Phishing

Phishing remains the dominant attack vector for bad actors, growing 31.5 percent over 2020 level, according to the latest quarterly trends report by PhishLabs.

Social media is now the attack target of choice, with attacks per target climbing steadily, up 82 percent year-to-date. The payment services industry continues to be the most targeted, but staffing and recruiting experienced the steepest increase in attacks compared to Q2.

According to a new report 59 percent of all workers are using corporate email for personal use, but Gen Zs are the biggest offenders at 93 percent.

The study from SailPoint also finds that Gen Z (77 percent) and Millennials (55 percent) are using corporate emails for their social media logins, compared to just 15 percent of Gen X and seven percent of Boomers.

Energy organizations provide infrastructure that's essential for the safety and well being of society, but recent events like the Colonial Pipeline breach demonstrate that the industry is particularly vulnerable to cyberattacks.

A new report on energy industry threats finds that 20 percent of energy employees have been exposed to a mobile phishing attack in the first half of 2021, a 161 percent increase from the second half of 2020.

Despite the rising popularity of other communication and collaboration methods like Zoom and Teams, email remains at the core of business correspondence. However, it also remains a popular vehicle for delivering cyberattacks and other unwelcome material.

Secure email company Avanan has produced an infographic looking at email safety.

Most web traffic is now associated with users who are mobile, so it's no surprise that hackers are using this to their advantage by crafting attacks specific to mobile platforms.

Clearly this is paying off with as many as one in 10 users clicking on mobile phishing messages according to Apple enterprise management company Jamf's latest Phishing Trends report based on information, statistics and analysis of 500,000 protected devices across 90 countries.

A new report from NTT Application Security shows that last year the education sector saw 408 publicly-disclosed school incidents, including student and staff data breaches, ransomware and other malware outbreaks, phishing attacks and other social engineering scams, plus a wide variety of other incidents.

This is 18 percent more incidents than were publicly-disclosed during the previous calendar year and equates to more than two incidents a day. The sector also has lower remediation rates and a higher than average time to fix.

Although people are sometimes seen as a weak link in information security, a new report from F-Secure shows that a third of emails that employees report as suspicious are actually phishing.

The finding comes from an analysis of emails reported by employees from organizations around the world, using F-Secure's mail reporting plugin for Office 365, during the first half of 2021.

Coverage of fraud tends to focus on the online methods such as phishing, credential stuffing, opening fake accounts and so on.

But there's another side to the problem in the form of voice fraud via 'vishing' and the use of social engineering techniques, this is made simpler by the ease with which numbers can be spoofed so a call can appear to come from a legitimate number such as your bank.

The latest analysis of phishing data from the Cyren Incident and Response team shows that 88 percent of evasive threats were detected using real-time techniques like machine learning.

Of the remainder six percent were found with proprietary threat intelligence or readily matched patterns from previous attacks, and the remaining six percent were suspicious messages that required human analysis to confirm the detection.

There has been a 22 percent increase in phishing volume in the first half of 2021 compared to the same period last year. Though there was a dip in June following record highs in May.

A report from digital risk protection company PhishLabs shows that the cryptocurrency sector saw a 10 times increase in attacks in the last quarter compared to the previous one.

A new survey from Egress of 500 IT leaders and 3,000 employees across the US and UK finds that 73 percent of organizations have suffered data breaches caused by phishing attacks in the last year.

In addition 53 percent of IT leaders report an increase in incidents caused by phishing since the widespread adoption of remote working. There are also concerns over future hybrid working, with 50 percent of IT leaders saying it will make it harder to prevent breaches caused by malicious email attacks.

We're all encouraged to use multi-factor authentication to protect our online accounts. Very often this involves a one-time passcode (OTP) sent via an SMS message.

This makes life harder for the cybercriminals even if they have your password, but the team at CyberNews has uncovered a new robocall bot that aims to trick users into giving up their OTPs.

Despite the rise of cloud-based collaboration services it's still common for people to exchange information and documents by email. Of course you still need a way of handling larger attachments.

The latest social engineering attack uncovered by Armorblox spoofs a file-sharing notice from the popular WeTransfer platform that's used by individuals and businesses alike.

A new survey of enterprise IT security leaders shows almost 80 percent believe remote workers are at more risk from phishing attacks now because they're isolated from their organizations' security teams.

The study from Egress also reveals that more than 59 percent of respondents feel solutions such as video training (27 percent), email reminders (20 percent), and VPNs (12 percent), are sufficient by themselves to keep organizations safe from the biggest security breach fears: damage to brand and reputation, and legal jeopardy.

According to a new study of over 1,000 enterprise IT professionals around the world, 40 percent of organizations confirm they have fallen victim to a phishing attack in the last month, with 74 percent experiencing one in the last year.

The research from automation platform Ivanti also shows that 80 percent of respondents say they have witnessed an increase in volume of phishing attempts, with 85 percent saying those attempts are getting more sophisticated.