Cybercrime

As we carry out more and more of our everyday transactions online, so the risk of falling victim to cybercrime increases too.

New research from CybSafe and the National Cybersecurity Alliance shows that 61 percent of respondents worry about becoming cybercrime victims and 38 percent believe personal data theft is unavoidable.

Ransomware remains a formidable threat facing organizations, with 49 active groups impacting more than 1,000 publicly posted victims in the third quarter 2024, according to a new report.

The report from GuidePoint Security's Research and Intelligence Team (GRIT) shows threat actors are increasingly leveraging legitimate services and platforms to deliver targeted phishing messages. While the abuse of trusted notification services is not a new approach to delivering malware, the research team has recently observed novel -- and progressively sophisticated -- delivery techniques.

A new report from dark web intelligence specialist Searchlight Cyber shows a 56 percent increase in the number of active ransomware groups this year compared to the first half of 2023, reflecting a diversification of the ransomware landscape.

LockBit has retained its top position despite the disruption caused by Operation Cronos, though its number of listed victims has fallen compared to H1 2023.

A new report reveals that 98 percent of organizations attacked by bots in the past year have lost revenue as a result.

The latest State of Bot Mitigation Report from Kasada, based on a survey of over 220 US tech professionals, also shows that despite investing heavily in bot defenses, most solutions are proving to be ineffective. Just one in five say that after initial deployment their bot mitigation solution retained effectiveness for more than 12 months.

In today's digital landscape, an organisation's C-suite and senior executives hold the most valuable corporate data and sign-off authorities, representing the highest potential risk over email. Whether it's inbound spear phishing attacks or outbound mistakes resulting in a damaging data breach, the C-suite are vulnerable.

But what do cybercriminals want from these individuals, are breaches always a result of external actors, and what can organisations do to protect their top decision-makers?

In recent years, mobile devices have taken center stage and we've become mobile-first users, where mobile devices are our first choice for how we communicate, navigate, work, bank, take photos, shop and stay informed about the world around us. Our increased reliance on mobile phones is not without its risks.

According to Zimperium's Global Mobile Threat Report 2023, 43 percent of all compromised devices were fully exploited (not jailbroken or rooted), an increase of 187 percent year-over-year, a shocking number.

The frequency of application attacks is rising as cybercriminals continue to prey on the increasing reliance on web, mobile and desktop apps, according to a new report.

Digital.ai's 2024 Application Security Threat Report looks at data about threats identified from monitoring applications under active protection. The likelihood of an app being attacked rose eight percent year-on-year, with gaming apps and financial services apps facing the highest risk of attack at 76 percent and 67 percent respectively.

A new report from Fortinet shows that the second half of 2023 saw attackers increase the speed with which they capitalized on newly publicized vulnerabilities.

Attacks were carried out 43 percent faster than 1H 2023, starting on average 4.76 days after new exploits were publicly disclosed.

A new report shows a 20 percent year-on-year increase in the number of ransomware victims, along with major shifts in the behavioral patterns of ransomware groups.

The Q1 2024 ransomware report, from the GuidePoint Security Research and Intelligence Team (GRIT), finds the number of active ransomware groups more than doubled, increasing 55 percent from 29 distinct groups in Q1 2023 to 45 distinct groups in Q1 2024.

Many enterprises rely on some sort of ERP application for their business operations and decision making. The vast majority of large organizations use ERP applications from leading vendors like SAP and Oracle.

New research from threat data and intelligence leader Flashpoint and ERP cybersecurity and compliance leader Onapsis reveals evidence that SAP business-critical applications are increasingly in the sights of and valuable for cybercriminals.

Members of generation Z -- those born in the mid to late 1990s -- are more susceptible to fraud than other age groups and are also committing it at a higher rate.

The latest Digital Trust and Safety Index, released today by Sift, shows that 33 percent of Gen Z survey respondents know someone who has, or have personally, participated in payment fraud, compared to only 10 percent of Baby Boomers.

Kaspersky's annual spam and phishing report, released today, shows its anti-phishing system thwarted over 709 million attempts to access phishing and scam websites in 2023 -- a 40 percent increase over 2022.

There's also been a surge in attacks spread via messaging platforms, including 62,127 phishing attempts on Telegram -- a 22 percent increase from the year before. AI platforms, social media services, and cryptocurrency exchanges are the other most-exploited channels.

A new report from IBM X-Force Threat Intelligence highlights an emerging global identity crisis as cybercriminals double down on exploiting user identities to compromise enterprises worldwide.

The 2024 X-Force Threat Intelligence Index report records a 71 percent spike in cyberattacks caused by exploiting identity as using valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web.

The latest ransomware report from GuidePoint Security shows a decline in activity in January compared to the final quarter of last year, with a drop in the total number of posted victims by 33 percent and 60 percent relative to December and November 2023.

However, this is consistent with the trends of January of 2022 and 2023, both of which also followed heightened Q4 activity from the previous year.

A new report from BlueVoyant looks at the new risks organisations face from outside the traditional IT perimeters.

In particular, cybercriminals are using AI to create more effective phishing campaigns, and employing online adverts to lure victims to malicious websites.