Articles about cyberattack

Hot on the heels of a report showing that 40 percent of business emails have unwelcome content, comes another report revealing that email is now the top way of delivering cyberattacks.

The report from Tessian shows that 94 percent of organizations experienced a spear phishing or impersonation attack, and 92 percent suffered ransomware attacks over email this year.

Continue reading →

Financial fraud email attacks are increasing year-on-year at 73 percent, with 44 percent of these representing sophisticated, targeted attacks such as wire, invoice, or vendor fraud, according to a new report from Armorblox.

The research has uncovered two vendor fraud attacks targeting approximately 4,000 inboxes each. In these the attackers used 'Look-alike Domain' attack techniques to bypass Microsoft Office 365 email security and impersonate trusted vendors with emails that looked like legitimate requests for payments.

Continue reading →

Critical infrastructure is a prime target for cybercriminals and nation state actors. It often operates on legacy operational technologies (OT) which have vulnerabilities that can't be fixed easily or directly. 

We spoke to John Moran, technical director, business development at Tufin, to discuss how organizations can protect themselves. John is a former incident response consultant and is a cybercrime forensics expert.

Continue reading →

A new report analyzing billions of link-based URLs, attachments and natural language messages in email, mobile and browser channels over six months in 2022, finds more than 255 million phishing attacks -- a 61 percent increase compared to 2021.

The study from messaging security company SlashNext shows earlier security strategies, including secure email gateways, firewalls, and proxy servers are no longer stopping threats, as bad actors increasingly launch these attacks from trusted services and business and personal messaging apps.

Continue reading →

Cyberattacks can cause significant harm to businesses, not least financial losses. According to recent findings from the Atlas VPN team, 37 percent of companies lose over $100,000 per cyberattack on average.

Some lose even more, with 22 percent of companies suffering significant losses ranging from $100,000 up to $499,999. Cybercriminals stole even more money, between $500,000 and $999,999, from 11 percent of businesses. Lastly, four percent of companies claim to have lost over $1 million after a successful cyberattack. A worrying two percent of businesses say they don't know their actual losses.

Continue reading →

A new study of 3,000 individuals across the US, UK and Canada finds that although 58 percent of tech users that had access to cybersecurity training or education say they are better at recognizing phishing messages and related attacks, 34 percent still fell victim to at least one type of cybercrime.

The research from The National Cybersecurity Alliance and CybSafe shows that of more than 1,700 incidents of cybercrime that were disclosed by participants, 36 percent were phishing attacks that led to a loss of money or data, while 24 percent report falling victim to identity theft.

Continue reading →

According to a new report from Sysdig, the unified container and cloud security company, it costs $430,000 in cloud bills for an attacker to generate $8,100 in cryptocurrency revenue. This works out at a $53 cost to the victim for every $1 the cryptojacker makes.

The report takes an extensive look at TeamTNT, a notorious cloud-targeting threat actor that generates the majority of its criminal profits through cryptojacking. TeamTNT is best known for its crypto‐jacking worm activity, which began in 2019, exploiting vulnerable instances of popular key‐value store Redis.

Continue reading →

Fintech firm Revolut has been hit by a cyberattack that resulted in personal data of tens of thousands of users being exposed.

Described as a "highly targeted" attack -- although it is not clear who was targeted or why -- the security incident took place on the night of September 11. The attack gave an unauthorized third-party access to a range of data including postal and email addresses, account information, and phone numbers.

Continue reading →

Last month, LastPass suffered a cyberattack and the company shared some details about what had happened shortly afterwards. Now, having conducted further investigations, more information has been revealed including the fact that the attacker had access to the LastPass development environment for four days.

The company concedes that it is not clear how the attacker was able to gain access but says: "the threat actor utilized their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication". LastPass has also revealed the impact of the four-day security incident in the name of providing "transparency and peace-of-mind to [its] consumer and business communities".

Continue reading →

DDoS attacks made up 25 percent of the cyber incidents submitted to the UK's Financial Conduct Authority in the first half of 2022, compared to just four percent in 2021.

Analysis by attack simulation specialist Picus Security of information obtained from the FCA under a freedom of information request shows the rise also coincides with a reported increase in DDoS for hire websites and ransomware operators using DDoS as a tactic to pressure and extort money from targets.

Continue reading →

A new study reveals that 47 percent of educational institutions have suffered a cyberattack on their cloud infrastructure within the last 12 months.

The research from Netwrix shows that for 27 percent of these incidents in the cloud were associated with unplanned expenses being incurred to fix security gaps.

Continue reading →

New data unveiled by the Atlas VPN team shows that cloud servers are now the number one way in for cyberattacks on businesses, with 41 percent of companies reporting them as the first point of entry.

The data, based on the Cyber Readiness Report 2022 by insurer Hiscox, also shows a 10 percent increase in cloud server attacks over the year before.

Continue reading →

Over the past couple of years, there have been a growing number of cyber attacks on critical infrastructure around the world. Most recently, Estonia was subjected to its most extensive cyberattack since 2007, apparently in retaliation to the country removing Soviet-era monuments from public places. Earlier this year, Costa Rica had to declare a state of emergency after a Russian-speaking ransomware gang threatened to overthrow the government in the wake of two cyberattacks. In July last year, South Africa’s ports were almost totally shut down after a ransomware attack.

While these attacks are of varying severity -- Estonia experienced minimal disruptions to critical websites while Costa Rican health officials were unable to access critical healthcare records and tax systems were frozen for weeks -- they show that cybercrime is no longer just about obtaining data. Instead, cybercrime is being used against real-world infrastructure and with very real consequences.

Continue reading →

A new report from Barracuda finds the volume of ransomware threats detected spiked between January and June of this year to more than 1.2 million per month.

Researchers have also seen a spike in the number of service providers that have been hit with a ransomware attack. The main targets, however, are still five key industries: education, municipalities, healthcare, infrastructure, and financial.

Continue reading →

New research from Venafi into the rise of nation-state cyberattacks and their links to geopolitics has revealed that two-thirds (64 percent) of security decision-makers suspect that their organization has been directly targeted or impacted by a nation state attack.

In addition, 77 percent believe we're in a perpetual state of cyberwar, while 66 percent of companies say they have changed their security strategy as a direct response to the war in Ukraine.

Continue reading →