Articles about cyberattacks

A new study from Cohesity finds 70 percent of publicly traded companies have reported adjusting earnings or financial guidance after a cyberattack.

Among the impacts 68 percent say they observed an impact on their stock price, while 73 percent of privately held firms redirected budgets from innovation and growth initiatives.

Continue reading →

A new report from digital trust provider DigiCert highlights an unprecedented surge in distributed denial-of-service (DDoS) attacks that reached ‘internet tsunami’ scale, with two events peaking at 2.4 Tbps (terabits per second) and 3.7 Tbps respectively.

Attack traffic increasingly originates from regions where digital infrastructure is outpacing regulation, with Vietnam, Russia, Colombia, and China ranking among the top five sources.

Continue reading →

Security leaders estimate that, on average, cyber incidents cost their organization $3.7 million, with 46 percent suffering from an outage or disruption to their services as a consequence of attacks.

A new survey from Red Canary of 550 security leaders, from the US, UK, New Zealand, Australia, and the Nordic countries, finds that SOC teams continue to struggle with the challenges of securing cloud environments, identities, and AI technologies amid evolving threats.

Continue reading →

Not quite how The Killers put it, but a new report shows Human workers remain the most consistent point of attack for cybercriminals, with shadow IT and AI-driven social engineering providing attackers with both new tools and new targets.

The 2025 Global Threat Intelligence Report from Mimecast reveals key trends, including the rise of smarter, AI-powered phishing and social engineering cyberattacks, and threat groups increasingly using trusted services to evade detection and reach targets. Mimecast’s analysis finds that phishing accounts for 77 percent of all attacks up from 60 percent in 2024 with attackers likely leveraging more AI tools.

Continue reading →

Many of the recent wave of high-profile cyberattacks can be traced back to the theft of a single set of credentials which have allowed the attacker to access and move within a corporate network.

A new report from Flashpoint looks at the rise of large-scale information-stealing malware campaigns and how ‘infostealer’ malware has been a key enabler, responsible for the theft of over 1.8 billion corporate and personal email accounts, passwords, cookies, and other sensitive data.

Continue reading →

A new survey finds 60 percent of surveyed UK and US cybersecurity leaders now admit that security risks originating from third parties and supply chain partners are ‘innumerable and unmanageable.’

The study from IO (which used to be ISMS online) shows 97 percent of cybersecurity leaders say they’re confident in their breach response, with 61 percent describing themselves as ‘very confident.’ Yet, that confidence contrasts dramatically with 61 percent of leaders who say their organization has suffered a third-party or supply chain attack in the past 12 months.

Continue reading →

Among all of the various forms of cyberattack phishing attempts delivered by email are still one of the most common.

What’s more AI is making these attacks more effective, because you can no longer rely on looking out for dodgy grammar or other signs that a message may not be what it seems.

Continue reading →

New data from BlackFog shows publicly disclosed ransomware attacks continued to set new records in the third quarter of this year, with 270 attacks -- a 36 percent increase compared to the same quarter in 2024 (198 attacks). This also represents a 335 percent increase since Q3 2020, underscoring the continued rise in attacks over the last five years.

Between July and September, publicly disclosed attacks were attributed to 54 ransomware groups. As in Q2, the Qilin ransomware gang was the most active, responsible for 20 incidents during the period. Notably, approximately 40 percent (107) of reported attacks have not yet been attributed to any known ransomware group.

Continue reading →

However good your defenses, cyberattacks can still happen. However, in many cases, the aftermath can be worse than the attack itself, as enterprises struggle to calm nerves and reassure staff, customers, and shareholders.

We spoke with Daniel Tobok, CEO of incident response specialist CYPFER, to discuss how organizations can recover from a cyberattack and why the leadership's response is vital.

Continue reading →

A new report from Cork Protection looks at the security challenges facing small and medium-sized businesses (SMBs), backed up by comment from a range of industry leaders. Challenges include an asymmetric threat landscape, defined by the misuse of artificial intelligence and relentless exploitation of human vulnerabilities.

Among the findings are that AI-powered adversaries are launching automated, sophisticated campaigns at unprecedented scale. Also the financial fallout of a breach now extends far beyond ransom, often resulting in business-ending costs.

Continue reading →

A new global study of over 800 senior IT leaders reveals the concerns of IT leaders as they struggle with the rising complexity of recovery planning to cope with the aftermath of cyberattacks.

The survey from infrastructure specialist 11:11 Systems finds that 82 percent of respondents have experienced at least one significant cyberattack, while 57 percent endured two or more attacks within the past year.

Continue reading →

The Scattered Spider group seems to have switched from high-profile attacks on UK retailers to new campaigns targeting the insurance sector. The group has recently been linked to ransomware incidents affecting US-based Philadelphia Insurance and Erie Insurance, which operates in both the UK and the US.

We spoke to Danny Howett, technical director at global cybersecurity consultancy CyXcel, to discuss why insurance is such an attractive target and some practical steps insurers can take to shore up their defences against increasingly organised cybercriminals.

Continue reading →

A new report from Illumio, based on a survey of over 1,100 IT and cybersecurity decision makers, finds that almost 90 percent of leaders have detected a security incident involving lateral movement within the past 12 months.

Each incident involving lateral movement resulted in a global average of over seven hours of downtime. Alert fatigue, along with limited and fragmented visibility, especially across hybrid environments, are two of the top challenges to detecting lateral movement.

Continue reading →

A new report from AI-powered managed extended detection and response company Ontinue shows a sharp rise in MFA-bypassing identity attacks in the first half of the year.

These attacks are using token replay abuse with roughly 20 percent of live incidents involving adversaries reusing stolen refresh tokens to bypass MFA, even after password resets.

Continue reading →

Phishing has overtaken all other vectors as the leading entry point for ransomware, cited by 35 percent of affected organizations, up sharply from 25 percent in 2024.

This is one of the findings of a new report from SpyCloud which also shows that 85 percent of organizations were affected by ransomware at least once in the past year, with nearly a third (31 percent) reporting six to 10 ransomware events in the last year.

Continue reading →