CASE STUDY: How do hackers monetize a phishing expedition?
One of cybersecurity superstar is Brian Krebs, who talked of the Sizmek Inc. [NASDAQ: SZMK] security breach (read the Krebs article here). If you wonder how hackers got into the guts of Sizmek, note they do NOT have DMARC email spoofing/phishing enforcement (Duh). So how do the hackers monetize getting into the guts of this online advertising firm and how do they make money? As Krebs writes:
So you can run digital ads in 70 countries, connecting 20,000 advertisers and 3,600 agencies.You have the ability to "modify ads and analytics for a number of big-name advertisers."“You can add new users to the ad system, edit existing ones and ad offers,” the seller wrote. The starting bid was $800.Some of the companies shown in the screenshot of the panel shared by the dark web seller include PR firm Fleishman-Hillard, media giants Fox Broadcasting, Gannett, and Hearst Digital, as well as Kohler, and Pandora.
You're not protected from email spoofing? You can explain to your CISO at his exit interview that this is Charles Darwin at work, "thinning the herd." Adios, schmuck!
Mad Max
Comments
Post a Comment
Leave your comment. The moderator will turn down no well-thought-out observations. We WILL turn down product plugs that are off target.