Articles about Threats

A new report looks at the state of post-quantum cryptography (PQC) from the perspective of
cybersecurity professionals, finding that 48 percent of organizations aren’t prepared to confront the urgent challenges posed by quantum computing.

The report from Keyfactor, based on a survey of 450 cybersecurity leaders across North America and Europe carried out by Wakefield Research, finds mid-sized organizations are particularly vulnerable, with 56 percent saying they are not ready.

Continue reading →

New research from Darktrace finds that 78 percent of CISOs say that AI-powered threats are having a significant impact on their organizations, a five percent increase from 2024.

There's more confidence about dealing with them though, more than 60 percent now say that they are adequately prepared to defend against these threats, an increase of nearly 15 percent year-on-year.

Continue reading →

Even though it’s only been two years since the public demo of ChatGPT launched, popularizing the technology for the masses, generative AI technology has already had a profound and transformative effect on the world. In the years since the platform’s launch, critics have regularly pointed out the risks of generative AI and called for increased regulation to mitigate them. Once these risks are addressed, companies will be more free to use AI in ways that help their bottom line and the world as a whole.

We must remember that artificial intelligence is a powerful tool, and as the adage goes, “With great power comes great responsibility.” Although we have seen AI make a positive impact on society in several ways -- from boosting productivity in industrial settings to contributing to life-saving discoveries in the medical field -- we have also seen wrongdoers abuse the technology to cause harm.

Continue reading →

A new report from digital transformation consultancy Gemserv, based on a survey of CISOs at 200 large UK and EU enterprises, finds most believe boards are overconfident of their understanding of cybersecurity issues, and are failing to provide CISOs with the support they need to properly protect the organization.

According to the findings, 88 percent of CISOs think the threat landscape is becoming more complex, with 37 percent not confident they have the resources they need. 44 percent struggle to recruit and retain the skilled people they need, amid a 3.2m 'workforce gap' for IT talent.

Continue reading →

Account Takeover (ATO) incidents are on the rise, with one recent study finding that 29 percent of US adults were victims of ATO attacks in the past year alone. That isn’t necessarily surprising: what we call an “Account Takeover attack” usually comes as the result of stolen credentials -- and this year’s Verizon Data Breach Investigations Report (DBIR) noted that credential theft has played a role in a whopping 31 percent of all breaches over the past 10 years. Basically, an ATO happens when a cybercriminal uses those stolen credentials to access an account that doesn’t belong to them and leverages it for any number of nefarious purposes.

Those credentials can come from anywhere. Yes, modern attackers can use deepfakes and other advanced tactics to get their hands on credentials -- but the truth is, tried-and-true methods like phishing and business email compromise (BEC) attacks are still remarkably effective. Worse still, because people tend to reuse passwords, a single set of stolen credentials can often lead to multiple compromised accounts. As always, human beings are the weakest point in any system.

Continue reading →

The latest threat detection data from Red Canary shows that Atomic Stealer -- an infostealer that targets credentials, payment card data, keychain details, and cryptocurrency wallet information on macOS devices -- has entered the top 10 threats.

Other notable appearances include Scarlet Goldfinch -- an 'activity cluster' that uses fake browser updates to trick users into downloading a legitimate remote management and monitoring tool that can be abused to deploy malicious software -- and ChromeLoader -- a malicious browser extension that reads and hijacks browser traffic to redirect it to specific sites, likely to conduct pay-per-click advertising fraud.

Continue reading →

Representatives from leading nations including the US and UK are meeting for three days of talks to focus on tackling global cyber threats and boosting cyber skills.

Over the next three days, countries including the EU member states, Canada, Japan and international organizations such as the World Economic Forum and the OECD will discuss how global cyber security workforces can be strengthened, from agreeing ways to boost cyber skills to developing new professional standards.

Continue reading →

Microsoft Office stands as a pillar in the landscape of modern productivity tools. Its suite of programs -- from Word for crafting documents to Excel for data analysis - allows for versatility in both personal and professional environments. Used from everything like notetaking, resumes, essays, and business reports, in today’s digital age, these documents are indispensable and trusted tools.

This versatility, however, presents a double-edged sword. While they enhance efficiency and functionality, they simultaneously create potential security risks. This duality makes Microsoft Office documents an attractive target for threat actors, who exploit their widespread use and familiar interface to deliver phishing and malware with alarming ease.

Continue reading →

Modern cybersecurity leaders are expected to balance an almost comical number of responsibilities. Threat intelligence, vulnerability management, asset tracking, identity management, budgeting, third-party risk -- and that’s just what the company is willing to put in the job description.

To be a cybersecurity expert is to spend your entire career deepening your well of knowledge in one or a few domains. To be a cybersecurity leader, on the other hand, is to spend your career attempting to drink an ocean through a straw. What makes this moment in cybersecurity so interesting is that generative artificial intelligence (AI) brought a fundamental change to both the ocean and the straw.

Continue reading →

The latest annual report from the GuidePoint Research and Intelligence Team (GRIT) observed 63 distinct ransomware groups using encryption, data exfiltration, data extortion, and other novel tactics to compromise and publicly post 4,519 victims across all 30 of GRIT's tracked industries, and in 120 countries, across 2023.

Most impacts affected a limited subset of industries. 62 percent of all observed victims belong to one of the top ten most-impacted industries, with manufacturing and technology remaining the two most-impacted.

Continue reading →

The cybersecurity landscape is experiencing an unprecedented surge in vulnerabilities. In 2022 alone, a staggering 25,096 new vulnerabilities were added to the National Vulnerability Database (NVD). This number represents the highest count of vulnerabilities ever recorded within a single year and reflects a 25 percent increase compared to the 20,196 new vulnerabilities reported in 2021.

This escalating trend indicates that cybersecurity threats are not only on the rise but are also accelerating at an alarming pace. The reasons behind this surge in vulnerabilities are multifaceted, stemming from factors such as the increasing complexity of software and technology systems, the rapid pace of digital transformation, and the growing sophistication of cyber attackers.

Continue reading →

IT security breaches are becoming more frequent and costly. According to IBM Security’s Cost of a Data Breach Report 2023 UK organizations shell out an average of £3.4m for data breach incidents. There isn't a CISO around that doesn't wish they had that kind of budget to spend on IT security. The tools to help security teams do their job more effectively are out there, but getting them approved in the annual budget is not guaranteed and investment can sometimes be too late.

So what can UK IT leaders do to make sure they continue to improve their IT security without blowing their budget? Here are eight ways to bolster cybersecurity resources: 

Continue reading →

Ransomware is being deployed within one day of initial access in more than 50 percent of engagements, according to research from Secureworks Counter Threat Unit.

In the last 12 months the median dwell time identified in the annual Secureworks State of the Threat Report has fallen from 4.5 days to less than one day. In 10 percent of cases, ransomware was even deployed within five hours of initial access.

Continue reading →

Senior security professionals view generative AI as a disruptive cybersecurity threat, with 46 percent of respondents to a new survey believing generative AI will increase their organization's vulnerability to attacks.

The study from Deep Instinct shows the top three generative AI threat issues are seen as growing privacy concerns (39 percent), undetectable phishing attacks (37 percent) and an increase in the volume and velocity of attacks (33 percent).

Continue reading →

On average, organizations' response time to cyber attacks improved by around a third -- from 29 to 19 days -- from 2021 to 2022.

The report from Immersive Labs suggests this improvement can be attributed to the urgency and need for fast response times amid the fallout of the Log4j crisis and other high-profile vulnerabilities over the past year.

Continue reading →