Get In Touch
Recently by Jim Black
In my previous blogs, I wrote about how phishing is no longer just an email problem, how the industrialization of phishing is being driven by the easy availability and low cost of phishing toolkits, and how current phishing defenses are being bypassed by attackers.
In my previous phishing blogs, I wrote about the evolution of phishing and the industrialization of phishing that's being driven by the availability and low cost of toolkits.
As I mentioned in my previous blog post, phishing attacks are now being created and executed on an industrial scale. Malicious actors are increasingly using highly sophisticated off-the-shelf phishing kits that allow them to deliver very targeted, short-lived attacks. These campaigns direct victims to a phishing web page that's an exact copy of a consumer or enterprise brand's site. This has lowered the barrier to entry for launching phishing attacks.
Phishing has been around for nearly as long as email has, and the perception that phishing tactics have not evolved persists. Many people believe we are still in the era of the easy-to-spot "Nigerian prince" emails, shown below. Underneath that, we see a highly creative, yet not any more technically sophisticated, "Nigerian astronaut" ruse.
With the rapid uptake in SaaS applications and the ease of moving enterprise applications from the data center to the cloud, many global companies are transforming the way they connect branch offices. In the past, the conventional approach was to connect all of your locations over an MPLS Wide Area Network (WAN) and then send all branch traffic over that to a regional HQ or even a single global HQ.
Managing security configurations for large organizations with locations scattered around the world can be challenging. Likewise, some businesses have multiple operating divisions that are separate entities but all use the same IT infrastructure. As an IT leader, you likely want to have consistency in baseline security and acceptable use policies, yet have regional or line of business security teams have the flexibility to make changes that reflect specific needs in
The last few years have witnessed seismic changes in the world's political landscape and the way elections have been conducted. As of yet, there's no conclusive evidence that the results and outcomes of a country's election process have been impacted by the cyber efforts of internal or foreign agencies. However, all of the speculation and discussion around this subject has heightened the awareness of governments around the world that they
The basic concepts of zero trust security are relatively simple: trust nothing, verify everything, and maintain consistent controls. But, for CISOs and CIOs charged with transforming their legacy moats and castles architecture to one that allows their enterprises to embrace all of the benefits of zero trust, this is not a simple forklift change. Many enterprises Akamai that consults on zero trust are on transformational journeys, resulting in multi-year projects
In the first part of this blog post I wrote about how recursive DNS (rDNS) is an attack surface that many enterprises don't currently protect. Bad actors are exploiting that fact and developing advanced targeted threats that use DNS to bypass conventional security tools such as firewalls, secure web gateways and endpoint antivirus.