Don't fall for this one simple trick...
04/04/25 11:18

One of the common TTPs used by fraudsters targeting a particular company is to create domains that look very similar to a legitimate domain owned by one of your suppliers, and send you fake or manipulated invoices.
Typically, these domains are made on the fly when the attacker spots an opportunity, and can be hard to spot to the casual observer. One trick is to substitute charaters in the domain name, e.g. rn for m or 1 for l.
Often they will make domains for both parties so that they can sit in the middle of an email exchange between parties.
Yes, there are many ways to identify and combat this, but most companies don't, and many, many companies fall for this trick.
This kind of attack is a double whammy, where both legitimate parties lose. The customer loses by still being liable for the original invoice, and the supplier will lose if the customer fails to pay or is late in paying the original invoice, then there is the loss of trust between the parties, and the cost of both parties investigating and remediating the issue.
We help you with a layered approach to this (and many other) technique, but one the most effective defences in our experience, is to block new domains from sending you email.
How does the attacker know when to implement this kind of attack? Usually one of the parties has suffered a Business Email Compromise (BEC) where the attacker is already inside the mail system - we also help to prevent this from happening.
Prevention is ALWAYS cheaper than investigation and remediation (we know, because we do both).
Our email security suite ( https://lnkd.in/dRR9RMYe ) works seamlessly with self hosted, M365, and Google Workspace to help prevent this, and many, many more attacks on your business.
Do it once, Do it right
28/03/25 13:58

Like most things, in IT, CyberSecurity, and Web development, you get what you pay for.
If you take the lowest cost option, it will often cost more for those services in the long term (vendor keeps coming back asking for more money because they underestimated the amount of effort), assuming nothing goes tragically wrong…
What could go wrong?
A lot can go wrong - on the low end of the spectrum, the service that you paid for either doesn't work, or works poorly. Worst case scenario, you & your dog are in your car under a bridge.
Buy once, cry once.
We have seen customers that have gone with the cheap (or no) option, and have either been compromised, usually losing money, future business, and reputation, just for them to have to get someone to clean up the mess caused by the original vendor, which is usually expensive, or just start over fresh.
If your business is compromised, then the cost for remediation alone is around 10-20 years worth of protection, and that doesn't include the financial losses related to the compromise, or the lost business due to reputational damage.
So should I just buy the most expensive option?
No. Buy the option that works best for you. Just like you shouldn't buy a car from some brand that has only been in existence for 5 minutes, and will probably disappear in the next year, you probably don't need to buy a Bugatti. Look for the Toyota option. They're certainly not the cheapest, certainly not the most expensive, they aren't fancy, but they're reliable, and they have great after sales parts availability. (You can still buy genuine parts from Toyota for a 1960s vintage Landcruiser FJ40 series).
When you depend on something for your business' survival, it's not a matter of which vehicle you will choose, but which LandCruiser will you choose?
Better Business Growth through Security
27/02/25 13:24

