Targeted Attacks: How Sophisticated Criminals Bypass Enterprise Security Measures


WEBINAR

Targeted Attacks: How Sophisticated Criminals Bypass Enterprise Security Measures


SpyCloud + ISMG

For close to three years, a technology executive was hounded by a persistent attacker who stole his identity, opened credit cards in his name, and wired funds from his bank account. Though SpyCloud helped bring this particular criminal to justice, these tactics are common in targeted attacks.

If your account takeover prevention program primarily focuses on automated attacks like credential stuffing and password spraying, you may be leaving your organization exposed to serious losses. Targeted account takeover attacks are manual, creative, and elusive, making them one of the most difficult aspects of security and risk management. When criminals decide to go after high-value individuals and organizations, they’re motivated to pull out all the stops, engaging in time-intensive, difficult to perpetrate methodologies in pursuit of lucrative rewards.

Dig into the tactics, techniques, and procedures criminals use to perpetrate highly-targeted attacks and identify areas where you might be investing unwisely in security technologies, leaving you vulnerable to sophisticated attackers.

View this on-demand webinar to learn:

  • The timeline of a breach and what types of attacks are prevalent at each stage
  • The advanced tactics criminals use to bypass enterprise security measures

  • Perspective on why enterprises should be more concerned about targeted vs automated account takeover attacks

  • Steps you can take to bolster your defenses and protect against the most damaging attacks

Solution Spotlight: ATO Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data. Learn More

Watch the Webinar:

Targeted Account Takeover Attacks

Presenter Info

Chip Witt, Head of Product Strategy

Chip Witt has nearly twenty years of diverse technology experience, including product management and operations leadership roles at Hewlett Packard Enterprise, Webroot, VMware, Alcatel, and Appthority. He is currently the Head of Product Strategy and manages the Customer Success Program at SpyCloud, which provides cloud-based security services to help businesses of all sizes prevent data breaches and account takeover attacks by alerting when employee or company assets have been compromised. Chip works closely with field intelligence teams specializing in OSINT and HUMINT tradecraft, actor attribution and underground monitoring.

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Fortune 1000 Breach Exposure: What We Can Learn

WEBINAR

Fortune 1000 Breach Exposure: What We Can Learn

SpyCloud + Threatpost

Third-party and supply-chain risk: a complex, convoluted attack surface. Stolen credentials fueling account takeover attempts aimed at infiltrating deep into corporate networks (more than 4 million plaintext passwords tied to Fortune 1000 employees can be found on the Dark Web). Stolen PII and account data that make it easy for criminals to craft highly targeted attacks. Join SpyCloud and Threatpost to talk about large enterprises’ unique risk profile and the impact of the data breach epidemic on this segment.

Drawing on the largest database of stolen credentials in the world, SpyCloud has analyzed breach data tied to Fortune 1000 employee credentials to understand trends in password reuse and data exposure. Join Tara Seals, Threatpost’s Senior Editor, and SpyCloud Head of Product Strategy Chip Witt who will discuss the extent of Fortune 1000 employee breach exposure and what it means for the organizations that work with them.

View this on-demand webinar to learn:

  • The scope of password reuse and third-party breach exposure across the Fortune 1000
  • Which Fortune 1000 sector has the most exposed credentials per company – and which has the most users potentially infected with keyloggers and other malware
  • How stolen Fortune 1000 employee PII can help attackers breach your organization
  • What you can do to protect your organization from third party account takeover

Product Feature: Third Party Insight

Monitor third party exposures and share data to aid in remediation.

Learn More

Watch the Webinar:

Fortune 1000 Breach Exposure

Presenter Info

Chip Witt, Head of Product Strategy

Chip Witt has nearly twenty years of diverse technology experience, including product management and operations leadership roles at Hewlett Packard Enterprise, Webroot, VMware, Alcatel, and Appthority. He is currently the Head of Product Strategy and manages the Customer Success Program at SpyCloud, which provides cloud-based security services to help businesses of all sizes prevent data breaches and account takeover attacks by alerting when employee or company assets have been compromised. Chip works closely with field intelligence teams specializing in OSINT and HUMINT tradecraft, actor attribution and underground monitoring.

