Ericom Blog

2022 is shaping up to be another banner year for phishing attacks, with ever-innovative threat actors devising new techniques for disseminating their messages, new tactics for convincing users to click, and new ways to avoid being caught.

The OWASP Top 10 describe the security risks that organizations should avoid when designing web apps or managing their use. Adding a layer of isolation and policy-based control can help organizations meet Top 10 goals for protecting the data apps can access, the servers or clouds where they reside, the networks they’re linked to, and the apps, themselves, from danger.

This year’s DBIR confirms that when it comes to data breaches, users are not their employers’ worst enemies, but they may well be their enemies’ best helpers. How can organizations close down attack vectors that rely on user error to succeed?

For decades, LANs and WANs enabled employees to connect to the resources they needed, both within their office and across branches. But today, a new network topology is needed to address the new reality of simple, secure connectivity to apps, data and collaborators that might be anywhere.

Freelancers and 3rd party contractors often need access to your networks, software and cloud apps. But contractors' unmanaged devices pose a serious risk to your organization, since they can easily spread malware to your network or be used to expose sensitive data.

Phishing continued to soar in 2021, building on record-breaking increases in 2020. Variations, including SMS-assisted “smishing,” “vishing” that leverages voice calls, and malicious social media campaigns led the growth.

Private chat messages from the LAPSUS$ cybercrime gang, which recently breached US telecom T-Mobile, reveal that they gained access to T-Mobile’s VPN simply by purchasing initial access from a site that sells access to compromised systems.

RBI stops steganographic attacks, in which malware is concealed within the code of images or other presumably innocent content, in ways that AV/firewalls cannot detect.

Roughly a year after issuing recommendations for federal agencies on securing web browsers from malvertising and other web-based threats, CISA has issued similar recommendations for non-federal organizations as well.