CYREN Security Blog




Security-as-a-Service: Applied Cyber Intelligence for Enterprises

by Chris Taylor

Filed under Miscellaneous, Web Security.

When applying the concept of trust to the security-as-a-service (SecaaS) delivery model, it is useful to think in terms of security history. With access to the Internet and email came viruses, spam drive-by downloads and phishing, and the corresponding perimeter security software and hardware to protect corporate systems.  But, software always needs upgrading and security experts must try to remain abreast of the latest threats while it seems as if the cybercriminal is always one-step ahead. 

No Hidden camera on fake Youtube/Vimeo pages – only hidden malware

by Lordian Mosuela

Filed under Anti-Malware, Malware Analysis, Security Research & Analysis.

Last week, CYREN detected interesting emails that contained links to fake video pages. We have included a screenshot of the email. The rough translation of the subject line is “hidden camera in their house”, and the Youtube link looks like it might deliver the goods – but of course the only hidden part is the Rovnix banking Trojan.  

Destroying the ROI of Cybercrime– Part 2

by Chris Taylor

Filed under Miscellaneous, Web Security.

In the battle to defend against the ever-increasing volume and variety of threats, security solutions like firewalls, signature-based antivirus, and blacklisting may be ineffective.  This is because the criminals know that the data that powers them may lag new threats by days or even weeks.  Cybercriminals have now further raised the stakes by developing malware that incorporates evasion techniques to ‘sense’ when it is being inspected by security tools and turn off malicious operations until the inspection ends.  These combine to create a security “gap”.

Destroying the ROI of Cybercrime – Part 1

by Chris Taylor

Filed under Miscellaneous, Web Security.

2015 will be another tough year in the continuing fight against cybercrime.  Today’s Internet threat landscape is highly dynamic, as thousands of malicious actors disseminate hundreds of millions of global threats daily.  While some actors are hacktivist organizations and even nation-states, the main threat remains that of well-funded cybercriminal gangs. Their goals are simple: to steal data that can be readily monetized - such as credit card data, or vital intellectual property – and generate a high return on investment (ROI) from their efforts. 

Phishing attack on popular German bank

by Ólöf Kristjánsdóttir

Filed under Miscellaneous, Phishing, Web Security.

Last week, the CYREN team detected a massive phishing attack on customers of the German bank Postbank, with more than 50,000 new phishing URLs detected within the first 24 hours. Phishing emails are traditionally sent to a massive group of people, in the hope that among the recipients are actual customers of the brand and within that group there are unsuspecting users that will click the phishing link and complete whatever information request is included. In this case the email and phishing site look very similar to the legitimate Postbank website and so it is hard for regular users to see that this is actually phishing scam and unfortunately, enough people will fall victim to the scammer’s attempts.