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

How the Holidays Affect Criminal Ecommerce

WEBINAR

How the Holidays Affect Criminal Ecommerce

Legitimate retailers aren’t the only ones offering up deals to drive holiday spending. On the deep and dark web, many criminal marketplaces advertise sales on illegal wares such as stolen credentials, which criminals can use to take over consumer accounts, steal funds, and siphon rewards points. Discounts are steep, providing an easy entry point for criminals who want to resell a few stolen accounts or even purchase the means to take over their own.

In this webinar, SpyCloud researchers discuss the trends they’ve tracked on criminal ecommerce sites, including fresh data on how Black Friday 2019 sales affected prices and sales volumes for different types of illegitimate access to consumer products – and why your enterprise needs to take that data into account to protect your consumers from account takeover fraud.

View this on-demand webinar to learn the results of their research, including:

  • How these criminal marketplaces operate and why you should care
  • What criminals are buying (Disney+ credentials, anyone?), what prices they’re paying, and what volume of illegal merchandise exchanged hands this Black Friday
  • Which industries and account types are the most popular with cybercriminals this year, and what that means for the upcoming holiday season
  • What enterprises can do to protect themselves and their consumers from account takeover fraud

Solution: Consumer ATO Prevention

Protect your users from account takeover fraud and unauthorized purchases.

Learn More

Watch the Webinar:

How the Holidays Affect Criminal Ecommerce

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Hard Truths About ATO & Strategies To Defend Your Enterprise

WEBINAR

Hard Truths About ATO & Strategies To Defend Your Enterprise

Protecting your enterprise from breaches and account takeovers has never been a bigger challenge. New tools make it possible for even unsophisticated actors to perform advanced, widespread attacks that put your organization at risk. According to the 2019 Verizon Breach Report, stolen credentials are the leading attack vector — yet in a recent study by Symantec, only 7% of respondents rated account takeover as a top threat to their cloud infrastructure.

Regardless of the thoughtful measures and policies you have in place, the hard truth is that no policy can protect you from human behavior. In this webinar, SpyCloud Head of Product Strategy Chip Witt demonstrates how malicious actors take advantage of loopholes in your account takeover prevention plans. For example, your employees may be reusing compromised passwords to access corporate systems or signing up for 3rd party services like LinkedIn or Fantasy Football using their work credentials.

View this on-demand webinar to learn:

  • The anatomy of an account takeover attack
  • Real-world examples of how employee password reuse can threaten your enterprise
  • Potential holes in your account takeover plan
  • What you can do to strengthen your security posture, including alignment to NIST

Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them To defraud your users or access sensitive corporate data.

Learn More

Watch the Webinar:

Hard Truths About ATO & Strategies To Defend Your Enterprise​

Presenter Info

Chip Witt, Head of Product Strategy

Chip Witt has nearly twenty years of diverse technology experience, including product management and operations leadership roles at Hewlett Packard Enterprise, Webroot, VMware, Alcatel, and Appthority. He is currently the Head of Product Strategy and manages the Customer Success Program at SpyCloud, which provides cloud-based security services to help businesses of all sizes prevent data breaches and account takeover attacks by alerting when employee or company assets have been compromised. Chip works closely with field intelligence teams specializing in OSINT and HUMINT tradecraft, actor attribution and underground monitoring.

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Operationalizing Data For Fraud Investigations

WEBINAR

Operationalizing Data For Fraud Investigations

Security and Fraud teams are swimming in data. Data is not the problem, but operationalizing and making use of the data we have is — especially when it comes to fraud prevention.

Enjoy this lively discussion with Chip Witt, Head of Product Strategy at SpyCloud, and Security Boulevard Managing Editor Charlene O’Hanlon and see live Maltego examples demonstrating how organizations can actually get a handle on their data and into their security systems to prevent fraud.

Solution: Fraud Investigations

Unmask criminal identities and attribute crimes to specific individuals.

Learn More

Watch the Webinar:

Operationalizing Data For Fraud Investigations​

Presenter Info

Chip Witt, Head of Product Strategy

Chip Witt has nearly twenty years of diverse technology experience, including product management and operations leadership roles at Hewlett Packard Enterprise, Webroot, VMware, Alcatel, and Appthority. He is currently the Head of Product Strategy and manages the Customer Success Program at SpyCloud, which provides cloud-based security services to help businesses of all sizes prevent data breaches and account takeover attacks by alerting when employee or company assets have been compromised. Chip works closely with field intelligence teams specializing in OSINT and HUMINT tradecraft, actor attribution and underground monitoring.

