Cybercrime

According to a report by the UK’s National Cyber Security Centre, almost half of all recorded UK cyber incidents between September 2020 and August 2021 targeted the public sector. Public sector cybersecurity is being put to the test and it’s imperative that public sector organizations properly protect the sensitive data that is in their possession.

Back in October 2020, Hackney Borough Council in London suffered a serious ransomware attack which took many of its services and IT systems offline. The attack cost the council millions of pounds and today, more than 18 months later, data is still missing across many services. In February 2022, the Information Commissioner’s Office ordered Hackney Borough Council to disclose information regarding what cybersecurity training its staff had received prior to the attack, when they were required to work from home due to the Covid-19 pandemic.

Phishing emails referencing corporate issues and delivery problem notifications are the ones most likely to induce people to click links according to new research.

Data on simulated phishing attacks from Kaspersky's Security Awareness Platform shows emails with these subjects were successful in getting people to click 16 to 18 percent of the time.

The world of ransomware is becoming increasingly professional and it’s easier than ever for new entrants to get into the business.

A new report from Tenable looks at the ransomware ecosystem and how it has become one of the biggest threats to organizations as well as being lucrative for the criminals behind it.

The age of what might be called the hobbyist hacker is long gone, replaced by a much more serious trend towards organized crime and nation states being behind hacking and cyberattacks.

In an era where data can be weaponized, both businesses and governments need to take the threat seriously. It's important for security teams to understand how attacks are carried out and the motivations that lie behind them.

Although ransomware remained the most common threat last year the number of new ransomware families and unique variants discovered in 2021 decreased significantly compared to previous years.

Researchers from WithSecure suggest that this could highlight a potential opportunity to disrupt the cybercrime ecosystem that's exacerbated the problem in recent years.

We've become familiar with the widespread use of ransomware, but researchers at Rapid7 have been examining the rise of a newer phenomenon, 'double extortion'.

Pioneered by the Maze ransomware group, double extortion involves cybercriminals collecting files before encrypting them. Then if the target organization refuses to pay they threaten to release sensitive information.

In recent years cyberattacks have evolved from being the preserve of individual hackers to something much more serious, carried out by organized criminals and even nation states with the aim of espionage and financial gain.

This makes the process of investigating and defending against attacks more important than ever, but the sophistication of the methods used doesn't make the process any easier. This new book from security strategist Jon DiMaggio offers an investigator's guide to understanding the latest generation of threats.

Thanks to increased use of computers and mobile phones almost every crime now has some form of digital element. This has put a strain on the police's ability to investigate effectively and inevitably led to delays.

West Midlands Police in the UK has become the first to deploy a new cloud-based digital forensic solution from Exterro which allows greater collaboration between officers and means cases can be worked on remotely and resolved at greater speed.

OK, so there may not be a pension scheme and a company car, but rookie fraudsters are taking home approximately $18,700 (£15,000) a month with 'cybercriminal CEOs' making up to three times as much as their counterparts in legitimate businesses. According to a new report from Arkose Labs.

The return on investment for launching cyber attacks or committing online fraud is larger than ever before. Some of the highest earning fraudsters are known to be making around $7.5 million (£6 million) a year according to even the most conservative estimates. This is almost three times the amount that FTSE 100 chief executives were paid in 2020, when they earned an average $3.4m (£2.7m).

Cybercrime tends to follow the money when it comes to selecting targets, so it’s perhaps not too surprising to learn that 63 percent of financial institutions admit experiencing an increase in destructive attacks.

The latest Modern Bank Heists report from VMWare surveyed the financial industry's top CISOs and security leaders on the changing behavior of cybercriminal cartels and the defensive shift in the sector.

Globally, the cyber threat level to organizations remains high and the current situation only serves to highlight this further. To this point, any organization that has substantial gaps in its cybersecurity capabilities is operating at risk, and when the threat landscape changes, as it has now, so we become more aware of the vulnerabilities that we have carried for some time and the need for better Cyber Threat Intelligence. 

Two major cybersecurity events of the past 12 months really showcase the requirement for CTI in network security operations -- the SolarWinds software supply chain attack which broke at the start of 2021 and the Log4j vulnerability response process that occurred at the end of 2021. Both of these incidents highlight the need to rapidly gain situational awareness, contextualize vast amounts of information being shared, and prioritize remediation of significant threats.

Only 23 percent of board of directors consider ransomware to be their top priority. Yet 59 percent of organizations have fallen victim to ransomware.

A new study from email security company Egress, independently conducted by Arlington Research, polled 500 IT leaders across the US and UK. It finds 52 percent of organizations allocate less than a quarter of their security budget to anti-phishing measures, yet 84 percent were hit by phishing and 42 percent had credentials stolen.

In the past five years 85 percent of organizations have suffered a ransomware incident, while 74 percent have had more than one.

A new report from ExtraHop based on a survey conducted by Wakefield Research shows that 77 percent of IT decision makers are very or completely confident in their company's ability to prevent or mitigate cybersecurity threats.

New research from Hornetsecurity finds that 40 percent of all inbound emails pose a potential threat, including spam, phishing and advanced threats such as CEO fraud and any type of malware.

Phishing, malicious links, and ransomware are among the most popular attack tactics used by hackers with brand impersonation being especially popular.

Data breaches not only lead to a loss of reputation and drive customers elsewhere, they also have a significant financial cost.

A new study from Surfshark applies IBM's 'Cost of a Data Breach' calculations to the largest data breaches of the last two years in order to find the estimated cost of some of the biggest data breaches.