Business email compromise and account takeover attacks haven't faded; they've just morphed. Wes Dobry of Agari discusses the new wave of these attacks and how organizations can do a better job of detecting and responding to them.
"We've started to see significant trending away from the old style of attacks that leverage identity deception in a static form in things like direct domain spoofing," says Dobry, principal security analyst at Agari. "Where we are seeing the trend nowadays is more toward display name impersonation, where they are taking legitimate email addresses from legitimate email services and domains," then bypassing security controls and using social engineering techniques to ensnare victims.
In an interview about this new wave of attacks; Dobry discusses:
- Characteristics of the new attacks;
- Why existing solutions often miss the threats;
- How Agari helps customers improve detection and response.
With more than 15 years of experience securing networks, infrastructure and services, Dobry continues to assist companies with rebuilding the trust in email and ensuring their name and brands are protected from those with malicious intent. At Agari, he provides technical solutions to solve problems, such as identifying and preventing advanced phishing attacks. Previously, Dobry managed teams implementing technologies designed and focused on securing and maintaining the enterprise computing environments.