Global Cyber Alliance – Page 2

Tax prep tools lag in DMARC implementation, advocacy group says

Posted on March 20, 2018 by Zaid Shoorbajee

With tax season underway, a cybersecurity advocacy group is warning that vendors of popular tax preparation tools may be unprepared to protect users from phishing scams. Four out of the eight most popular tax preparation software products don’t employ basic protections against email spoofing, according to testing by the cybersecurity nonprofit Global Cyber Alliance. GCA tested the domains of the popular programs to check what settings they employ under the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol. DMARC is an industry standard designed to detect and prevent email spoofing. GCA’s findings, released last week, are as follows: Reject: Liberty Tax Quarantine: Credit Karma, Jackson Hewitt and Tax Slayer None: Free Tax USA and Turbo Tax No policy: H&R Block and TaxAct DMARC has three levels of protection against emails that try to hijack a particular domain. If an organization employs the “reject” policy — the highest setting — a spoofed […]

The post Tax prep tools lag in DMARC implementation, advocacy group says appeared first on Cyberscoop.

Continue reading Tax prep tools lag in DMARC implementation, advocacy group says→

Free DNS service from internet nonprofits makes security ‘as simple as humanly possible’

Posted on November 16, 2017 by Shaun Waterman

A free DNS service from nonprofits Global Cyber Alliance and Packet Clearing House launched Thursday will block users and devices from visiting known malicious websites, acting as an “immune system” for internet-connected devices. The new Quad9 Domain Name System (DNS) filtering service is aimed at individual users, micro-enterprises and small businesses, but will be useful for any enterprise that doesn’t have a dedicated IT team, the alliance’s Executive Director for the UK and Europe Andy Bates, explained to CyberScoop. “We’ve made it as simple as humanly possible,” he said. Using threat intelligence feeds from IBM’s X-Force security service and 18 other partner organizations, Quad9 compiles a constantly updated blacklist of known bad websites — ones that contaminate visitors with malware or are used to control infected computers. If a user clicks on a link, for instance in a phishing email, Quad9 will block the move. The 18 other partner companies include Abuse.ch, the Anti-Phishing […]

The post Free DNS service from internet nonprofits makes security ‘as simple as humanly possible’ appeared first on Cyberscoop.

Continue reading Free DNS service from internet nonprofits makes security ‘as simple as humanly possible’→

Feds upping their email security game in wake of DHS order

Posted on November 8, 2017 by Shaun Waterman

The number of federal agencies employing a security protocol that stops email spoofing has more than doubled since the Department of Homeland Security instituted a binding government-wide policy last month. The number of .gov domains employing Domain-based Message Authentication, Reporting and Conformance (DMARC) has risen from 156 on Oct. 1 to 344 on Nov. 6, according to figures compiled this week by the nonprofit Global Cyber Alliance. Nearly a thousand federal domains still don’t have it deployed at all, despite the Binding Operational Directive DHS issued Oct. 16. DMARC is the industry standard measure to prevent email spoofing — when hackers make their messages appear as if they come from trusted correspondents. It’s thereby a powerful weapon against phishing — when hackers try to steal passwords or implant malware by getting victims to click links or open malicious attachments in spoofed emails. But DMARC, once deployed, has to be switched on, explained GCA’s Director of Operations […]

The post Feds upping their email security game in wake of DHS order appeared first on Cyberscoop.

Continue reading Feds upping their email security game in wake of DHS order→

DHS orders feds to adopt DMARC email security

Posted on October 16, 2017 by Shaun Waterman

The Department of Homeland Security is using new powers to order federal agencies to adopt a form of email security that guards against spam and phishing. A DHS Binding Operational Directive announced Monday in New York City by Assistant Secretary for Cybersecurity and Communications Jeanette Manfra gives federal agencies 90 days to implement Domain-based Message Authentication, Reporting and Conformance (DMARC) for their email systems. “It’s a real sign that DHS and the federal government are stepping up and leading by example,” said Phil Reitinger, CEO of the Global Cyber Alliance — a non-profit that advocates for internet security. DMARC is the industry standard measure to prevent hackers from spoofing emails — making their messages appear as if they’re sent by someone else. Spoofing is the basis of phishing, a hacking technique used in both crime and espionage, in which an email appearing to a come from a trusted friend or company provides an infected attachment or directs readers to a website where login and […]

The post DHS orders feds to adopt DMARC email security appeared first on Cyberscoop.

