Email impersonation threats reaching corporate inboxes hit an all-time high – John Wilson – ESW #326
While malware and ransomware tend to dominate cybersecurity headlines, Fortra’s research shows that nearly 99% of email threats reaching corporate inboxes utilize impersonation rather than malware. Email impersonation is a key component of credential phishing, advance fee fraud, hybrid vishing, and business email compromise schemes. Because email impersonation scams rely on social engineering rather than technology, the barrier to entry for an aspiring cybercriminal is almost non-existent. In this segment, we’ll explore strategies for defending against email impersonation.
Segment Resources: Fortra Cybersecurity Learning Resources
2023 BEC Trends, Targets, and Changes in Techniques
This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them!
John Wilson has been combating email-based fraud since 2006, when he developed an authentication-based anti-phishing solution as CTO of Brandmail Solutions. John continued his mission to rid the world of email fraud at Agari. As part of their threat intelligence team, John assisted Microsoft and the FS-ISAC with the B54 Citadel botnet takedown by providing data related to Citadel botnet infections and by acting as a declarant in the civil forfeiture action filed in US District Court.
John joined Fortra through the acquisition of Agari in June 2021. In his current role at Fortra, he continues to research email scams and conduct experiments in “active defense”. In early 2023, John again worked with Microsoft, this time on a takedown effort aimed at curbing the illegal use of Fortra’s Cobalt Strike adversary simulation solution.
John holds a B.S. in Computer Science and Engineering from MIT. He has spoken at a variety of security conferences including RSA, FS-ISAC, Aviation ISAC, NCFTA Disruption, and the Microsoft Digital Crimes Consortium.
Security Weekly listeners: Now is your chance to join the infosec community as they come together at InfoSec World 2023, September 23 – 28, 2023 at Disney's Coronado Spring Resort in Lake Buena Vista, FL. Hear keynotes from Scott Shapiro, Founding Director at Yale CyberSecurity Lab’s and Rachel Wilson, Managing Director and Head of Cybersecurity at Morgan Stanley.
As a Security Weekly community member, you’re able to receive 20% off your InfoSec World 2023 tickets using code ISW23-SECWEEK20! Register today: securityweekly.com/infosecworld2023
Building an online community to protect kids online – from scratch! – Fareedah Shaheed – ESW #326
Fareedah Shaheed, aka CyberFareedah, has dedicated herself to educating the public on online safety. Today, we'll talk about the challenges she has faced in building a training company from scratch, targeting both consumers, and private business. Her journey is interesting from multiple perspectives: as a business owner, an immigrant, becoming an influencer, and establishing herself as a cybersecurity thought leader - all within less than half a decade!
Fareedah Shaheed is an Award-Winning Internet Safety Expert and a Forbes 30 Under 30 honoree. She specializes in helping parents protect their kids online. Her work has been featured in Cisco, CNN, The Wall Street Journal, Fortune, NASDAQ, NASA, FOX 25, FOX 46, FOX Carolina, AfroTech, Ebony Magazine, Yahoo!, NBC4, Worth Magazine, and many more. And in 2022, she was named LinkedIn Top Voices in Cybersecurity.
Join us at an upcoming Official Cyber Security Summit in a city near you! This series of one-day, invitation-only, executive level conferences are designed to educate senior cyber professionals on the latest threat landscape.
We are pleased to offer our listeners $100 off admission when you use code SecWeek23 to register.
Visit securityweekly.com/cybersecuritysummit to learn more and register today!
Cyberinsurance, how cybersecurity startups fail, barbie, and cocaine sharks – ESW #326
This week in the Enterprise Security News: we discuss securing open source, Cyberinsurance, Hackerone Layoffs, and whether or not Sharks have noses!
Stay up-to-date with us on X (formerly known as Twitter) for the latest show clips and updates! Find us @SecWeekly and stay connected with our cybersecurity community.
Adrian Sanabria
- FUNDING: HiddenLayer raises a $32M Venture Round
Well, $31.9M to be exact. Is it a Series A? I don't know. Not surprising, given they won the Innovation Sandbox this year. Hot market also (securing AI).
- FUNDING: Announcing $20M Series A to Secure Open Source Software – Socket
- FUNDING: Converge Insurance Announces $15 Million Series A Funding from Forgepoint Capital
- LAYOFFS: HackerOne Lays off 12% of Staff
LinkedIn says they have over 4000 employees, but I wonder if a lot of those are 'hackers' on the platform? If they actually have 4000 employees, we're talking 500 people let go in this round of layoffs, but I suspect 4000 isn't an accurate number, due to H1's less common business model.
- ESSAYS: SOC2 Suck — A False Sense of Security
The raw truth about SOC2s from GreyNoise's Director of IT.
- ESSAYS: Leading Cybersecurity with a Control vs. Resilience Strategy
- ESSAYS: 12 ways to fail a cybersecurity startup
- CYBERINSURANCE: Coverage Challenges in Ransomware Claims: Cyber Insurance Policies and Trends in Denials
- CYBERINSURANCE: Coverage Challenges in Ransomware Claims: Cyber Insurance Policies and Trends in Denials
- AI TRENDS: Introducing Our AI Policy
- LEGAL: Russia Sends Cybersecurity CEO to Jail for 14 Years – Krebs on Security
Well, it's Russia... but still not a good precedent.
- LEGAL: The Reformed Analyst – The Impact of Legal Action Against CISOs
- LEARNING: Edition 21: A framework to securely use LLMs in companies – Part 1: Overview of Risks
- LEARNING: What’s the difference between Product Security and Application Security?
- SCAMS: Barbie scams #shorts
- SQUIRREL: Cocaine sharks: Marine biologists believe sharks are eating cocaine dumped off Florida’s coast