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Webinar: 6 Myths About Account Takeover

WEBINAR

6 Myths About Account Takeover

There are a dizzying array of security solutions flooding the market, each promising unmatched protection from account takeover and impenetrable authentication protocols. When the marketing and sales pitches are stripped out and actual capabilities are examined, we find few live up to their own hype.

Watch the 6 Myths About Account Takeover webinar and learn which popular claims are oversold so you can make informed decisions about your own ATO prevention investment.

In this webinar you will discover:

  • The most common ATO prevention strategies and why they aren’t enough. Hint: Multi-factor authentication, password managers and password rotations don’t stop all ATOs
  • Which product claims should raise red flags

Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data. Learn More

Watch the Webinar:

6 Myths About Account Takeover

Presenter Info

David Endler, President and Co-Founder

David Endler is an entrepreneur that started his career as a computer scientist at the National Security Agency. He then worked for Deloitte performing penetration testing and security product evaluations for Fortune 500 customers.

Catching the startup bug in 2000, he joined iDefense, a security intelligence firm based in Northern Viginia that was later acquired by Verisign. At iDefense, he formed the company’s security research team, launched the first public vulnerability buying market, and was a founding member of the Open Web Application Security Project.

In 2003, David joined TippingPoint, a networking intrusion prevention vendor. He founded their security research team, DVLabs, through which he led TippingPoint’s attack detection and coverage to numerous industry awards. TippingPoint, a public company, was acquired by 3Com in 2005 and later by HP in 2010.

In 2010, David left HP/TippingPoint to start Jumpshot, a startup that developed patented security software for Windows that leveraged gamification for fighting malware. Jumpshot was acquired by Avast Antivirus in 2013, and most recently David served as Director of Product Development at Avast for the last two years.

David is author of “Hacking Exposed: VoIP” and “Hacking Exposed: Unified Communications,” both published by McGraw Hill. He has been a repeat speaker at the RSA Security conference, Black Hat Security Briefings, Infosecurity Europe and featured in many top publications and media programs. David has a B.S. and M.S. in Computer Science from Tulane University.

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

How Easy Is It To Bypass Multi-Factor Authentication Solutions?

WEBINAR

How Easy Is It To Bypass Multi-Factor Authentication Solutions?

Enterprises are trying everything they can to prevent cyber criminals from taking over employee and customer accounts to gain access to data and systems. One security control they believe provides protection is multi-factor authentication (MFA). While MFA does provide an additional layer of security, threat actors have figured out how to bypass it using a few clever tactics.

So how easy is it to get around your multi-factor authentication solutions? Watch this on-demand webinar and learn the most common methods that threat actors are using to bypass MFA so you can implement stronger safeguards to protect your employees and customers from account takeover.

In this webinar you will learn about:

  • The most commonly used MFA bypass techniques
  • How each technique exploits the vulnerabilities of MFA

Solution: Account Takeover Prevention

Reset stolen passwords before criminals can use them to defraud your users or access sensitive corporate data.

Learn More

Watch the Webinar:

How Easy Is It To Bypass Multi-Factor Authentication Solutions?

Presenter Info

Jason Lancaster, Head of Investigations

ason began his career performing pen testing, designing and implementing secure network infrastructures. First as a government contractor and then at a Fortune 500 healthcare company. In 2003, he joined TippingPoint where he held several roles including SE Director. TippingPoint was acquired by 3Com in 2005 and later by HP in 2010.

At HP, Jason ran a cross-functional team as Director with the Office of Advanced Technology. In 2013, Jason co-founded HP Field Intelligence, as part of the Security Research organization, delivering actionable threat intelligence to a wide audience.

Jason spent 15 months at a cloud security start-up CloudPassage prior to joining SpyCloud where he leads the Investigations team.

A few of our happy customers:

Related Resources

The SpyCloud Difference

Current, Relevant, Truly Actionable Data

SpyCloud’s account takeover prevention and fraud investigation solutions are backed by the world’s most current and comprehensive repository of recovered stolen credentials and PII. More data, particularly plaintext passwords, means more matches and stronger account protection.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.