1.5 million being stolen in a phishing/wire fraud scheme from a couple about to close on a home.