Continue reading DHS orders feds to adopt DMARC email security→

Chinese providers fueling growth of DMARC email security standard

Posted on October 10, 2017 by Shaun Waterman

More than three-quarters of the world’s email inboxes are secured against spammers and scammers with DMARC — a set of technical protocols designed to prevent the spoofing of email addresses, according to figures released Tuesday. That’s a big rise from fewer than two-thirds in 2015 — growth driven in large part by the adoption of DMARC by Chinese email and internet providers, according to Dylan Tweney, head of communications at ValiMail, which compiled the figures. “More than 2 billion more inboxes are protected by DMARC” than in 2015, he told CyberScoop, adding “maybe a half to two-thirds” of that growth was down to adoption by large Chinese providers, including NetEase and Tencent. “We are approaching a tipping point for … herd immunity” from phishing and spam, Tweney said, borrowing a concept from immunology. “The more recipients implement DMARC, the more valuable it becomes for senders to adopt.” DMARC, or Domain-based Message Authentication, Reporting and Conformance, is a […]

The post Chinese providers fueling growth of DMARC email security standard appeared first on Cyberscoop.

Continue reading Chinese providers fueling growth of DMARC email security standard→

DHS will scan agencies for DMARC, other hygiene measures

Posted on August 25, 2017 by Shaun Waterman

The Department of Homeland Security is now collecting data about federal agencies’ use of an industry-standard cybersecurity measure that blocks forged emails. The collection is seen as a first step to encouraging wider adoption within the U.S. government, according to official correspondence. In a letter to Sen. Ron Wyden, D-Ore., DHS official Christopher Krebs says the department, “is actively assessing the state of email security and authentication technologies … across the federal government,” to include Domain-based Message Authentication, Reporting and Conformance (DMARC). DMARC is the industry standard measure to prevent hackers from spoofing emails — making their messages appear as if they’re sent by someone else. Spoofing is the basis of phishing, a major form of both crime and espionage, in which an email appearing to a come from a trusted third party directs readers to a website where login and password credentials can be stolen. Krebs says DHS’s 24-hour cyber watch center, […]

The post DHS will scan agencies for DMARC, other hygiene measures appeared first on Cyberscoop.

Continue reading DHS will scan agencies for DMARC, other hygiene measures→

DMARC use continues to climb inside federal government

Posted on August 1, 2017 by Shaun Waterman

The number of federal government departments and agencies deploying the highest level anti-spoofing and anti-phishing email security has nearly doubled since the end of May, new figures show. A total of 135 federal email domains had some form of the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol deployed Aug. 1, according to the non-profit Global Cyber Alliance. That’s only six more than the 129 who had some deployment May 26 — but of those 135, 60 had the protocol set to p=reject, the highest level of deployment. That compares to just 32 who had the protocol fully deployed in May. DMARC helps prevent phishing and other email spoofing attacks, when a message is made to look as if it comes from a company or government agency. The IRS, for instance, is a frequent target of phishers, who prefer to impersonate banks or other email senders who might have a financial relationship with potential victims. At […]

The post DMARC use continues to climb inside federal government appeared first on Cyberscoop.

Continue reading DMARC use continues to climb inside federal government→

Cybersecurity vendors lag badly on DMARC email security, survey shows

Posted on July 26, 2017 by Shaun Waterman

Only 1 in 4 of the cybersecurity companies exhibiting at the celebrated Black Hat conference this week have implemented a set of best practices to prevent email spoofing and phishing, according to figures from the nonprofit Global Cyber Alliance. In a release Wednesday, GCA said that 73 percent of the 268 exhibitors had not deployed Domain-based Message Authentication, Reporting and Conformance, or DMARC — a set of email protocols that prevents spammers, phishers and other cybercriminals from using an organization’s name and email domain to conduct hacking attacks. Of the 72 exhibitors using DMARC, only six — just 2 percent — have fully deployed it so that it stops spoofed email from being delivered. Lower level implementations of DMARC warn an organization that their email domain is being spoofed — and can help spoofed mail get blocked by spam filers — but don’t prevent it from being delivered. “A lot of [security vendors] clearly are […]

The post Cybersecurity vendors lag badly on DMARC email security, survey shows appeared first on Cyberscoop.

Continue reading Cybersecurity vendors lag badly on DMARC email security, survey shows→

Few U.S. hospitals secure their email against phishing, Global Cyber Alliance says

Posted on June 15, 2017 by Shaun Waterman

Fewer than one-third of the largest 98 public and private hospitals in the United States secure their email against phishing and spamming, according to data released Thursday. The Global Cyber Alliance said that of the 50 largest public hospitals, only six employed Domain-based Message Authentication, Reporting and Conformance, or DMARC — an email authentication policy and reporting protocol developed a decade ago, originally by PayPal. Of the 48 biggest for-profit hospitals, only 22 used DMARC. The figures led GCA to describe U.S. health care providers’ email security as being in “critical condition.” The alliance also notes that, according to the latest Verizon Data Breach Investigative Report, 66 percent of malware installed on healthcare providers’ IT networks was delivered via email attachment — something normally done using a spoofed email address. DMARC helps prevent phishing and other email spoofing attacks, when an email is made to look as if it comes from a company, […]

The post Few U.S. hospitals secure their email against phishing, Global Cyber Alliance says appeared first on Cyberscoop.

Continue reading Few U.S. hospitals secure their email against phishing, Global Cyber Alliance says→