Home M3AAWG Blog

Updates and Commentary from the Messaging, Malware and Mobile Anti-Abuse Working Group

Don’t Let Your Company Become a Headline: Protecting Your Brand from Cyber Attacks

Submitted by M3AAWG Content Manager on Feb 21, 2022

Phishing is still a top-of-mind threat. In 2020, 75% of organizations around the world experienced some kind of phishing attack (https://www.tessian.com/blog/phishing-statistics-2020/) and this figure increased by 22% in the first half of 2021. And according to a Proofpoint study, 74% of phishing attacks in the US were successful. Overall, the 2021 report from Ponemon and IBM found that data breach costs rose from $3.86 million to $4.24 million, the highest average total cost in the history of this report.

M3AAWG Supports EPDP Phase 2A Policy Recommendations for ICANN

Submitted by M3AAWG Content Manager on Feb 15, 2022

On Jan. 6, 2022, The Messaging, Malware and Mobile Anti-abuse Working Group (M3AAWG) announced and notified the ICANN Board of its support for recommendations made by ICANN’s Security and Stability Advisory Committee (SSAC) in SAC118 SSAC Comments on Initial Report of the Expedited Policy Development Process (EPDP) on the Temporary Specification for gTLD Registration Data Team - PHASE 2A.

Understanding and Preventing SMS-based Business Email Compromise (BEC)

Submitted by M3AAWG Content Manager on Feb 02, 2022

Author: Mobile Committee Chairs

Business email compromise, or BEC, has become an increasingly dangerous and widely used tool for an adversary to get access to a business email account to spoof the identity of an employee. Unfortunately, This technique has moved beyond email to SMS (Short Message Service) using cell phones, in which the attacker gets the target’s phone for attacks or compromises.

Categories: 
M3AAWG 5, BEC
Tags: 
M3AAWG 5

M3AAWG Addresses May 12, 2021 Executive Order 14028, Improving the Nation’s Cybersecurity

Submitted by M3AAWG Content Manager on Jan 21, 2022

Executive Order 14028 (EO), Improving the Nation’s Cybersecurity, mandates “bold changes and significant investments” to help protect against malicious cyber threats. The EO emphasizes that “cybersecurity requires more than government action”, requiring “the Federal Government to partner with the private sector”. It also states “the private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace.”

Tags: 
Public Policy comments

Malware Landscape 2021 Report Shows Rapid Growth and Origins of Malicious Software

Submitted by Anonymous on Dec 20, 2021

Interisle Consulting Group recently released its report (https://interisle.net/MalwareLandscape2021.html) studying six months of malware. 

Data showed that, based on 1.7 million malware reports collected from January 1, 2021 to June 30, 2021, malware reports increased 63% in the first half of 2021. The findings are based on analyzing 1,686,033 malware reports during a six-month study period from four widely used and respected threat intelligence sources.

The key takeaways are summarized below from the report. 

Phishing Activity Doubles from 2020; SaaS and Webmail Most Victimized, Says Q3 2021 Report

Submitted by M3AAWG Content Manager on Dec 13, 2021

The Q3 2021 Phishing Activity Trends Report has been published. The report includes data and analysis of phishing attacks as reported to the APWG by its member companies, its global research partners, through the organization’s website at https://apwg.org, and by e-mail submissions to reportphishing@antiphishing.org

APWP sources define phishing as “…a crime employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. “

New Ponemon Research Reports Business Email Compromise Attacks Result in Highest Costs

Submitted by Anonymous on Dec 01, 2021

The 2021 Ponemon Data Breach research report, sponsored by IBM, has been released, and data shows that the cost of breaches and attacks continues to increase.

M3AAWG and Anti-Phishing Working Group (APWG) Offer Recommendations to ICANN on WHOIS Access

Submitted by M3AAWG Content Manager on Nov 24, 2021

On Sept. 30, 2021, M3 AAWG and the Anti-Phishing Working Group (APWG) provided its recommendations to ICANN regarding WHOIS domain name access. M3 AAWG and APWG had conducted surveys in 2018 and 2021 to understand the impact of ICANN implementation of the EU GDPR Temporary for gTLD Registration Data.

Browser Fingerprinting using AI: M3AAWG 53rd General Meeting

Submitted by M3AAWG Content Manager on Nov 19, 2021

As Internet usage has exploded and become an integral part of everyone’s personal and business lives, the opportunities to exploit user data have become ever more attractive. Sophisticated tracking and explosion of third-party ad and other services ensure that very few users can defend themselves against data harvesting and attacks. 

Categories: 
M3AAWG 53

Scaling Cloud DDOS Protection using AI: M3AAWG 53rd General Meeting

Submitted by M3AAWG Content Manager on Nov 16, 2021

In this session at M3AAWG’s 53rd general meeting October 2021, Johnathan Azaria describes the usage of machine learning to create better security configuration for DDoS protection

Finding the best security configuration is crucial - If set correctly, it provides maximum security with minimal risk by balancing between the false positives and false negatives. However, because domain experts often need to manually work on each security configuration, this process can't be scaled. 

Tags: 
M3AAWG 53

Pages

Subscribe to M3AAWG Blog