It's great seeing our customers grow.
We can see that growth through metadata. What we can also see through that metadata is how many malicious messages (phishing, malware, etc) we block from ever reaching their mailboxes, and how many impersonation attacks are attempted targeting their customers with the likes of fake invoices. This is how we help them to grow their business, by helping them to reduce their losses through fraud & extortion, allowing them to hire additional staff.
If you want to grow your business too, contact us at cyberwarden.io/contact
Why SMS OTPs are terrible, and Passkeys are great
21/02/25 12:46
Multi-Factor Authentication (MFA) is an absolute necessity in the modern world. Passwords just aren't enough, mainly due to breaches, stealers, and easily guessed passwords.
MFA is usually one of a few types:
Each type has its' own merits, for example, SMS and email are fairly ubiquitous and don't require any specific software. App based methods like HOTP & TOTP have the advantage that they phone hosting the app can be offline. Push based methods can be super convenient with just a simple yes/no answer, or a short numeric code to confirm. Certificate based methods in the modern world like Passkeys. Passkeys aren't necessarily MFA (as they can totally replace passwords), but are functionally similar to MFA, and are often referred to as "phishing resistant" because it's not something that someone can pass on over the phone or easily trick you into using.
You can read more about Passkeys at https://blog.google/inside-google/googlers/ask-a-techspert/how-passkeys-work/
In terms of security, I'd rank the methods as below (1 = best, 6 = worst):
While having some form of MFA is always better than no MFA, in reality SMS and Email OTPs should be considered to be insecure, in that they can be intercepted without huge effort or expense. Watch this video on how SMS and voice can be intercepted via SS7 https://www.youtube.com/watch?v=wVyu7NB7W6Y . Of course, SMS are also commonly intercepted by SIM swap attacks. Emails are even easier to intercept via a variety of methods. Another disadvantage of Email & SMS OTPs is that they can be delayed or blocked in transit, making these methods frustrating to use.
Yes/No based push authentication can be subject to timed attacks, such as attempting to login to a service at roughly the same time as the real user (such as at the start of the work day when a user is logging into their systems, and they really aren't paying too much attention), hence the move to the code based push method.
Some TOTP/HOTP systems don't have any limits on retries, so a brute-force approach can work on those (this has been demonstrated recently).
For the above reasons, we don't recommend the use of methods 3-6 unless there is no other option. If you're forced to use one of these, then app based HOTP/TOTP is the best choice.
So What Should I Use?
Our recommendation is to move to Passkeys wherever possible, and if these aren't possible, use the next best method.
MFA is usually one of a few types:
- SMS OTP
- Email OTP
- Application based HOTP/TOTP codes that change automatically
- Push based via an app
- Passkeys
Each type has its' own merits, for example, SMS and email are fairly ubiquitous and don't require any specific software. App based methods like HOTP & TOTP have the advantage that they phone hosting the app can be offline. Push based methods can be super convenient with just a simple yes/no answer, or a short numeric code to confirm. Certificate based methods in the modern world like Passkeys. Passkeys aren't necessarily MFA (as they can totally replace passwords), but are functionally similar to MFA, and are often referred to as "phishing resistant" because it's not something that someone can pass on over the phone or easily trick you into using.
You can read more about Passkeys at https://blog.google/inside-google/googlers/ask-a-techspert/how-passkeys-work/
In terms of security, I'd rank the methods as below (1 = best, 6 = worst):
- Passkeys
- Push based with a simple code
- Application based HOTP/TOTP
- Push based (Yes/No)
- SMS OTP
- Email OTP
While having some form of MFA is always better than no MFA, in reality SMS and Email OTPs should be considered to be insecure, in that they can be intercepted without huge effort or expense. Watch this video on how SMS and voice can be intercepted via SS7 https://www.youtube.com/watch?v=wVyu7NB7W6Y . Of course, SMS are also commonly intercepted by SIM swap attacks. Emails are even easier to intercept via a variety of methods. Another disadvantage of Email & SMS OTPs is that they can be delayed or blocked in transit, making these methods frustrating to use.
Yes/No based push authentication can be subject to timed attacks, such as attempting to login to a service at roughly the same time as the real user (such as at the start of the work day when a user is logging into their systems, and they really aren't paying too much attention), hence the move to the code based push method.
Some TOTP/HOTP systems don't have any limits on retries, so a brute-force approach can work on those (this has been demonstrated recently).
For the above reasons, we don't recommend the use of methods 3-6 unless there is no other option. If you're forced to use one of these, then app based HOTP/TOTP is the best choice.
So What Should I Use?
Our recommendation is to move to Passkeys wherever possible, and if these aren't possible, use the next best method.
U.K. orders Apple to let it spy on users’ encrypted accounts
09/02/25 02:56
Secret back-doors never remain secret, and they are often exploited by threat actors. just look at the recent issues with Chinese state actors utilizing the secret backdoors in the US telecoms networks.
https://archive.is/EzboV
If Apple is being asked to do this, then so will all other major cloud storage vendors.
Of major concern is that many authenicator apps store their data in a user's Onedrive/G-Drive/iCloud account (as do many password managers).
If these accounts are compromised by adversaries (including nation states, competitors, and general ne'er do wells) then the implications are significant.
https://archive.is/EzboV
If Apple is being asked to do this, then so will all other major cloud storage vendors.
Of major concern is that many authenicator apps store their data in a user's Onedrive/G-Drive/iCloud account (as do many password managers).
If these accounts are compromised by adversaries (including nation states, competitors, and general ne'er do wells) then the implications are significant.