Articles about Cybercrime

While IT security leaders are concerned about attacks that use malware-exfiltrated authentication data, many still lack the necessary tools to investigate the security and organizational impact of these infections and effectively prevent follow-on attacks.

Research from cybercrime analytics company SpyCloud shows 98 percent of over 300 mid-market and enterprise IT security professionals from the US and UK surveyed say better visibility into at-risk applications would significantly improve their security posture.

Continue reading →

Whoever said 'crime doesn't pay' clearly did so before the advent of the internet. A new report shows that if cybercrime was a country it would be the third largest global economy, valued at $10.5 trillion by 2025. Some 33 billion records are estimated to be stolen in 2023 -- a huge increase of 175 percent from 2018.

The latest Cybercrime Statistics Report from Independent Advisor, shows that last year the cost to US businesses of an average cyberattack amounted to a huge $4.35 million. In addition, 83 percent of organisations got attacked more than once.

Continue reading →

A new report from cloud risk and detection specialist Rapid7 reveals that Japanese businesses have become a significant target for state-sponsored cyberattacks.

This increased vulnerability has been driven by a fragile global economy and increased political and diplomatic tensions. The Japanese automotive industry and financial services sectors are of particular interest to these actors due to their global reach.

Continue reading →

The increasing sophistication of cybercriminals significantly influences the rise in cybercrime, the frequent lack of sufficient cybersecurity measures, and the high profitability of cybercrime. Cybercriminals constantly refine their skills, developing advanced malware and phishing techniques to bypass security protocols. This progress often outpaces many businesses' and individuals' ability to safeguard their digital assets -- as a lack of resources, underestimation of risk, or insufficient awareness often results in inadequate cybersecurity measures. Further fueling this upward trend is the lucrative nature of cybercrime, with offenders able to amass significant profits from stolen money or data, often with a low risk of apprehension due to the anonymity of the internet and digital currencies. 

A recent BlackBerry Global Threat Intelligence Report observed up to 12 attacks per minute from December 2022 to February 2023, and the number of unique attacks using new malware samples skyrocketed by 50 percent -- from one per minute in the previous report to 1.5 per minute during this reporting period. The most common weapons were droppers, downloaders, remote access tools (RATs), and ransomware, with the most significant target being the healthcare industry.

Continue reading →

The construction sector (with an average of 226 incidents annually) is the most targeted by cyber criminals closely followed by transport (167), wholesale trade (138), manufacturing (116) and retailers (105).

A new report from ReliaQuest, based on data from 35,000 incidents affecting its clients, shows the most detected attack technique is the attempted exploitation of exposed remote services, such as virtual private networks (VPNs) and remote desktop protocol (RDP).

Continue reading →

After a decrease of eight percent in cyber extortion (Cy-X) victims in 2022, the data for the first quarter of this year shows the largest volumes to date.

The latest Cy-Xplorer 2023 report from Orange Cyberdefense shows businesses in 96 different countries were impacted by Cy-X in 2022. Since 2020 Orange Cyberdefense has recorded victims in over 70 percent of all countries worldwide.

Continue reading →

A new report uncovers a worrying 25 percent increase in the total number of new vulnerabilities published in 2022.

The latest Vulnerability and Threat Trends Report from the Skybox Security Research Lab shows 25,096 new vulnerabilities published last year, representing the largest year-on-year rise seen since 2017.

Continue reading →

If you were to draw up a list of places you don’t want to experience a sudden and catastrophic shutdown as the result of a cyberattack, chemical manufacturing plants would be pretty high up there. In addition to halting business operations and production, the nightmare scenario of hazardous materials being released into the human population and the surrounding environment is ever-present. 

But such attacks are becoming increasingly common and sophisticated. A 2021 UK government study, for instance, found that attacks on the chemical industry cost £1.3 billion. Over the years, such attacks have targeted an increasingly varied number of players in the industry too. In 2017, for example, attackers were able to gain control of vital safety systems at a petrochemical plant in Saudi Arabia. Drug manufacturers, chemical distributors, and even hazardous waste sites are among the other players in the sector to have been impacted by attacks. In January, meanwhile, hackers launched multiple attacks on Israeli chemical factories. 

Continue reading →

A new report from the Secureworks Counter Threat Unit (CTU) uncovers a thriving market in infostealer logs that serves as a key enabler for some of the most damaging forms of cybercrime such as ransomware attacks.

On the 'Russian Market' site alone, the number of logs for sale increased by 150 percent in less than nine months, from two million on a single day in June 2022 to over five million on a single day in late February 2023.

Continue reading →

The number of deepfake videos online is increasing at an annual rate of 900 percent according to the World Economic Forum.

In the light of this Kaspersky researchers have revealed the top three fraud schemes using deepfakes that people should be aware of.

Continue reading →

The majority of cyberattacks are made possible by some degree of human error. Phishing emails and social engineering continue to dominate as the most common delivery systems for an attack.

We spoke to Mika Aalto, CEO and co-founder at Hoxhunt, about why a human-focused cyber-strategy is the key to success in combating attacks, about the initiatives that organizations can implement to establish this and how he expects human-related cyber-attacks to evolve.

Continue reading →

Analysis of exposed dark web assets from SpyCloud finds that the technology sector has the highest number of malware-infected employees and consumers, the highest number of exposed corporate credentials, and the most exposed malware cookie records.

In the analysis of the darknet exposure of employees of Fortune 1000 enterprises across 21 industry sectors, researchers uncovered 27.48 million pairs of credentials with corporate email addresses and plain text passwords, with over 223,000 exfiltrated by malware.

Continue reading →

Deepfake fraud is on the rise, with 37 percent of organizations experiencing voice fraud and 29 percent falling victim to deepfake videos, according to a survey by identity verification specialist Regula.

Fake biometric artifacts like deepfake voice or video are perceived as real threats by 80 percent of companies, with businesses in the USA most concerned, about 91 percent of organizations considering them to be a growing threat.

Continue reading →

Cybercriminals and fraudsters have long relied on a dark web community to exchange information on vulnerable businesses and individuals as well as trading fraud-as-a-service schemes.

In an effort to turn the tables, Sift is launching a new online community called 'Sifters' to allow its customers to learn from, interact with, and share information with each other, including on any emerging fraud threats they encounter.

Continue reading →

A malware toolkit dubbed 'Decoy Dog' has command-and-control (C2) propagated to a Russian IP and is selectively targeting organizations worldwide -- and going undetected.

The Infoblox Threat Intelligence Group is the first to discover Decoy Dog and the company is collaborating with other companies in the security industry, as well as customers, to identify and disrupt this activity.

Continue reading →