Articles about Phishing

Phishing is on the rise. Egress' latest Phishing Threat Trends Report shows a 28 percent surge in attacks in the second quarter of 2024 alone. But what’s behind the increase? There are a few factors in play. Like any other form of threat, phishing is becoming more sophisticated with hackers now having access to a variety of new AI-powered tools to generate email messages, payloads, and even deepfakes.

Further, these technologies and the cyberattacks they can create are now easier to access than ever. Especially as more hackers tap into the professional services on offer from a mature and diverse Crime as a Service (CaaS) ecosystem of providers selling everything from the mechanisms to create attacks to pre-packaged phishing toolkits that promise to evade native defenses and secure email gateways (SEGs).

Continue reading →

New data from Abnormal Security shows that between September 2023 and September 2024, phishing, business email compromise, and vendor email compromise attacks on manufacturers increased significantly.

The number of monthly attacks phishing attacks has grown nearly 83 percent between September 2023 and September 2024. Business email compromise attacks are up 56 percent too.

Continue reading →

Cyberattackers are targeting holidays and weekends to cause maximum disruption, yet many businesses remain underprepared outside of standard working hours.

A new report from Semperis, based on a survey of almost 1,000 cybersecurity professionals, shows that 86 percent of surveyed organizations in the US, UK, France and Germany that were attacked were targeted during a holiday or weekend.

Continue reading →

New data from Cofense shows one malicious email bypassing customers' Secure Email Gateways (SEGs) every 45 seconds -- up from every 57 seconds in 2023.

The report also highlights the rapid rise in Remote Access Trojans (RATs) and the evolution of credential phishing techniques that exploit trusted platforms. Remcos RAT emerged as the predominant malware, using methods to bypass SEGs with ease.

Continue reading →

The US banking industry has seen a significant uptick in cyberattacks, particularly in phishing and spoofing, and tactics are becoming increasingly advanced due to AI.

New research from BforeAI analyzed 62,074 domains registered between January and June 2024 with finance-related keywords. Of those registered domains, 62 percent were found to be involved in phishing attacks targeting legitimate entities via spoofing websites.

Continue reading →

A new report shows 89 percent of organizations suffered at least one security incident in the past three years. 52 percent experienced at least four, and 24 percent were victims of an extraordinary 11 incidents.

The 2024 Secure Infrastructure Access from Teleport surveyed 250 senior US and UK decision-makers, assessing enterprise performance in infrastructure access security, dividing respondents into three groups based on a number of factors.

Continue reading →

A new report from IBM X-Force looks at the biggest risks enterprises are facing and highlights how attackers know that credentials are the keys to cloud environments, making them highly sought-after on dark web marketplaces.

Attackers are using phishing, keylogging, watering hole and brute force attacks to harvest credentials. Also dark web research highlights the popularity of infostealers, used to steal cloud platform and service-specific credentials.

Continue reading →

Cybercriminals are increasingly adopting a 'mobile-first' attack strategy to infiltrate enterprise systems by targeting weak, unsecured, and unmanaged mobile endpoints, recognizing mobile as a major entry point to corporate networks and sensitive data.

A new report from Zimperium zLabs shows a significant rise in mobile phishing -- or 'mishing' -- a technique that employs various tactics specifically designed to exploit vulnerabilities in mobile devices.

Continue reading →

A new survey of cybersecurity professionals finds that 75 percent of respondents think phishing attacks pose the greatest AI-powered threat to their organization, while 56 percent say deepfake enhanced fraud (voice or video) poses the greatest threat.

The study from Team 8, carried out at its annual CISO Summit, also finds that lack of expertise (58 percent) and balancing security with usability (56 percent) are the two main challenges organizations face when defending AI systems.

Continue reading →

A new global study reveals that 58 percent of people use a username and password to login to personal accounts and 54 percent do so to login to work accounts.

The report from Yubico, based on a study of 20,000 people around the world carried out by Talker Research, reveals a worrying lack of awareness of best practices for authentication. 39 percent think username and password are the most secure and 37 percent think mobile SMS based authentication is the most secure, though both are highly susceptible to phishing attacks.

Continue reading →

Because email is the primary source of initial entry in many breaches, many organizations pay for sophisticated, third-party email filtering solutions on top of the protections afforded by Microsoft 365. This is a wise investment; having layers of protection by different vendors helps eliminate blind spots found in any one vendor solution and provides complexity that can foil attack attempts.

Yet, few know that threat actors can easily bypass these third-party filtering products by directing emails to onmicrosoft.com domains that are an inherent part of the Microsoft 365 configuration.

Continue reading →

Perimeter solutions such as Secure Email Gateways (SEGs) have long been a cornerstone of email security, historically serving as the primary line of defence against malicious emails entering an organization. Utilizing legacy technology such as signature and reputation-based detection, SEGs have provided pre-delivery intervention by quarantining malicious attacks before they reach the end recipient.

Why, then, are 91 percent of cybersecurity leaders frustrated with their SEGs, and 87 percent considering a replacement?

Continue reading →

Although it dates back to the very early days of the internet, email remains a vital communications channel for businesses. But it also continues to present security challenges.

A new report from Abnormal Security reveals a 350 percent year-on-year growth in file-sharing phishing attacks, while business email compromise attacks (BEC) have grown over 50 percent from the second half of 2023 to the first half of 2024.

Continue reading →

In today's digital landscape, an organisation's C-suite and senior executives hold the most valuable corporate data and sign-off authorities, representing the highest potential risk over email. Whether it's inbound spear phishing attacks or outbound mistakes resulting in a damaging data breach, the C-suite are vulnerable.

But what do cybercriminals want from these individuals, are breaches always a result of external actors, and what can organisations do to protect their top decision-makers?

Continue reading →

Phishing remains a significant threat to organizations. A new report from Darktrace shows 17.8 million phishing emails detected across its customer fleet between December 21, 2023, and July 5, 2024. Alarmingly, 62 percent of these emails successfully bypassed DMARC checks.

Cybercriminals are embracing more sophisticated tactics, techniques and procedures designed to evade traditional security parameters.

Continue reading →