Open Redirects: Low vulnerability with potential severe impact

OWASP Top 10 2013 https://owasp.org/www-pdf-archive/OWASP_Top_10_-_2013.pdf

Phishing as an evolving threat

In 2020, the IC3 received 19,369 Business Email Compromise (BEC)/ Email Account Compromise (EAC) complaints with adjusted losses of over $1.8 billion. BEC/EAC is a sophisticated scam targeting both businesses and individuals performing transfers of funds. The scam is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds

“Ransomware attacks still use email — but not in the way you might think. Ransomware operators often buy access from independent cybercriminal groups who infiltrate major targets and then sell access to the ransomware actors for a slice of the ill-gotten gains. Cybercriminal threat groups already distributing banking malware or other trojans may also become part of a ransomware affiliate network. The result is a robust and lucrative criminal ecosystem in which different individuals and organizations increasingly specialize to the tune of greater profits for all — except, of course, the victim”

Final Thoughts

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store