Cybercrime

A new report from IBM X-Force Threat Intelligence highlights an emerging global identity crisis as cybercriminals double down on exploiting user identities to compromise enterprises worldwide.

The 2024 X-Force Threat Intelligence Index report records a 71 percent spike in cyberattacks caused by exploiting identity as using valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web.

The latest ransomware report from GuidePoint Security shows a decline in activity in January compared to the final quarter of last year, with a drop in the total number of posted victims by 33 percent and 60 percent relative to December and November 2023.

However, this is consistent with the trends of January of 2022 and 2023, both of which also followed heightened Q4 activity from the previous year.

A new report from BlueVoyant looks at the new risks organisations face from outside the traditional IT perimeters.

In particular, cybercriminals are using AI to create more effective phishing campaigns, and employing online adverts to lure victims to malicious websites.

In the wake of the MOVEit vulnerability, which affected an estimated 40 million people around the world, businesses are stepping up their investment in ransomware protection.

A new study carried out by Censuswide for Veeam Software surveyed 100 directors of UK companies with over 500 employees who had suffered a ransomware attack in the past 18 months and finds 24 percent report they are significantly more anxious about ransomware attacks as a direct result of the MOVEit breach.

Adware doubled globally from July through September 2023 compared to the previous quarter, according to the Q3 Threat Report from Avast.

A new strain of mobile adware dubbed 'Invisible Adware' has already gathered over two million downloads in the Google Play Store. These applications display advertisements while the device screen is off, gaining revenue through fake clicks and views. This is not only contributing to ad fraud but can also impact battery life and potentially install dangerous software without the user’s knowledge.

Internet and cyber crimes cause financial loss and have emotional impact for people around the world. Now though a new non-profit organization has been formed to pursue justice for victims of these crimes.

Intelligence for Good aims to make the internet a safer place for everyone, and to ensure that cybercriminals are not only brought to justice but fear the consequences of scamming innocent people.

The threat landscape has evolved a lot over the past few years as cybercriminals become more and more sophisticated. This has forced change within the industry and blurred the lines between the previous separate data protection and security strategies.

We spoke to Jason Gerrard, senior director of international systems engineering at Commvault, to find out more about why this is happening and what it means for the future of the data protection and cybersecurity industries.

It's been another profitable year for the cybercriminal underworld. Once again, headlines have been regularly dominated by serious breaches such as the Royal Mail and Capita, whilst behind the scenes, criminal gangs have raked in huge profits.

The shadow economy of the dark web has continued to thrive and develop as a mirror of the legitimate business world. Threat actors are increasingly well-organized, from highly developed ransomware-as-a-service (RaaS) offerings to extremely lucrative vulnerability trading. Here, we'll delve into the most prominent trends driving the bustling dark web economy -- and how organizations can defend themselves against such threats.

A new report from HP Wolf Security reveals cybercriminal marketplaces offering low-level attackers the tools needed to bypass detection and infect users in the form of so-called 'meal kits'.

These are pre-packaged malware kits which give low-level attackers all the ingredients to evade detection tools, making it easier for them to breach organizations and steal sensitive data.

A new report from GuidePoint Security's Research and Intelligence Team (GRIT) shows a total of 3,385 publicly posted ransomware victims in the first three quarters of this year, claimed by 57 different threat groups, representing an 83 percent year-on-year increase.

Attacks directed against US-based organizations decreased, but there has been a marked increase in attacks impacting other nations. Other countries consistently affected, like the UK, saw an approximate 41 percent increase in attacks in Q3.

Identity management company AU10TIX has released its latest Global Identity Fraud Report, based on insights from millions of transactions processed in 249 countries from April to June 2023.

It finds there has been a 44 percent increase in organized ID fraud in North America compared to preceding quarters. This upsurge is believed to be driven by the ongoing economic recovery and inflationary pressures, particularly in the US market, which are emboldening professional ID fraud syndicates.

A new report from Netskope looks at the activities of cybercriminals based on the techniques and motivators that were most commonly detected among its customers in the first three quarters of 2023.

In news that will come as a surprise to precisely nobody it shows that the highest percentage of cybercriminal activity comes from Russia, while China accounts for most politically-motivated attacks.

Ransomware is being deployed within one day of initial access in more than 50 percent of engagements, according to research from Secureworks Counter Threat Unit.

In the last 12 months the median dwell time identified in the annual Secureworks State of the Threat Report has fallen from 4.5 days to less than one day. In 10 percent of cases, ransomware was even deployed within five hours of initial access.

Artificial intelligence (AI) has been an evolving trend at the very center of cybersecurity in recent years. However, the release of a wave of new tools such as ChatGPT and Microsoft's Jasper chatbot have sparked fresh concerns about the potential for cybercriminals to leverage increasingly sophisticated technologies for nefarious purposes.

We spoke to Zach Fleming, principal architect at Integrity360, to explore whether AI can be used to create sophisticated malware and hacking tools capable of bringing down entire networks. We'll consider which concerns are valid by highlighting the current state of AI, and we'll explore how security teams can best combat the use of AI in cybercrime.

Account takeover (ATO) attacks jumped a massive 354 percent year-on-year in Q2 2023 according to the latest quarterly Digital Trust and Safety Index from Sift.

Analysis across Sift's global network shows the fintech and food and beverage categories experienced especially large increases. ATO spiked 808 percent across fintech, hitting loyalty sites and crypto, and opening the gate to downstream payment fraud, while the food and beverage industry saw a 485 percent increase in ATO.