Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Stay informed on the latest security exploits, industry news, research, solutions, and more.
Contact us>
Last week we announced several new, important core security technologies that we added to our TRITON architecture. Websense ACE now includes 10 new defense innovations; seven are focused on outbound traffic to keep data theft and call-home communications contained, preventing theft or loss. Because so many of them are industry firsts, I wanted to take a moment to explain what many of these do and why we created them.
Truth is, the bad guys are stealing corporate data and avoiding detection using advanced techniques. In just the last year, we've seen key intellectual property and user identities stolen from corporations and government agencies, including some you would least expect-including entertainment (gaming) and security companies!
Below are a few examples of how cyber criminals are going undetected, stealing your IP, and how we can stop it from happening.
More
Last week, Lady Gaga became the latest celebrity to have her Twitter account hacked. In this instance the hacker used it to attract clicks to a scam offer for a free iPad. While this scam was designed to collect information rather than inject malware or data stealing code, it was incredibly effective. Hundreds of thousands of clicks happened in a very short amount of time before the post was taken down.
As a Security Researcher in the Websense Security Labs I’m often called upon to explain the dangers associated with these types of hacks, and how to avoid falling victim. It's a tough one because once an account is taken over the hacker mimics/impersonates the true owner of the account. In the Lady Gaga example the twitter hack used the nickname "monsters" in a rogue tweet which is a term her fans will be familiar with. Making it all the more believable.
Here are some tips for staying safe while following celebrities on Twitter...
Today, IT in Canada published an article featuring Websense on the latest email scam. Creative as always, these fraudsters are taking advantage of the Canadian tax refund season to try to phish financial information from unsuspecting users.
In the article, Patrik Runald explains that these sneaky cybercriminals have been sending rogue emails that appear as if they were sent from the Canadian Revenue Agency. In these emails are links to phony websites that look like the websites of major Canadian financial institutions like BMO, RBC, TD Canada Trust. Upon visiting the fake sites, visitors are prompted to enter their financial information – the Websense Security Labs have discovered more than 450 phishing emails related to the scam.
“Once again, the bad guys are taking advantage of Canada’s trust and good will. Hackers are sending out hundreds of phishing lures under the guise of major financial institutions during the height of tax refund season. Canadian citizens need to be extra wary of any emails asking for their online banking credentials.” -- Patrik Runald, senior manager of security research, Websense.
Websense Canadian Country Manager Fiaaz Walji is also quoted in the article. Walji warns consumers about the dangerous nature of these scams, how they’re increasing and how we can learn how to protect ourselves.
“Blended and data stealing attacks are on the rise. The recent Canadian tax refund scam is just one example of the many data stealing attacks targeting Canadian citizens. “It’s important for consumers to take the extra steps to ensure that a link coming through an email is safe. If it looks suspicious, call your bank to report the scam and ensure the legitimacy of the email.” -- Fiaaz Walji, Websense Canadian Country Manager.
Surprised to find out that malware in Canada is continuously rising? Read about it here.
Read more about how to protect your organization from data loss here.
The Board of the Internet Corporation for Assigned Names and Numbers (ICANN) this week gave final approval to what some are calling “the most dramatic change to the Internet in four decades,” allowing the expansion of new Top-Level Domains (TLDs).
There’s a lot of pushing and shoving in the media about this decision, with some very vocal proponents and those who have fought against this move.
Some argue this ICANN initiative could force a land grab of domains by businesses to protect their company reputation. However, they aren’t the only ones who are likely to try to snag these new top level domains. There’s a very legitimate concern that cybercriminals could also seek these new domains to create legitimate looking websites using well-known brand names. (read more)
Hacker is a term used to mean a variety of things over the years, and as a catch all name for ‘bad guys’ perpetrating cybercrimes it’s pretty well accepted. Most people are unaware that different meanings exist when we say hacker, and it would be reasonable to ask why should you care? However, in understanding the motivation and objective behind your ‘hacker’ - you may be in a better position to plan an appropriate defence. Malicious hackers can be broken down in to 5 broad classifications, which we will explore in a series of ongoing posts. The first type we are going to explore are "Script Kiddies."
1. Script kiddies
Who : This group want in on the action. They are usually thought of as barely shaving malodorous teens, hacking late in to the night, drinking pop and eating giant bags of crisps. Remember the film "War Games"? Despite the fact that it’s nearly 30 years later the resemblance is just as popular as ever. Often they break into computers using programs written by others, with very little knowledge about the way they work, other times they are flexing their newly formed cyber muscles.
Why: because they can. These are not the hardened criminals of the cyber world - their primary motivation is not money – it’s bragging rights. It’s all about proving they have the skills or hacking for the sheer thrill of doing something naughty. At best they're a nuisance, at worst they are honing their CV for a future career in cybercrime.
What: In 2009 an 18-year-old hacker hijacked high-profile Twitter accounts, including Barack Obama and Britney Spears. He gained entry to Twitter’s administrative control panel by pointing an automated password-guesser at the account of a member of Twitter’s support staff, giving him the ability to access any Twitter account by resetting the password. Realizing he hadn’t used a proxy to hide his IP address, potentially making him traceable, he shared the knowledge with fellow hackers so they could hack the accounts instead.
We'll continue to look at other types of hackers in future posts. Stay tuned for more Insights in the coming days.
Follow us on SpiceWorks
BlogRoll
We want to hear from you!
