cybersecurity

Account takeover (ATO) attacks jumped a massive 354 percent year-on-year in Q2 2023 according to the latest quarterly Digital Trust and Safety Index from Sift.

Analysis across Sift's global network shows the fintech and food and beverage categories experienced especially large increases. ATO spiked 808 percent across fintech, hitting loyalty sites and crypto, and opening the gate to downstream payment fraud, while the food and beverage industry saw a 485 percent increase in ATO.

We all know that bad bots are, well… Bad. But open banking is supposed to be good, giving consumers more control over their finances. Combine open banking and bad bots though and you have opened up a world of new threats to banks, customers, and their data.

We spoke to Alan Ryan, AVP for UK and Ireland at Imperva, about how open banking has created new opportunities for cybercriminals, and why the traditional siloed approach to security needs re-appraising.

Cybercriminals have launched approximately 7.9 million DDoS attacks in the first half of 2023, representing a 31 percent year-on-year increase.

A new report from NETSCOUT shows global events like the Russia-Ukraine war and recent NATO bids have driven recent DDoS attack growth.

Industrial control system and operational technology environments are becoming increasingly interconnected and complex, offering efficiency and innovation. However, this also exposes organizations to heightened vulnerabilities from relentless cyber threats.

The latest SANS 2023 ICS/OT Cybersecurity Survey, sponsored by critical infrastructure protection specialist OPSWAT, shows the three items of utmost importance for ICS security programs in 2023 have been identified as network visibility, risk assessments, and transient device threat detection.

According to a new survey from Censuswide for Veeam Software, UK business leaders rate ransomware as a more significant threat to their organization (43 percent) than the economic crisis (41 percent), skills shortages (34 percent), political uncertainty (31 percent), and Brexit (30 percent).

The survey 100 directors of UK companies with over 500 employees who had suffered a ransomware attack in the past 18 months finds 61 percent are anxious about the prospect of another attack.

A new report from cyber insurance provider Coalition shows a 12 percent increase in cyber claims over the first six months of this year, driven by the notable spikes in ransomware and funds transfer fraud (FTF).

Companies with over $100 million in revenue saw the largest increase (20 percent) in the number of claims as well as more substantial losses from attacks -- with a 72 percent increase in claims severity from the second half of 2022.

In 2023, the total average annual cost of an insider risk increased to $16.2 million, a 40 percent increase over a four-year period.

This is among the findings of a new insider risks report from DTEX Systems, based on research from the Ponemon Institute. The study also shows that the average number of days taken to contain an insider incident has increased to 86 days.

New research shows that if an attacker has compromised an email account they can use inbox rules to hide in plain sight while they quietly move information out of your network via your inbox and hide security warnings.

The report from Barracuda reveals techniques including setting a rule to forward to an external address all emails containing sensitive and potentially lucrative key words such as 'payment' or 'confidential' to steal information or money.

A new report from SpyCloud shows that while 79 percent of organizations say they are confident in their ransomware defenses, 81 percent were affected at least once in the past 12 months.

The study also shows that infostealer infections preceded 22 percent of ransomware events for North American and European ransomware victim companies in 2023. 76 percent of infections that preceded these ransomware events involved the Raccoon infostealer malware.

Lots of apps are potentially transmitting and saving user data without express permission and this has led some administrations to consider bans.

In May, Montana passed the first bill to ban TikTok statewide due to data concerns, and India has banned 60 apps, including TikTok, claiming they were transmitting user data back to China.

The death of the password has been predicted for a long time, yet despite increased adoption of biometrics, passkeys and other newer technologies, passwords still underpin much of our day-to-day security.

We spoke to Darren James, senior product manager at Specops Software, to discuss passwords, whether they still have a future and where authentication is heading.

Recent research carried out by IBM found that organizations with regularly tested incident response plans had a $2.66 million lower data breach cost than organizations without them.

We spoke to Adam Scamihorn, product director at InterVision, to find out why every enterprise needs to have a strong incident response plan in order to face up to growing security threats.

New research shows that only 14 percent of businesses get back 100 percent of their data following a ransomware attack -- even if they agree to the ransom demand.

The study sponsored by Zerto and conducted by Enterprise Strategy Group also reveals that nearly 60 percent of organizations reported an impact to regulated data, such as personally identifiable information, in successful ransomware attacks.

Cybersecurity can, at times, feel like a thankless and invisible task. The punishment for a mistake is immediate and ruthless, the reward for success next to non-existent, because how do you recognize the absence of a breach? But this isn’t a new scenario; the IT industry has dealt with this outlook for decades. The job of an IT department is to be invisible, but when something does go wrong all eyes are inevitably on them to fix it.

In a threat landscape where there exists a constant push to innovate, adapt and breach, there are only three possible outcomes for the IT industry: defeat, indefinite struggle, or complete structural collapse.

Emails from supposedly wronged and robbed Nigerian nobility asking for help in exchange for a payout of millions were one of the very earliest email scams.

For a while 'Nigerian prince' emails, also known as '419 scams' in reference to part of the Nigerian Criminal Code relating to fraud, were a regular feature in most people's inboxes.