Any event that makes the front page of a news outlet will be used as a phishing lure.

Any “threat intelligence” that alerts you to this is next to useless.

@mttaggart I mean, the news what I consume isn't necessarily the same as what you get to read.

@mttaggart this is part of why one of my favorite network controls is outbound web proxies that squash not just malicious, but uncategorized and new domains.

Makes it much harder for some of those attacks to succeed

@TindrasGrove This industry would be wholly transformed by a culture of restrictive outbound traffic.

@mttaggart <insert rant about “it’s not the user’s fault if you failed to filter outbound traffic” here>

@sassdawe Yes. I’m not sure how that counters the point though.

@mttaggart I don't read local news, and also nothing about the industry I just started working in recently. So nothing from the front pages reach me in my bubble. Which means threat intelligence with this content is going to be valuable to me.

@sassdawe @mttaggart Do you consider yourself a typical TI customer though? (honest question)

@buherator @mttaggart would someone not having enough time to read the general news and needing a summary prepared for them about the potential threats be considered a tipical TI report customer?

I just hope that they write it in English instead of the local German which I can't read.

@sassdawe I think this is more of a use-case for a newsletter like RiskyBiz.

For TI I'd expect something actionable, "phishers gonna phish" isn't that. @mttaggart