According to the FBI, Business Email Compromise (BEC) and Email Account Compromise (EAC) have caused $12 billion in losses since October 2013.1 These scams target businesses and individuals performing wire transfer payments, using social engineering and intrusion techniques to gain access to business email accounts. With financially-sensitive information constantly owing through company emails, these inboxes are lucrative targets for attackers. In this research, Digital Shadows outlines the declining barriers to entry for this type of fraud. Check out our key findings.
Error - something went wrong!
Mapping the ASD Essential 8 to the Mitre ATT&CK™ framework
Australian Signals Directorate Essential 8 The Australian Signals Directorate (ASD) has published what it c...
Error - something went wrong!
Other content in this Stream
Top Cyber Threats to the Financial Services Sector
The most prevalent cybercrime threats against financial institution are the use or sale of ATM malware, targeted network intrusions, data breaches and the use of banking trojans.
Digital Risk Protection: Forrester New Wave Report
Digital Shadows Named a "Leader" in 2018 Forrester New Wave for Digital Risk Protection
Digital Shadows for Asset and Wealth Management
Asset and wealth management companies across the world work with Digital Shadows to secure their brands, detect data loss, and reduce their attack surface.
Detecting Spoof Domains - Domain Infringement | Case Study
See how one global retailer detected almost 2,000 domains impersonating their brand.
Detecting Exposed Credentials | Case Study
See how one large bank detected more than 50,000 exposed credentials in 1 year.
Cryptocurrency - The New Gold Rush for Cybercriminals
Cybercriminals have developed several schemes to defraud those looking to profit from the growth in cryptocurrencies.
Weekly Intelligence Summary 24 Oct - 31 Oct 2019
In the spotlight this week: A card skimming operation targeted the online retailer First Aid Beauty and evaded notice for months.
7.5M Adobe Creative Cloud User Records Exposed, City Of Joburg Ransomware Attack, and APT28 Updates
Adam Cook, Philip Doherty, and Viktoria Austin host this week’s ShadowTalk update around an unsecured Elasticsearch database exposing account information of aboutt 7.5 million Adobe Creative Cloud...
Typosquatting and the 2020 U.S. Presidential election: Cyberspace as the new political battleground
we detected over 550 typosquats for the 34 candidate- and election-related domains we gathered from open-source research. Not every single one was something interesting; most of the time the typosquat
Too Much Information: The Sequel | New Research
There are now 750 million more files exposed than we reported last year; not all of them are blatantly sensitive, but there is plenty of gold in these mountains.
Typosquatting and the 2020 U.S. Election, Honeypots, And Sudo Vulnerability
Kacey, Charles, Harrison, and Alex kick off this week’s episode talking about our Fall Dallas team event (an amateur version of Chopped). Then we dig into the hot topics of the week.
Honeypots: Tracking Attacks Against Misconfigured or Exposed Services
Honeypots can be useful tools for gathering information on current attack techniques. Conversely, they can be an overwhelming source of ...
Dark Web Monitoring: The Good, The Bad, and The Ugly
Gaining access to dark web and deep web sources can be extremely powerful – if you focus on relevant use cases. The most successful strategies we observe have clear requirements, such as fraud detecti
Mapping the Tyurin Indictment to the Mitre ATT&CK™ framework
When the attacker, Andrei Tyurin, pleaded guilty, we thought we could look at the attacker goals, their TTPs and map this to the Mitre PRE-ATT&CK and ATT&CK framework.
Threat Intelligence Time Management and Prioritization: An Interview with Xena Olsen
Rick Holland and Harrison Van Riper interview Xena Olsen in this episode of ShadowTalk. The team focus their discussion on how to get timely, but effective intelligence out the door.
Two-Factor in Review
A technical assessment of the most popular mitigation for account takeover attacks
Facebook’s Libra Cryptocurrency: Cybercriminals tipping the scales in their favor
Since Facebook’s announcement on June 18, there has been a gold rush, with people scrambling to register a myriad of domain permutations that infringe on the new trademarks. These have ranged from see
A Practical Guide to Reducing Digital Risk
This practical guide provides advice to help understand how to identify critical business assets, understand the threat, monitor for exposure, and take action.
Regional Bank Customers at Risk Due to Data Loss and Payment Card Fraud
In this use case, we will share how our services enabled a regional bank to detect and mitigate these attacks before they impacted their business, brand and reputation.
Cyber Risks and High-frequency Trading: Conversation with an Insider