Phishing

It never takes long for threat actors to jump on a bandwagon and the Ukraine conflict is the latest event to prompt a wave of cryptocurrency phishing emails.

A new report of February's attack vectors from managed detection and response company Expel shows attempts to impersonate legitimate aid organizations to exploit people's desire to support refugees and victims with donations.

New research by Trustwave SpiderLabs has uncovered a phishing attack that is able to adapt itself to the user's email service in order to trick them into revealing their login credentials.

The attack acts like a chameleon, putting up a fake login page tailored for whatever email service the victim is using. So Gmail users for example will see a different page from Apple, Outlook or Yahoo! Mail users.

A new report and infographic released today by Elevate Security shows that a mere three percent of a company's internal users are to blame for 92 percent of malware incidents, while just four percent are responsible for 80 percent of phishing incidents.

The research, carried out for Elevate by the Cyentia Institute, also shows 12 percent of users are responsible for 71 percent of browsing incidents with one percent triggering 200 events every week.

Only 23 percent of board of directors consider ransomware to be their top priority. Yet 59 percent of organizations have fallen victim to ransomware.

A new study from email security company Egress, independently conducted by Arlington Research, polled 500 IT leaders across the US and UK. It finds 52 percent of organizations allocate less than a quarter of their security budget to anti-phishing measures, yet 84 percent were hit by phishing and 42 percent had credentials stolen.

The UK's National Computer Security centre (NCSC) has recently issued new guidance on secure communications for voice and video calls and SMS in order to help protect consumers from scams.

UK telecoms regulator Ofcom has also announced a crackdown on scam phone calls using fake numbers as their volume has soared during the pandemic.

The use of electronic signatures has become commonplace for many business transactions, cutting out the need for face-to-face meetings and couriering documents.

This though makes the signing process an attractive target for cybercriminals. Researchers at Armorblox have uncovered a sophisticated credential phishing attack impersonating e-signature leader DocuSign.

New research from Hornetsecurity finds that 40 percent of all inbound emails pose a potential threat, including spam, phishing and advanced threats such as CEO fraud and any type of malware.

Phishing, malicious links, and ransomware are among the most popular attack tactics used by hackers with brand impersonation being especially popular.

Worried about becoming a victim of cybercrime? A new study from Surfshark reveals the places where your fears are most likely to be justifed, the countries where cybercrime density -- the number of attacks per million of population -- is highest.

The UK tops the list with 3,409 victims per million internet users, almost twice as many as the US (1,724 per million). The number of victims in the UK also grew by 130 percent compared to 2019, which is the second-highest year-on-year growth worldwide after South Africa which faced the sharpest rise of 277 percent.

The malware types and hacking services most discussed over the last year on dark web forums are dominated by phishing, stealers, zero-day attacks, and ransomware.

But the 2021 Year-End Data Breach Report from Risk Based Security finds discussing ransomware has been widely banned on major forums as evidenced by referring to ransomware offerings as 'crypters' or 'lockers' to avoid the post or account getting immediately banned.

Personnel working in IT or DevOps are more likely to click on phishing emails than those in other areas of an organization.

A new study by F-Secure looks at how over 80,000 people from different organizations responded to emails that simulated one of four commonly used phishing tactics.

Adobe Creative Cloud hosts popular apps including Photoshop and Acrobat, it also aids collaboration by allowing users to share documents.

Cybersecurity researchers at Avanan have discovered that hackers are now exploiting these file-sharing services as a phishing attack vector by sending legitimate emails through a trusted sender, bypassing ATP protection via Adobe’s SaaS offering.

A flaw in the comments feature of Google Docs is allowing attackers to target users with phishing emails.

Security researchers at email security company Avanan have observed what they call, "a new, massive wave of hackers" using the comment feature in Google Docs during December to launch attacks, mainly against Outlook users.

Almost a quarter (22 percent) of employees globally are likely to expose their organization to the risk of cyber-attack via a successful phishing attempt according to a new study.

The study, from AI-driven cybersecurity training software company Phished, shows that of employees who open a phishing message 53 percent are likely to click a malicious link contained within it.

No organization in any industry is immune to a phishing attack. As organizations reduce their office footprints and the world of work has evolved into the now normal hybrid and remote models of working, organizations are wide open to cybersecurity attacks. This hybrid model of more flexible working is likely to be on the increase, and according to CIPD, 85 percent  of employees want to split their hours between the office and home, while 40 percent  of employers cite hybrid working as their new operational model. 

Workplaces are reeling back in their employees as the pandemic eases up and over two-thirds of organizations are expected to adopt a hybrid working model, Amid the excitement of back to work, cyber vigilance may experience a lapse among users. The threat actors target chinks in an organization's security armor as new apps, devices and user touchpoints are added into the tech ecosystem, providing more surface points for attacks. This means, if you haven’t already started planning your security prevention, there is no better time to refresh security training.

New research from Python software house STX Next finds that that CTOs see human error, ransomware and phishing as the biggest security threats.

The study of 500 CTOs globally shows 59 percent still see human error as the main security threat to their business, alongside other prominent concerns such as ransomware (49 percent) and phishing (36 percent).