Cybercrime

The number of deepfake videos online is increasing at an annual rate of 900 percent according to the World Economic Forum.

In the light of this Kaspersky researchers have revealed the top three fraud schemes using deepfakes that people should be aware of.

The majority of cyberattacks are made possible by some degree of human error. Phishing emails and social engineering continue to dominate as the most common delivery systems for an attack.

We spoke to Mika Aalto, CEO and co-founder at Hoxhunt, about why a human-focused cyber-strategy is the key to success in combating attacks, about the initiatives that organizations can implement to establish this and how he expects human-related cyber-attacks to evolve.

Analysis of exposed dark web assets from SpyCloud finds that the technology sector has the highest number of malware-infected employees and consumers, the highest number of exposed corporate credentials, and the most exposed malware cookie records.

In the analysis of the darknet exposure of employees of Fortune 1000 enterprises across 21 industry sectors, researchers uncovered 27.48 million pairs of credentials with corporate email addresses and plain text passwords, with over 223,000 exfiltrated by malware.

Deepfake fraud is on the rise, with 37 percent of organizations experiencing voice fraud and 29 percent falling victim to deepfake videos, according to a survey by identity verification specialist Regula.

Fake biometric artifacts like deepfake voice or video are perceived as real threats by 80 percent of companies, with businesses in the USA most concerned, about 91 percent of organizations considering them to be a growing threat.

Cybercriminals and fraudsters have long relied on a dark web community to exchange information on vulnerable businesses and individuals as well as trading fraud-as-a-service schemes.

In an effort to turn the tables, Sift is launching a new online community called 'Sifters' to allow its customers to learn from, interact with, and share information with each other, including on any emerging fraud threats they encounter.

A malware toolkit dubbed 'Decoy Dog' has command-and-control (C2) propagated to a Russian IP and is selectively targeting organizations worldwide -- and going undetected.

The Infoblox Threat Intelligence Group is the first to discover Decoy Dog and the company is collaborating with other companies in the security industry, as well as customers, to identify and disrupt this activity.

As businesses get bigger they begin to gain extra layers of management and start to behave in different ways. A new report from Trend Micro reveals that the same is true for cybercrime groups.

A typical large cybercrime organization allocates 80 percent of its operating expenses to wages, with the figure similarly high (78 percent) for smaller criminal organizations, according to the report.

As news of Silicon Valley Bank’s (SVB) collapse continues to dominate the headlines, cybercriminals are running phishing campaigns impersonating SVB and other financial institutions, including M-F-A and Bloomberg.

Responding quickly to the 24-hour news cycle, cybercriminals aim to leverage their victims’ potential distress over their financial situation to make them more susceptible to this type of attack.

According to a new report, 17 percent of consumers have encountered online offers to commit payment fraud, a symptom of fraud's increasing accessibility and democratization among everyday internet users.

What's more the study from Sift shows 16 percent of consumers admit to having committed, or knowing of someone who has taken part in, payment fraud.

The Lockbit ransomware group claimed 129 victims in February, more than double the 50 that was reported in January.

The latest ransomware report from GuidePoint Security shows that another RaaS group, AlphV, also significantly increased its reported monthly victim count from 20 to 31.

Cybercrime actors are shifting away from ransomware to new, innovative techniques, according to the latest CrowdStrike Global Threat Report released today.

The report shows 71 percent of attacks detected in the last year were malware-free (up from 62 percent in 2021) and interactive intrusions (hands on keyboard activity) increased 50 percent in 2022. This shows how sophisticated human adversaries are increasingly looking to evade antivirus protection and outsmart machine-only defenses.

Given we've all been told that it's inevitable that we'll get hacked, or at the least we need to assume that we will, what does this mean for businesses? It's clear that investment in cyber security measures isn't slowing down the attacks, and in 2023 it feels like there's been a significant increase in reported cyberattacks already. And we've only just hit February!

It would also appear that cyber attacks are becoming more sophisticated and technologically advanced. Fundamentally, you can't prevent a member of your team from clicking a phishing link, and the attack surface remains expanded due to the current hybrid working arrangements in place at most companies. So, if we are being told to expect an attack, does this shift the emphasis from prevention and defense, onto preparation and response? How would you recover your business?

Phishing emails usually try to trick the user into opening an attachment or visiting a website. Often this is by instilling a sense of urgency -- telling you your account is about to expire, for example.

Researchers at NordVPN have uncovered a new tactic involving email birthday cards. After all, if it's your birthday and you've opened several eCards already you're not going to think there's anything phishy about another one.

Phishing volumes increased 36 percent, with 278.3M unique phishing emails in the fourth quarter of 2022, while malware volumes increased 12 percent QoQ, accounting for 58.9M emails, in the same period.

The latest Phishing and Malware Report from Vade shows the company detected 278.3 million unique phishing emails in Q4, surpassing the previous quarter’s total by 74.4 million. December saw the biggest jump in phishing emails, up 260 percent, as threat actors tried to cash in on the holiday period, this echoes a similar pattern at the end of 2021.

Since Microsoft began the default blocking of macros in documents sent over the internet there's been an increase in the use of HTML files to deliver malware.

Research by Trustwave Spiderlabs reveals a rise in so called 'HTML smuggling' using HTML5 attributes that can work offline by storing a binary in an immutable blob of data within JavaScript code. The embedded payload then gets decoded into a file object when opened via a web browser.