Home M3AAWG Blog

Updates and Commentary from the Messaging, Malware and Mobile Anti-Abuse Working Group

Establishing Trust in Email: Best Common Practices for Authenticating Email Messaging

Submitted by M3AAWG Content Manager on Sep 01, 2020

With the majority of companies working remotely for the foreseeable future, and social distancing procedures still in effect, we’re entirely reliant on digital communications, particularly email. Bad actors are taking advantage of this dependence, resulting in an uptick in email-related cybercrime, such as spear phishing attacks, where criminals pose as legitimate senders with a specific request.

Categories: 
Messaging
Tags: 
Best Practice

M3AAWG Engagement Series: U.S. Data Security and Privacy Regulation

Submitted by M3AAWG Content Manager on Aug 27, 2020

In the latest installment in our Member Engagement Series, Dennis Dayman, Program and Growth & Development Chairperson and Elections Co-Chair at M3AAWG, will host a session on the state of U.S. data privacy regulations in relation to international standards on Tuesday, September 1st at 8am PT / 11am ET. Professionals from M3AAWG member companies are welcome to join the session to learn more on the latest developments. To register for the webinar, please visit the M3AAWG Engagement Series site.

M3AAWG in the Industry: The Latest Technologies, Strategies and Tactics to Fight Phishing

Submitted by M3AAWG Content Manager on Aug 18, 2020

On August 6th, I participated in a panel discussion hosted by Infosecurity Magazine focused on technologies, strategies and tactics to fight phishing. The discussion, moderated by Dan Raywood, the publication’s Contributing Editor, and featuring Olesia Klevchuk, Senior Product Marketing Manager at Barracuda and James Gosnold, Security Practitioner, provided a comprehensive overview of the latest phishing-related threats and offered insight into how security professionals have adjusted their security approaches following the COVID-19 pandemic.

Honoring J.D. Falk: Submit Your Nominations for M3AAWG’s 9th Annual J.D. Falk Award

Submitted by M3AAWG Content Manager on Aug 06, 2020

Each year at our fall General Meeting, M3AAWG honors the legacy and spirit of founding member, J.D. Falk, through our J.D. Falk Award. In the wake of COVID-19 – and the corresponding uptick in cybercrime – members of the anti-abuse community have mobilized faster than ever to safeguard the online ecosystem. At M3AAWG 50, hosted virtually from October 12-15, we’ll present our ninth J.D. Falk award to a member of the anti-abuse community that has embodied Falk’s dedication to protecting end-users in this especially vulnerable time.

Categories: 
Awards
Tags: 
Awards

M3AAWG Statement on Email Authentication for COVID-19 Mailings

Submitted by M3AAWG Content Manager on Jun 10, 2020

There is a profound need for digital connectivity

The progenitors of the internet created and used email to facilitate the work that went into building and evolving the shared global resource that in these extraordinary times is connecting the world. That connection is made possible, in part, by the world-wide use of email. Email has proven to be the longest lasting digital communication channel, with the largest user base of any free or paid platform or product. What’s more, email is the first and most foundational source of identity on the internet. However, it is not without its difficulties—the email’s massive reach makes it a ripe target for bad actors seeking to deploy compromises and attacks on a global scale.

Tags: 
fighting spam, Phishing

M3AAWG 49 Session: SIM Swap and YOU

Submitted by M3AAWG Content Manager on Jun 09, 2020


Author: Alex Brotman, Chair, M3AAWG Data and Identity Protection Special Interest Group

Like a driver’s license confirms your identity, your phone number is used to verify your identity online. Given the widespread use of phone numbers in two-factor authentication and password reset, SIMs are an extremely valuable target for cybercriminals –– and anyone could become a victim. Armed with only a phone number, cybercriminals manipulate their way into accessing personal financial information, cryptocurrency accounts, and even corporate email accounts, exposing sensitive data that could lead to millions in financial damages.

M3AAWG 49 Session: IoT Security Testing

Submitted by M3AAWG Content Manager on Jun 01, 2020

Author: Ash Wilson, Co-Chair, M3AAWG IoT Special Interest Group

Gartner forecasts that over 20.4 billion IoT devices will be in use by the end of 2020. These devices, while exciting, present complex security challenges that if produced without proper testing can leave sensitive information exposed to attack. As we continue to introduce new devices to the network, it's imperative that manufacturers and researchers implement testing methodologies that take a holistic view at the IoT device ecosystem to protect the privacy and security of companies and consumers alike.

Categories: 
IoT
Tags: 
IoT

M3AAWG State of the Union: DDoS Attacks

Submitted by M3AAWG Content Manager on May 29, 2020

By Andrew Cockburn, Principal Consulting Engineer, NETSCOUT, and Rich Compton, DDoS Special Interest Group Chair, M3AAWG; Principal Network Security Engineer III, Charter Communications

This is the first installment of M3AAWG’s “State of the Union” series, where members provide updates on prominent, evolving issues and events in the industry. 

Distributed Denial of Service (DDoS) attacks are used by cybercriminals to shut down networks and websites, and targets can range from a single website to major services. Today, we’re seeing an increase in the sheer amount of DDoS attacks, part of a continuous upward trajectory over the past 30+ years.  Further, tactics are rapidly evolving, yet range in sophistication. In turn, experts are constantly working to pinpoint new techniques and mitigate attacks. Generally, once professionals notice or identify a new type of channel or vector, it's a race to patch, resolve, and add mitigations for the new attack vector before its usage becomes widespread. 

Categories: 
DDoS

By the Numbers: The Rise in COVID-19 Related SMS Spam (Member Contribution)

Submitted by M3AAWG Content Manager on May 27, 2020

By Stuart McBride, Head of Threat Intelligence, AdaptiveMobile Security
 

Cybercriminals frequently use major world events, including natural disasters, international conflicts, and political elections, to manipulate vulnerable targets. The latest scheme is focused on exploiting the public’s fear around COVID-19 and the coinciding economic shutdown through SMS spam attacks. Attackers are primarily using messages that appear like legitimate updates to stimulus and relief payments to entice unsuspecting victims into clicking links or providing information.

Categories: 
Mobile
Tags: 
Mobile, fighting spam, COVID-19

Join Us as We Take our 49th General Meeting Virtual

Submitted by M3AAWG Content Manager on May 26, 2020

The global uncertainty created by COVID-19 has left many individuals and organizations vulnerable to online scams and other cyberattacks, making our work and the work of our members, more important than ever. To facilitate anti-abuse collaboration and the development of security best-practices, while ensuring the health and safety of our members, we’re excited to host our 49th General Meeting from June 8-11, 2020 virtually for the first time ever.

Pages

Subscribe to M3AAWG Blog