The first half of this year has seen a 43 percent increase in the number of application-layer attacks and a 30 percent increase in volumetric attacks, especially in Europe and the Middle East, according to the latest threat report from NETSCOUT.

The attacks involve a range of threat actors, including hacktivists, targeting critical infrastructure in the banking and financial services, government and utilities sectors.

Continue reading →

A new report from OpenText finds that collaboration and coordination taking place between nation-states and cybercrime rings to target global supply chains and further geopolitical motives has become a signature trend in the threat landscape.

Russia has been seen to collaborate with malware-as-a-service gangs including Killnet, Lokibot, Ponyloader and Amadey, while China has entered into similar relationships with the Storm0558, Red Relay, and Volt Typhoon cybercrime rings, typically to support its geopolitical agenda in the South China Sea.

Continue reading →

It's usually the case that cybersecurity is seen as being all about technology and that humans -- making mistakes and falling for social engineering -- are something of a liability.

But are people really just a problem or can they also be part of the solution? Toney Jennings, CEO of DataStone, believes we need to shift our thinking away from the current paradigm to empowering people as a hidden asset in the protection of their organization. We talked to him to find out more.

Continue reading →

The presence of any data relating to an organization on the dark web demonstrably increases its risk of a cyberattack.

This probably won't come as too much of a surprise but it's confirmed by new research from Searchlight Cyber, the dark web intelligence company, and the Marsh McLennan Cyber Risk Intelligence Center.

Continue reading →

According to a new survey, 84 percent of organizations in the enterprise sector spotted a cyberattack within the last 12 months, compared to only 65 percent in 2023.

The study from Netwrix shows the most common security incidents are phishing, user or admin account compromise, and ransomware or other malware attack.

Continue reading →

A new report on the mobile threat landscape from Lookout reveals a 40.4 percent jump in mobile phishing attempts and malicious web attacks targeting enterprise organizations.

More than 80,000 malicious apps were detected on enterprise mobile devices. These threats can vary widely, from invasive permissions and riskware that pose significant compliance risks to sophisticated spyware capable of tracking devices, stealing data, eavesdropping on conversations and accessing the user' camera and microphone.

Continue reading →

The manufacturing and industrial sectors have seen a dramatic rise in cyberattacks, accounting for 41 percent of cyber incidents in the first half of 2024, an increase of 105 percent.

A new threat intelligence report from Ontinue also highlights a rise in state-sponsored campaigns from China increasingly focused on information control and leveraging zero-day exploits, further complicating attribution and escalating the global threat landscape.

Continue reading →

Third-party browser scripts are the code snippets that organizations put into their websites to run ads, analytics, chatbots, etc -- essentially anything that isn't coded by the organization itself.

Which sounds innocuous enough, but these scripts are increasingly being used as a vector for cyberattacks. We spoke to Simon Wijckmans, CEO of c/side, to understand how these attacks operate and what can be done to defend against them.

Continue reading →

As we've already seen today AI systems are becoming increasingly popular targets for attack.

New research from Snyk and Lakera looks at the risks to AI agents and LLMs from prompt injection attacks.

Continue reading →

Senior executives are prime targets for cybercriminals, with 72 percent of surveyed cybersecurity professionals in the US reporting that this group has been targeted by attacks in the past 18 months.

The study from GetApp also highlights the rising use of AI-generated deepfakes, which have been involved in 27 percent of the attacks.

Continue reading →

The world's critical national infrastructure remains on high alert. The National Cyber Security Centre in the UK and agencies in the US, Australia, Canada and New Zealand have all detailed how threat actors have been exploiting native tools and processes built into computer systems to gain persistent access and avoid detection.

We spoke to Chase Richardson, lead principal for cybersecurity and data privacy at Bridewell to discuss the critical trends and emerging dangers that cyber teams need to continue to watch out for?

Continue reading →

A new study from Appsbroker CTS finds 79 percent of IT and cybersecurity leaders believe that emerging technologies like GenAI will 'change the game', leaving them unprepared.

In addition 90 percent say the risk and severity of cyberattacks has increased over the past year, while 61 percent believe the attack surface is now 'impossible to control'.

Continue reading →

The Olympic Games begin next week in Paris and cybersecurity company WithSecure is warning that they face a greater risk of cyberattack than ever due to the current state of geopolitical uncertainty.

As the world's biggest sporting event, the Olympics draws potential attacks from both criminal and nation-state threat actors, with various objectives and capabilities.

Continue reading →

Recent cyberattacks like Volt Typhoon, BlackCat ransomware syndicate, and NuGet serve as stark reminders of the critical importance of monitoring cyber risks as these attacks could all have been prevented.

We spoke to Randy Watkins, chief technology officer at Critical Start, to discuss why organizations must know the difference between cyber risks and threats, and how those enterprises that fail to mitigate against cyber risk will remain reactive, and ultimately fall behind their competitors.

Continue reading →

Researchers at secure browser company Menlo Security have uncovered three new nation-state campaigns employing highly evasive and adaptive threat (HEAT) attack techniques.

In a 90-day period, the campaigns -- LegalQloud, Eqooqp, and Boomer -- compromised at least 40,000 high-value users, including C-suite executives from major banking institutions, financial powerhouses, insurance giants, legal firms, government agencies, and healthcare providers.

Continue reading →