Malcovery Security

Recent Posts

10 Cybersecurity Predictions for 2015

Posted by Malcovery Security on Tue, Dec 30, '14

2014 was a non-stop year of hacks and headlines when cyber criminals pushed the limits of conventional security to the breaking point. From celebrity phishing to the White House network, Wall Street powerhouses to the corner Dairy Queen, no one was safe. What will we see in 2015 and how will we respond? In this article, we’ll explore the top 10 cybersecurity predictions for 2015.

Prediction #1: Password re-use attacks will increase.

It is well documented that following each major password dump by the criminals a wave of secondary “password guessing” attacks hits large enterprises. This process will gain prevalence and criminal tools will automate the “guess scanning” of any new password from any source, whether Breach, Malware, or Phishing.

Read More

Topics: Cybersecurity

3 Phishing Trends You Shouldn’t Ignore

Posted by Malcovery Security on Mon, Sep 29, '14


Last week, APWG released its “Global Phishing Survey: Trends and Domain Name Use in 1H2014." There are several important phishing trends in this report that serve as key takeaways for corporate executives and security professionals.

Trend #1: Phishing attacks continue to increase.

We’ve talked about this before too. The APWG report found that there were at least 123,741 unique phishing attacks worldwide during the first half of this year. Recent history has documented a continual increase in phishing attacks. This period experienced the highest frequency of attacks since 2H2009. APWG attributes this increase to vulnerable hosting and higher levels of malicious domain/subdomain registration. 

Read More

Topics: Phishing

When Will the Phishing Problem Be Fixed?

Posted by Malcovery Security on Tue, Sep 9, '14

Corporate security professionals are often pressed by their CIO or other executive leaders on when the “phishing problem” will be “handled.” 

Several studies demonstrate that phishing continues to grow and persist. Given both the scale and the awareness of the problem, security professionals will be asked by their executive leaders how much time, budget and planning is needed in order to reach a resolution. In other words, “Give me a budget and a deadline to get this thing fixed.”

Read More

Topics: Phishing

Black Hat USA Roundup: Our Favorite Stories from This Week’s Security Conference

Posted by Malcovery Security on Fri, Aug 8, '14

The infamous benchmark-setting security conference, Black Hat, completed its 17th year this week in Las Vegas. Here are a few of our favorite stories and tweets that came out of this year’s conference:

From the Web...

How (& why) feds killed a talk on Tor-hacking at Black Hat (exclusive)

Two Carnegie Mellon University researchers from the school’s Software Engineering Institute, or SEI,  were set to present an abstract on Tor at Black Hat today. Alexander Volynkin and Michael McCord’s talk was to center on how adversaries could “de-anonymize hundreds of thousands Tor clients and thousands of hidden services within a couple of months,” and do so cheaply.

Read More

Topics: Cybersecurity

Top Phished Brands: Why Q2 Was So Busy for Cybercriminals

Posted by Malcovery Security on Tue, Jul 22, '14

Phishing and malicious spam continue to threaten networks and brands.

The second quarter of 2014 turned out to be a very busy time for phishing activity. The uptick in activity was not limited to overall volume. There was an increase in the diversity of attack types as well as well as the scale of individual attacks.

In the past, many industry conversations about threats centered around GameOver Zeus, “public enemy number one” to the corporate cybersecurity world. After the popular banking Trojan became dysfunctional, cybercriminals scrambled to fill the void with new threats before ultimately attempting a GameOver Zeus revival.

Read More

Topics: Phishing

What We Learned From Analyzing Over 40 Million Spam Messages

Posted by Malcovery Security on Tue, Jul 8, '14

Earlier today we announced yet another major milestone at Malcovery: over 47 million spam messages processed and seven thousand email-based attacks identified in one month. In addition, we achieved record automated analysis with auto-classification of 92% of phishing URLs.

As you can imagine, we’re quite pleased to have reached this major milestone as a company. However, the biggest achievement is the lessons that we’ve learned along the way.

Read More

Topics: Email-based Threat Intelligence

Is Threat Intelligence a Must-Have or a Nice-to-Have?

Posted by Malcovery Security on Mon, Jun 30, '14

Ultimately, only you can answer the question displayed in the title of this article. Obviously, as providers of email-based threat intelligence solutions, Team Malcovery is in the “must have” camp. However, despite the fact that threat intelligence is receiving a lot of industry attention these days, it is your decision as to whether or not your should allocated limited budget toward it.

In this blog post, we present a few points for you to consider if you are exploring potential threat intelligence solutions.

#1:  Wait, what is the true meaning of threat intelligence?

Read More

How Modern Cybercrime is Like an Episode of Scooby Doo

Posted by Malcovery Security on Wed, Jun 11, '14

“And I would have gotten away with it, too, if it weren't for you meddling kids."

This was always one of the last lines of every Scooby Doo cartoon.  This line was always delivered right after the bad guy’s mask was taken off, revealing the criminal.  All of the bad guys in the Scooby Doo cartoons used deception in attempt to make their evil, though overly complex, plan work.  As kids, we would watch very closely from the beginning of the episode, trying to figure out who the bad guy was.  Each clue was analyzed, every person examined.  However, until the gang in The Mystery Machine van took off the mask, you never knew for sure. 

Today’s cyber criminal is no different then the criminals that Fred, Velma, and the gang unmasked. The number one tool that is utilized is deception. Instead of acting like monsters and terrorizing a town, they are terrorizing your email inbox. 

In order to fight the modern cybercrime, we don’t need a cool van and a talking Great Dane. Instead, we need to know how the criminal is acting and how he has acted in the past.  In order to solve the case, we need to be able to gather the clues behind the attack. Threat intelligence provides the ability to look at patterns, trends, and behaviors of emerging cyber-criminals. Any device or person that is taking on this fight needs the most actionable information possible.  Threat intelligence provides both the investigators and the security devices with this information. Just like Scooby Doo, without the proper clues and experience solving crimes, the criminal will never be un-masked.

Threat Intelligence can unmask the cyber thief hiding behind your email.  And he can say “I would have gotten away with it, if it wasn’t for Threat Intelligence.”

Scooby Dooby Doo: are you ready to put your threat intelligence hat on?

Threat Intelligence:  Don't Add Servers, Add Smarts View Now

Read More

Topics: Email-based Threat Intelligence

The Biggest Misconception About Threat Intelligence

Posted by Malcovery Security on Tue, May 27, '14

Recently, we discussed the important differences between threat intelligence and threat data. The corporate security community is continually moving toward an intelligence-led security approach. It's no secret that we, at Malcovery, think this is a good thing. However, we have noticed that as words like "intelligence" and "big data" continue to rise in buzzword status, some of the meaning gets lost along the way. This leads the buyer of security intelligence solutions to develop certain misconceptions, which could create a buyer disadvantage in choosing the right solution. 

Read More

Topics: Email-based Threat Intelligence

The Unfavorable Odds of a CyberAttack: Too Many Phishes In the Sea

Posted by Malcovery Security on Thu, May 22, '14

There are too many phishes in the sea. When it comes to the odds of a cyberattack affecting your organization, the odds are not in your favor.

Read More

Topics: Phishing

View Webinar Now