Cybercrime

Research from GuidePoint Security shows eight new ransomware groups have emerged in the last quarter and that there has been at least one new ransomware group each month since January 2021.

The report, from the GuidePoint Research and Intelligence Team (GRIT), tracked 27 ransomware groups and 568 publicly posted victims in the third quarter of this year and shows a slight slowdown overall of ransomware activity from the previous quarter.

Digital natives aged between 18-39 are the most vulnerable age group for phishing scams, according to new data from security awareness training company SoSafe.

It finds that 18-39 year-olds have an average click rate of 29 percent on phishing emails, which drops to 19 percent among older age groups.

Like it or not, the global cybercrime industry has grown at a prolific rate over the last decade, making it harder than ever for organizations to keep sensitive data safe. To put the size of the issue into perspective, a recent IDC report found that around 50 percent of organizations have suffered unrecoverable data loss in the last three years. What’s more, the data also demonstrated how the pandemic turbocharged the issue, with attacks surging by an eye-watering 238 percent between February and April 2020. Simply put, the world seems to be in an extremely worrying 'golden age' of cybercrime at the moment.

As every business knows, a successful cyber-attack can have a devastating effect, potentially costing huge amounts of time and money to resolve, as well as inflicting major reputational damage, should sensitive information be taken or lost. In some cases, the organizations involved never recover.

A new study finds that £95 ($105) is lost to fraud every second in the UK. This is according to analysis by fraud prevention specialist Outseer of all the reported incidents of fraud to Action Fraud -- the UK's national reporting center for fraud and cybercrime -- between 1st July 2021 to 30th June 2022.

The data shows one case was reported to Action Fraud every 85 seconds and reported losses totalled over £3 billion ($3.31 billion) during the 12-month study period.

Cyberattacks can cause significant harm to businesses, not least financial losses. According to recent findings from the Atlas VPN team, 37 percent of companies lose over $100,000 per cyberattack on average.

Some lose even more, with 22 percent of companies suffering significant losses ranging from $100,000 up to $499,999. Cybercriminals stole even more money, between $500,000 and $999,999, from 11 percent of businesses. Lastly, four percent of companies claim to have lost over $1 million after a successful cyberattack. A worrying two percent of businesses say they don't know their actual losses.

Cybercriminals have become more adept at bypassing defenses with new DDoS attack vectors and successful methodologies, according to the latest DDoS Threat Intelligence Report from NETSCOUT.

The report is based on intelligence on attacks occurring in over 190 countries, 550 industries, and 50,000 autonomous system numbers (ASNs). It finds there were over six million DDoS attacks in first half of 2022, with TCP-based flood attacks (SYN, ACK, RST) still the most used attack vector, accounting for around 46 percent.

A new report from Barracuda finds the volume of ransomware threats detected spiked between January and June of this year to more than 1.2 million per month.

Researchers have also seen a spike in the number of service providers that have been hit with a ransomware attack. The main targets, however, are still five key industries: education, municipalities, healthcare, infrastructure, and financial.

Major cyberattacks still have the power to make headline news, yet reporting and indeed conviction rates for cybercrime remain low. It's perhaps not surprising then that rising numbers of young people are getting involved in these illegal activities.

We spoke to Simon Newman, International Cyber Expo Advisory Council member and CEO of the Cyber Resilience Centre for London, to get his views on what needs to be done to improve reporting and change the mindset of 'script kiddies' for the better.

According to a new study 59 percent US and UK consumers are now more cautious about trusting others online thanks to having watched fraud documentaries.

The report from Onfido looks at the impact of popular shows like Inventing Anna and The Tinder Swindler and finds that 67 percent of consumers admit they have changed their outlook on fraud.

We all know that stolen information is traded on the dark web, and new research by Trustwave looks at what is available and how much it costs. It also uncovers the additional services that are being offered to make it easier to commit fraud.

Details of a stolen credit card can be bought for as little as $8. Much more valuable though is a card with 'fullz' -- extra information on the victim that makes the card more usable. These can cost up to $70.

The threat landscape is constantly evolving and the shift to hybrid has only widened the attack surface. Today, organizations continue to be in the firing line as cybercriminals exploit their most used application: emails. The proliferation of phishing and business email attacks have seen hackers targeting the biggest corporate security weakness; employees.

Threat actors target workers because they are seen as the weakest link. Cybercriminals are thriving by targeting and exploiting staff, especially those who haven’t received effective user education and training. As the attack surface expands and threats become more sophisticated, organizations must reinvent the wheel by changing their approach to cybersecurity. Where should they start? With training employees and providing omnipresent tools and technology to prevent, detect, and recover from even the most sophisticated of attacks.

Office macros have long been a favorite attack method for cybercriminals but now that Microsoft has started blocking them by default the bad guys have started to turn to other methods.

A new report from HP Wolf Security shows a shift to shortcut (LNK) files being used to deliver malware. Attackers often place shortcut files in ZIP email attachments, to help them evade email scanners.

As global travel restrictions continue to ease this summer, many will wander to new destinations. Recent research anticipates that 208 million American adults (80.84 percent) plan to travel this summer with more than 20 percent of those planning to travel internationally. While this is a positive forecast for the travel and hospitality sector, for cybersecurity, it presents a host of potential risks. Insecure WiFi connections and personal device usage, to name a few.

As malicious activity proliferates and cybercriminals become more discrete and persistent with their attack methods, organizations and their employees must be vigilant at all times, unfortunately even when on vacation. Simply checking company emails on a personal device while connected to public WiFi at a café or airport could have massive repercussions for an organization. Employees must always take precautions, as cybercriminals will be looking to exploit organizations during employee downtime. While it is best to completely avoid bringing your corporate devices on vacation, fortunately, there are measures that we can all take to reduce our risk of falling victim to an attack while working from unfamiliar locations.

The shift to remote working has boosted the popularity of messaging apps, in particular those like Discord and Telegram which have underlying elements that allow users to create and share programs or other types of content that's used inside the platform.

But research from Intel471 shows cybercriminals are finding ways to use these platforms to host, distribute, and execute functions that ultimately allow them to steal credentials or other information from unsuspecting users.

Much like the legitimate eCommerce world, trust and reputation have become essential parts of the cybercriminal trade. New research by HP Wolf Security finds 77 percent of cybercriminal marketplaces analyzed require a vendor bond -- a license to sell -- which can cost up to $3,000.

In other evidence of a professional approach, 85 percent of these sites use escrow payments, and 92 percent have a third-party dispute resolution service. Every marketplace provides vendor feedback scores too. Cybercriminals also try to stay a step ahead of law enforcement by transferring reputations between websites -- as the average lifespan of a dark net website is only 55 days.