ICAHN Information Technology Blog

6.18.20

There has been a significant increase in DNS domain names containing blacklivesmatter or George Floyd's name, and there is a good chance some of those are owned by people with malicious intent. Social engineers and phishing creators love to use newsworthy events to foist new scams. They know that people's interest in the latest events, natural or otherwise, makes potential victims less likely to be as skeptical when an unexpected email ends up in their inbox, especially if that email is enraging. Natural calamities like earthquakes, tornados, floods, and hurricanes have always been phishing draws. Pandemics, celebrity deaths, political upheaval, cultural unrest, and riots are guaranteed to trick a higher number of unsuspecting victims into clicking on a malicious link or downloading a file that requires their password.

Click here for the full story

5.29.20

Data breaches continue to be one of the many things that keep IT security people up at night.  They are becoming more prevalent every day with many of them containing sophisticated and targeted attacks. It is important to note that not all attacks are initiated by externally facing bad actors.  A recent report from Verizon shows that 30% of all breaches were caused by internal users. Some of that was through inadvertently giving up information to outside entities through spoofing/phishing but unfortunately, far too many are caused by sheer negligence, complacency, apathy and ignorance. It is imperative that we remain vigilant in our education efforts within our organization to mitigate these threats. This can be done many different ways; through phishing campaigns, classroom discussions, or annual in-service training. Head on over to Verizon’s website to read the article in its entirety.

https://enterprise.verizon.com/resources/reports/dbir/

5.26.20

COVID-19 has changed the IT landscape for the foreseeable future.  During this tumultuous time it's imperative to remain vigilant and adhere to all security based guidelines, policies and procedures in place within your organization.  Unfortunately bad actors are being just as vigilant in their use of multiple attack vectors, in an attempt to infiltrate our organizations.  Jessica Davis over at healthitsecurity.com has released an article explaining one of the most recent attack vectors used by these bad actors and ways to mitigate the threats they pose.  Unfortunately, with an increase in employees working offsite our exposure to these attack vectors continues to widen.

https://healthitsecurity.com/news/hackers-using-covid-19-phishing-website-spoofing-for-credential-theft