Articles about Cybercrime

As businesses get bigger they begin to gain extra layers of management and start to behave in different ways. A new report from Trend Micro reveals that the same is true for cybercrime groups.

A typical large cybercrime organization allocates 80 percent of its operating expenses to wages, with the figure similarly high (78 percent) for smaller criminal organizations, according to the report.

Continue reading →

As news of Silicon Valley Bank’s (SVB) collapse continues to dominate the headlines, cybercriminals are running phishing campaigns impersonating SVB and other financial institutions, including M-F-A and Bloomberg.

Responding quickly to the 24-hour news cycle, cybercriminals aim to leverage their victims’ potential distress over their financial situation to make them more susceptible to this type of attack.

Continue reading →

According to a new report, 17 percent of consumers have encountered online offers to commit payment fraud, a symptom of fraud's increasing accessibility and democratization among everyday internet users.

What's more the study from Sift shows 16 percent of consumers admit to having committed, or knowing of someone who has taken part in, payment fraud.

Continue reading →

The Lockbit ransomware group claimed 129 victims in February, more than double the 50 that was reported in January.

The latest ransomware report from GuidePoint Security shows that another RaaS group, AlphV, also significantly increased its reported monthly victim count from 20 to 31.

Continue reading →

Cybercrime actors are shifting away from ransomware to new, innovative techniques, according to the latest CrowdStrike Global Threat Report released today.

The report shows 71 percent of attacks detected in the last year were malware-free (up from 62 percent in 2021) and interactive intrusions (hands on keyboard activity) increased 50 percent in 2022. This shows how sophisticated human adversaries are increasingly looking to evade antivirus protection and outsmart machine-only defenses.

Continue reading →

Given we've all been told that it's inevitable that we'll get hacked, or at the least we need to assume that we will, what does this mean for businesses? It's clear that investment in cyber security measures isn't slowing down the attacks, and in 2023 it feels like there's been a significant increase in reported cyberattacks already. And we've only just hit February!

It would also appear that cyber attacks are becoming more sophisticated and technologically advanced. Fundamentally, you can't prevent a member of your team from clicking a phishing link, and the attack surface remains expanded due to the current hybrid working arrangements in place at most companies. So, if we are being told to expect an attack, does this shift the emphasis from prevention and defense, onto preparation and response? How would you recover your business?

Continue reading →

Phishing emails usually try to trick the user into opening an attachment or visiting a website. Often this is by instilling a sense of urgency -- telling you your account is about to expire, for example.

Researchers at NordVPN have uncovered a new tactic involving email birthday cards. After all, if it's your birthday and you've opened several eCards already you're not going to think there's anything phishy about another one.

Continue reading →

Phishing volumes increased 36 percent, with 278.3M unique phishing emails in the fourth quarter of 2022, while malware volumes increased 12 percent QoQ, accounting for 58.9M emails, in the same period.

The latest Phishing and Malware Report from Vade shows the company detected 278.3 million unique phishing emails in Q4, surpassing the previous quarter’s total by 74.4 million. December saw the biggest jump in phishing emails, up 260 percent, as threat actors tried to cash in on the holiday period, this echoes a similar pattern at the end of 2021.

Continue reading →

Since Microsoft began the default blocking of macros in documents sent over the internet there's been an increase in the use of HTML files to deliver malware.

Research by Trustwave Spiderlabs reveals a rise in so called 'HTML smuggling' using HTML5 attributes that can work offline by storing a binary in an immutable blob of data within JavaScript code. The embedded payload then gets decoded into a file object when opened via a web browser.

Continue reading →

With cybercrime continuing to pose a major threat around the globe, businesses everywhere are increasing their spending on both information security solutions and regular security testing to find vulnerabilities before criminals can exploit them. However, with the latest research showing over 40 percent of cyberattacks last year were in fact zero-day exploits that took advantage of vulnerabilities missed by traditional pen testing, it’s clear that more still needs to be done.

For this reason, a growing number of organizations are turning to so-called 'ethical hackers' or grey hats, who use their skills to find the vulnerabilities that traditional penetration testing organizations can’t. However, while the services on offer can be incredibly effective, the idea of hacking still tends to carry (mostly) negative connotations, which often leaves businesses unsure about finding an ethical hacking service they can trust. For those that wish to explore the idea of ethical hacking further, below are a number of best practice guidelines for doing so:

Continue reading →

Cybercriminals don't need to be clever and use inventive hacking exploits to breach systems as organizations are making things too easy for them, says a new report.

Intelligence-led computer security testing company SE Labs has released its annual Cyber Threat Intelligence report with a warning that CEOs need to take cybersecurity seriously or risk falling into the clutches of criminals eager to take their data and their money.

Continue reading →

New research from cybersecurity company Naoris Protocol finds 48 percent of people surveyed think criminals who break into computer networks with malicious intent should be paid a percentage of the funds they steal and face no prosecution if they return the majority of their spoils.

The survey of over 500 people working in the cybersecurity and web arenas found just 38 percent saying they disagreed with not prosecuting malicious hackers, while 13 percent were unsure.

Continue reading →

Historically, government organizations have faced fewer attacks than their peers in other industries, particularly education and healthcare. But state and local governments have become a popular target for bad actors over the last two years -- nearly half of all ransomware in 2020 targeted municipalities. And in 2021, almost 60 percent of state and local governments faced a ransomware attack, up from just one-third of government organizations the year before.

The trend toward more frequent government ransomware attacks is concerning for several reasons. First and foremost, governments provide constituents with critical, everyday infrastructure, which makes ransomware-related outages costly and damaging. This incentivizes government IT leaders to address ransomware breaches quickly by paying the ransom. Second, and equally important, many state and local governments continue to use legacy hardware for their IT infrastructure. Without cloud-based protections and modernized cybersecurity protocols, many state and local governments face an uphill battle when it comes to addressing ransomware.

Continue reading →

New research from Kasada shows a 50 percent jump in bad bot activity during Black Friday week, with bot operators using customized open-source development tools, headless browsers, and new Solver Services to conduct their attacks at scale.

The report also shows a six times spike in automated gift card lookups this holiday shopping season, a key indicator that fraudsters are using bots to identify and steal gift card balances.

Continue reading →

New data from managed security service provider Nuspire reveals large increases in overall threat activity in the second quarter of this year continued throughout Q3, with additional growth in both exploits and botnets.

There's been a 236.22 percent jump in Kryptik variants -- a type of trojan malware distributed to victims through phishing campaigns, the goal being to steal information, including cryptocurrency wallets, files and SSH keys.

Continue reading →