Deceptive Email Compromises More Than 1 Million Health Care Records

Carefirst, the health insurance company, reported on May 20 that approximately 1.1 million health care records were compromised in "a sophisticated cyberattack." What was the method used in the "sophisticated cyberattack"? Bryan Krebs has the details: Turns out, the same bulk registrant in China that registered the phony Premera and Anthem domains in April 2014 also registered two Carefirst look-alike domains — careflrst[dot]com (the “i” replaced with an “L”) and caref1rst[dot]com (the “i” replaced with the number “1”). Additionally, ThreatConnect has unearthed evidence showing the same tactics were used on EmpireB1ue.com (note the “L” replaced with a number “1”), a [...]

2017-01-07T17:35:10-05:00May 26th, 2015|Cybersecurity - General, SP Guard, spear phishing|

Verizon Discovers – Human Phishing Sensors

Verizon has released its Verizon 2015 Data Breach Investigations Report. We created this infographic from the report: At the conclusion of a comprehensive discussion of phishing, Verizon observes: Taking measures to block, filter, and alert on phishing e-mails at the gateway is preferred, but no technological defense is perfect, which leads us straight to…people. There is some hope in this data in that three-quarters of e-mails are not opened or interacted with. We wondered if there was a way to bump that number up (e.g., by giving users a quick way to flag potential phishes and become a detective control), so [...]

2017-01-07T17:35:10-05:00May 6th, 2015|Cybersecurity - General, SP Guard, spear phishing|