Cybercrime

There is an acknowledged shortage of security talent in the West, but at the same time a lack of opportunity in many developing nations such as South America and India is leading to fledgling talent utilising its expertise for nefarious acts rather than for legal activity.

But a new approach to threat detection and prevention could help address the skills shortage while giving cybersecurity talent in developing countries the chance to earn an honest wage. We spoke to Steve Bassi, CEO of PolySwarm to find out more.

Levels of attack traffic observed by F-Secure's network of decoy honeypots in 2018 increased by 32 percent over the previous year, and increased fourfold in the latter half of 2018 compared with the first half of the year.

The report suggests that many companies may not have the visibility they need to catch attacks that make it past preventative measures like firewalls and endpoint protection.

Despite the fact that in recent months we've seen cybercriminals focusing their efforts on businesses, 68 percent of infections are seen on consumer endpoints, compared to 32 percent on business endpoints.

This is one of the findings of the latest Webroot Threat Report, which also shows that legitimate websites are frequently compromised to host malicious content, with 40 percent of malicious URLs hosted on good domains.

Thanks to the huge volume of stolen credentials now available online, credential stuffing has become a major issue for the retail industry.

A new report from edge platform specialist Akamai shows that hackers directed credential abuse attempts at retail sites more than 10 billion times from May to December last year.

Social media-enabled cybercrimes are generating at least $3.25 billion in global revenue annually according to a new report.

The study released by virtualization-based security company Bromium and  researched and written by Dr Mike McGuire, senior lecturer in criminology at the University of Surrey, looks at the range of techniques used by cybercriminals to exploit trust and enable rapid infection across social media.

The latest Symantec Annual Threat Report reveals that cybercriminals are continuing to follow the money, but as ransomware and cryptojacking show falling returns they are turning to other techniques.

One of these is formjacking -- essentially virtual ATM skimming -- where cybercriminals inject malicious code into retailers' websites to steal shoppers' payment card details.

While it’s essential that employees consistently avoid taking risks that could lead to a data breach, even top-performing employees don’t necessarily have top-notch cybersecurity knowledge. Thus, organizations are in charge of bridging the cybersecurity skill gap to keep employees from damaging the company’s network by accidentally uploading of a malicious program or sharing confidential documents with the wrong people.

Though it’s easy for IT and leadership teams to put systems in place that defend their network from external threats, well-intentioned internal users can be a hackers easy way in. The only way for organizations to counter this is with education and training.

The average cost of a cyberattack is now estimated at $1.1 million, according to a new report from cybersecurity company Radware. For organizations that calculate rather than estimate the cost of an attack, that number increases to $1.67M.

The main impact of cyberattacks, as reported by respondents, is operational/productivity loss (54 percent), followed by negative customer experience (43 percent). What’s more, almost half (45 percent) report that the goal of the attacks they suffered was service disruption. Another third (35 percent) say the goal was data theft.

Americans are more worried about a cyberattack disrupting the financial and banking system than attacks against hospital/emergency services, voting systems or power grid/energy supply companies.

This is among the findings of a survey by ESET to mark National Critical Infrastructure Security and Resilience Month, which surveyed 1,500 Americans to discover their views on critical infrastructure attacks.

An anti-fraud operation led by the FBI has succeeded in disrupting a scam that has seen cybercriminals using botnets to manipulate internet traffic from 1.7 million IP addresses and generate nearly 30 million dollars in fraudulent ad revenue.

The ad fraud ring, known as '3ve' had been operating for a number of years and built two different botnets by spreading Kovter and Boaxxe malware to individuals through spam emails and drive-by downloads.

The world has a number of less-than-bright criminals, from those who become stuck in their exit route (think vent pipes and the like), to those who get caught through use of a stolen device. Facebook has even led to a few arrests of people who bragged or posted the video evidence online.

Although this story is courtesy of Facebook, one alleged criminal took an interesting approach to outing himself. While the whole situation is sad for the victim, the end is shocking.

After a relatively quiet first half of the year, cyberattacks have come back with a bang in the third quarter according to the latest report from Malwarebytes.

Businesses seem to have become the main focus of attacks, experiencing more cybercriminal activity this quarter, with detections up by 55 percent, while consumer detections increased by only four percent over the last quarter.

While the majority of cyberattacks are aimed at businesses and other organizations, an increasing number are targeting ordinary users, according to the latest report from Positive Technologies.

The most attractive targets were personal data (30 percent) and credentials (22 percent), especially for online banking. To steal this data, attackers compromised a wide range of websites, including web stores, ticket vendors, and hotel booking services.

Industry increasingly relies on automated systems for the control of processes, but a new report from Kaspersky Lab shows that 41.2 percent of industrial control systems (ICS) computers were attacked by malicious software at least once in the first half of this year.

Based on analysis of systems protected by Kaspersky Lab solutions, the data shows that in 2017, the percentage of ICS computers attacked was 36.61 in the first half of the year and 37.75 in the second half.

According to the ESG brief: 2017 Cybersecurity Spending Trends, 45 percent of organizations claim to have a problematic shortage of cybersecurity skills. Another ESG report, The Life and Times of Cybersecurity Professionals, reveals that 27 percent of cybersecurity professionals say that the cybersecurity skills shortage has had a significant impact on their organizations.

Training a capable IT staff to keep their network secure and running amid a growing threat landscape is a business imperative. Here’s a look at what executives need to keep in mind to increase the security posture of their organization through cybersecurity training.