Colors: Purple Color

Most people live under the assumption that email is immutable once delivered, like a physical letter.  A new email exploit, dubbed ROPEMAKER by Mimecast’s research team, turns that assumption on its head, undermining the security and non-repudiation of email; even for those that use SMIME or PGP for signing.  Using the ROPEMAKER exploit a malicious actor can change the displayed content in an email at will. For example, a malicious actor could swap a benign URL with a malicious one in an email already delivered to your inbox, turn simple text into a malicious URL, or edit any text in the body of an email whenever they want. All of this can be done without direct access to the inbox.

If you’re familiar with mafia movies then you’re familiar with extortion – the practice of obtaining something, especially money, through force or threats. Extortion has been around for centuries – well before “The Godfather” or “Goodfellas.” Even cyber extortion, which extends this criminal activity into the digital world, isn’t new. What is new, however, is the wide variety of methods that are used by the bad guys to get their money.

The role of the CIO has changed significantly over recent years, evolving from network operator and general FAQ answerer to business brain and strategist. Regionally, the change has been driven by the next wave of Social, Mobile, Analytics and Cloud (SMAC) technologies, which promised to unleash innovation and productivity in the enterprise by delivering better employee and customer experiences. Yet the game changing idea was that the CIO would execute those experiences.

Exploit kit activity is waning. Collectively these malware distribution tools used to be a prominent method of infection. They rely on compromised websites, malicious adverts and social engineering to direct web traffic to their landing pages and attempt the exploitation of vulnerable software. Operated by various actors and groups, exploit kits possess different features, use various exploits and distribute different malware to victims. Since June 2016 at least four of the major players in this area ceased to be active. In this blog, I wanted to explore which exploit kits are still around and propose some plausible scenarios for the future of the exploit kit landscape.

High profile data breaches are regularly in the news and, seemingly, businesses and are losing the battle to protect their intellectual property (IP), corporate, and customer data from the threats posed by professional cybercriminals.

I’ll venture to guess you’re using a mobile device to read this. In a recent Ericsson Mobility Report, the total number of mobile subscriptions at the end of 2016 was approximately 7.5 billion and growing around 4 percent year-on-year.  Greater speed, power and storage capabilities of mobile devices means they are used more frequently for activities previously reserved for laptops or PCs.