From the Winter 2024 Issue

UNISQUATTING IDN HOMOGRAPH ATTACKS

Author(s):

Danny Gershman, Founder and CEO, Radius Method

Unisquatting (a portmanteau for Unicode cybersquatting) or the Internationalized Domain Name (IDN) homograph attack is a fairly new type of mechanism that builds on several other types of Domain Name System (DNS) address attacks. The typosquat (Uniform Resource Locator (URL) hijacking) attack relies on being able to register a domain name very closely resembling another … Read more

From the Winter 2024 Issue

Cyber McCarthyism – The Third Red Scare

Author(s):

Chris Pogue, Director, Digital Forensics and Incident Response, CyberCX

Cyber McCarthyism

McCarthyism, also known as the Second Red Scare, refers to the political repression and persecution of various politicians, government employees and military personnel, in an attempt to spread the fear of alleged communist and Soviet influence on American institutions and of Soviet espionage in the United States during the late 1940s through the 1950s.  After the mid-1950s, Senator Joseph McCarthy, who had … Read more

From the Spring 2021 Issue

Holistic Threat Intelligence: New Trends & Successes

Author(s):

Darrell Johnston, Director, Silobreaker

holistic-threat-intelligence

Threat intelligence, by its very nature, stems from a world of secrecy, small key pieces of valuable intelligence on a target, recorded in the shadows and quietly passed along for a competitive or strategic advantage. In modern days, intelligence programs are used most by medium to large scale organizations seeking to better protect and defend … Read more

From the Spring 2021 Issue

Rise of the Chief Intelligence Officer (CINO)

Author(s):

A.J. Nash, Vice President of Intelligence, ZeroFOX

rise-of-the-chief-intelligence-office-CINO

In response to growing threats in cyberspace, private sector organizations began creating Intelligence programs nearly a decade ago, usually referred to as Cyber Threat Intelligence (CTI). In theory, the private sector was attempting to replicate what the government has successfully done for generations: gain informational advantage to prevent enemy victories and mitigate damage from enemy … Read more

From the Spring 2021 Issue

Cyber Doomsday on Wall Street

Author(s):

Christian George, Lead Engineer, Booz | Allen | Hamilton

cyber-doomsday-on-wall-street

THE BIG ONE With high-speed trades and immense quantities of exchanges, the global financial community is the most interconnected industry to have ever existed. Banks have always been a target for nefarious actors. As Willie Sutton, the infamous bank robber, reputedly replied to the question of why he robbed banks: “Because that’s where the money … Read more

From the Spring 2021 Issue

The Key is Under the Mat, and We Left the Lights On

Author(s):

Scott Smurthwaite, PhD, Information System Security Engineer , mangoLabs

the-key-is-under-the-mat

Russian Hackers On December 8, 2020, when FireEye CEO, Kevin Mandia, announced in his company blog that a highly sophisticated state-sponsored adversary stole FireEye’s ‘Red Team’ tools1, it was a harbinger for the storm we would eventually know as, The SolarWinds Hack. The following week, when FireEye announced that they had identified a global campaign … Read more

From the Winter 2020 Issue

Doing More to Support Those Residing in Assisted-Living or Eldercare Facilities with Cybersecurity and Cybercrime Prevention

Author(s):

Stan Mierzwa, Managing Assistant Director, Center for Cybersecurity, Kean University

Elderly Cyber Crime Prevention

Introduction As the U.S. population continues to age, those entering senior living arrangements will continue to grow and with that potential this population is more likely to be the regular users of computers, laptops, smartphone/tablets and Internet. The U.S. Census reports that as of 2016, 86.9% of older Americans aged 65 to 74 have computer … Read more

From the Fall 2018 Issue

Managing Insider Risk in the Perimeter-Less Workplace

Author(s):

Shawn M. Thompson, Founder and CEO, ITMG

Cyber-Security-Data-Protectio-234998119

The corporate workplace is rapidly changing. Traditional norms of working at a physical location are becoming obsolete and working remotely is the new norm. A recent study suggest that more than 40 percent of Americans telecommute part-time and some industries (finance, software, management) now have as much as 38 percent of their staff working remotely … Read more

From the Summer 2018 Issue

The Criticality of Context in Threat Intelligence

Author(s):

Gary R. Hayslip, Deputy Director and CISO, City of San Diego

Organizations commonly associate the purchase of the latest security technology to create a sense of protection from attacks. Unfortunately, cybersecurity is more than just hardware, software, or a new cloud service. Deploying security without context gives organizations a false sense of protection, making them less resilient and more vulnerable to the cyber incidents that they … Read more

From the Summer 2018 Issue

The Executive Case for Active Insider Threat Management

Author(s):

Dr. Rebecca Wynn, Chief Cybersecurity Strategist & CISO, Click Solutions Group

rwynn-header

Every company will face an insider-related security incident sooner or later, regardless of whether it will be caused by a malicious action or an honest mistake. Key Considerations for Dealing with Senior Management Where The Information Security Leader Fits Within the Organization: Without the appropriate title, support and platform, success will be difficult to attain. … Read more