Security Awareness Archives

COVID-19 vaccine: beware of phishing

Have you received a strange e-mail about COVID-19, offering you various solutions to buy an under-the-counter vaccine currently in distribution? Think twice before clicking on any link. In addition to trying to sell fake Covid-19 drugs and vaccines, hackers are using the latest news as bait for their phishing campaigns. Threat intelligence analysts have warned that cybercriminals are taking advantage of developments on the COVID vaccine distribution campaign to give rise to insidious malspam campaigns. The threats What threats are we talking about? These phishing campaigns contain a myriad of malicious files. We have singled out: .EXE with the name “Download_Covid 19 New approved vaccines.23.07.2020.exe” which, once clicked, will install […]

Dec 16

Business data loss: a nightmare for companies

Business data loss can be detrimental for businesses. Organizations – from small to medium-large – depend on technology when it comes to managing business operations and data storage. Unfortunately, technology is a double-edged sword. If digitization helps business management, a hacker attack can cause a loss of crucial data and information. Heavy financial losses and delays in operations are around the corner. We have covered these issues in our blog about the Campari case. A few numbers How real are these risks? It is estimated that 75% of SMBs have no data recovery plans in the event of a hostile event against their IT infrastructure such as ransomware, for example. […]

Dec 11

When a false flag doesn’t work: Exploring the digital-crime underground at campaign preparation stage

At the beginning of October 2020 we found copy of a malicious document potentially to be attributed to an APT group known with the name of APT34 / OilRig. The attribution, based on several elements found within the malicious document, was firstly reported by a security researcher through a social network. According the extracted evidences, the author “signed” this malicious document leaving his/her username within the document metadata. This nickname was already widely known within the Cyber Threat Intelligence field because attributed to a member of the already mentioned threat group. Indeed this nickname is Iamfarhadzadeh, linked to Mohammad Farhadzadeh, believed to be a member of the hacking unit identified […]

Dec 02

Augmented and Virtual Reality: what are the privacy risks?

Last month, Nintendo released a new video game in the popular Super Mario Kart saga. The game is part of a new category of Toys-to-life, a video game genre that uses augmented reality to build a kart circuit directly at home. This, however, could be the start of a new privacy problem. In practice, the video camera of the game captures the reality that surrounds the player, so as to create a parallel world within the console with which it is connected. But how does it work? The miracle is allowed thanks to Augmented Reality (AR), a technology that allows us to add information and virtual objects to what surrounds […]

Sep 18

Cybersecurity’s weakest link: the human factor

The latest studies are further confirming a fact that, although already known, is still too often ignored: the human factor is the greatest source of risk for companies’ IT security. In this period, in which the pandemic has dramatically increased the use of smart working, finding a solution to this problem must become a top priority. The main risk for companies In a recent survey, the Proofpoint company and the “Let’s System” community questioned the CISOs (Chief Information Security Officers) of 138 Italian companies, asking what were currently the worst threats for companies: according to 85% of them, the greatest risk is posed by phishing and social engineering attacks targeting […]

Jul 23

Twitter attack: the three lessons to learn

The recent cyber-attack that hit Twitter has created a lot of media sensation, especially because it is the first time that one of the great global social media platforms has been compromised in such a vast and blatant way. Beyond the economic and image damage produced by the attack, this event must push us to make some broader considerations, starting from the implications for cybersecurity and privacy, up to the role that certain social networks have now assumed in the sphere of social and political life. The dynamics of the attack On July 15, 2020, between 8:00 PM and 10:00 PM UTC, several Twitter accounts of celebrities, each with millions […]

Mar 19

Telsy Cybersecurity Awareness – Stay cyber-safe at home

Il responsabile della divisone di Cyber Security e Threat Intelligence di Telsy, Emanuele De Lucia, ha stilato un documento rivolto all’utenza comune utile ad accrescere la consapevolezza dei rischi del cyber spazio in questo periodo di emergenza dovuto alla diffusione del “nuovo corona virus“. Sempre più forza lavoro del Paese infatti, si trova a dover espletare i propri obblighi professionali da reti e sistemi originariamente pensati per un esclusivo uso privato, esponendo dati ed informazioni a rischi precedentemente mitigati dalle misure di sicurezza interne ai perimetri aziendali. Tale documento contiene alcune linee guida su come proteggere la propria privacy e la confidenzialità dei dati lavorati all’interno delle proprie abitazioni. E’ […]

Feb 18

A Password is not a Pass-Word

From bank accounts to entertainment, our virtual life is wider than ever, and with the 4th industrial revolution is only meant to grow at an exponential rate. Within this redefined framework, the security of our virtual life will strongly depend on the passwords we choose to protect it. In 2015 the password manager app Dashlane conducted an analysis on their clients revealing that every user owns an average of 90 accounts online. Therefore the amount of data we potentially expose online is massive and the issue of how to protect them must be addressed. The question is: if you were to live in a house with 90 doors facing the […]

Dec 16

Communication cyber threats landscape

In the new evolving communication landscape, cyber threats do not just target things, objects, or devices. First and foremost, cyberattacks target people and leverage on user’s and programmer’s psychology. On the one side, users are often the practical means by which an attack hits the mark: cybercriminals leverage on the lack of security knowledge and on the speed at which our society moves to infiltrate a system and to damage both network infrastructures and our everyday environment. Sending fraudulent emails, stealing credentials, uploading malicious attachments to applications are just some of the most common ways of exploiting human interactions with technologies to execute an attack. On the other side, even […]

Dec 09

Fighting insecurity and threats with Machine Learning

Introduction: Machine Learning and Insecurity Machine learning could fight insecurity and cyber threats. The landscape of possible cyberthreats is rapidly changing, exploiting vulnerabilities in new technologies, systematically jeopardizing wide and multifaceted systems, and threatening the security of an ever increasing amount of information. Then, the question follows naturally: how can we secure our infrastructures, systems, and information in this new landscape? Many solutions are already available. Outstanding research programs are already developing and implementing techniques to secure both new technologies, such as new Radio Access Networks and Software Defined Networks, and devices, such as lightweight technologies for IoT devices. But will this be enough? Probably not. Cyberattacks will evolve together […]

Tag Archives: Security Awareness