Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

August 2024

U.S. Experiences 52% Increase in the Number of Ransomware Attacks in One Year

New analysis of current ransomware attacks shows a massive focus on U.S. organizations, with growth spread across nearly every industry. One would think there would be a slowdown in the number of ransomware attacks due to the amount of threat intelligence and best practices to mitigate this threat.

Nearly Half of Mid-Market and Enterprise Organizations Have Experienced Four or More Ransomware Attacks in the Last Year

New data exposes the reality of ransomware attacks today, including their frequency, impact, ransom payment – and the involvement of human error. It’s readily evident that ransomware is only growing as a threat. But a new infographic from ERP Cybersecurity vendor Onapsis covering the state of ransomware provides some context on just how critical the threat is right now: The most shocking stat is that in 81% of attacks, human error was involved in the successful execution of the ransomware.

Threat Actors Abuse Microsoft Sway to Launch QR Code Phishing Attacks

Researchers at Netskope last month observed a 2000-fold increase in traffic to phishing pages delivered through Microsoft Sway. The phishing attacks are targeting organizations in the technology, manufacturing, and finance sectors in Asia and North America. Most of these attacks involved QR code phishing (quishing) to trick victims into visiting the malicious sites.

Fewer, High-Profile Ransomware Attacks Are Yielding Higher Ransoms

Analysis of cryptocurrency payments made on the blockchain highlights shifts in the size and frequency of ransomware attacks and may paint a bleak picture for the remainder of the year. Each quarter, blockchain analysis company, Chainalysis, analyzes cybercriminal activity from the perspective of blockchain use to facilitate payments, crypto theft, etc.

Phishing Attacks Are Increasingly Targeting Social Media and Smartphone Users

Threat actors are increasingly tailoring their attacks to target social media apps and smartphone users, according to a new report from the Anti-Phishing Working Group (APWG). As email security technologies improve, scammers are turning to social media apps, text messages, and voice calls to conduct social engineering attacks.

Email Compromise Remains Top Threat Incident Type for the Third Quarter in a Row

New analysis of Q2 threats shows a consistent pattern of behavior on the part of threat actors and threat groups, providing organizations with a clear path to protect themselves. It’s every cybersecurity professionals’ worry; whether the security controls they’ve put in place will actually stop attacks.

More Carrots and Fewer Sticks

As I sit in the 2024 Seattle Convene conference this week and listen to speaker after speaker talk about their successful security awareness training programs, one thing is perfectly clear. They all prefer carrots and fewer sticks. A question human risk managers frequently ask me is what role negative consequences should play in a successful security awareness training program?

Ransomware Recovery Costs Have Doubled for State and Local Governments

Thirty-four percent of state and local government entities were hit by ransomware in 2024, a new report from Sophos has found. While this is a decrease compared to the attack rate in 2023, the mean cost of recovery for these entities has more than doubled to $2.83 million. Seventy-two percent of ransom demands made to state and local government organizations in 2024 were for $1 million or more, with 37% of demands for $5 million or more.

The Number of Email-Based Cyber Attacks Detected Surge 239% in 1H 2024

New data shows the most prevalent and obvious path into an organization – email – continues to be exploited by a growing number of cybercriminals. Email is one of those technologies that doesn’t seem willing to be replaced by collaborative tools that connect individuals and organizations – in many cases – in far more productive ways. And because of this, cybercriminals continue to leverage email to gain access to users.

Deceptive AI: A New Wave of Cyber Threats

As artificial intelligence (AI) technology advances, its influence on social media has become more and more pervasive and riddled with challenges. In particular, the ability for humans to discern genuine content from AI-generated material. Our recent survey conducted with OnePoll on over 2,000 UK workers found that a substantial portion of social media users are struggling to navigate this new digital frontier.

Threat Actors Abuse URL Rewriting to Mask Phishing Links

Threat actors are abusing a technique called “URL rewriting” to hide their phishing links from security filters, according to researchers at Perception Point. Security tools from major vendors use URL rewriting to prevent phishing attacks, but the same technique can be abused to trick these tools into thinking a malicious link is legitimate.

Cybersecurity in 2024: Reflecting on the Past, Preparing for the Future

As Europe is returning from summer breaks, it is time to reflect on the first half of 2024 and look forward to the rest of the year. Ransomware attacks on hospitals, blue screens across the world crippling airline operations and other industries, deepfakes to sway opinion and possibly elections, deepfake social engineering tactics to extort significant amounts of money - so far the year has kept cybersecurity professionals busy.

Is Disabling Clickable URL Links Enough?

Recently, we had a customer reach out to ask if disabling clickable uniform resource locator (URL) links in emails was enough protection by itself to potentially not need employee security awareness training and simulated phishing. We can understand why this misperception might exist. Many anti-phishing educational lessons discuss the need for people to evaluate all URL links before clicking on them.

Ransomware Group Known as 'Royal' Rebrands as BlackSuit and Is Leveraging New Attack Methods

The ransomware threat group formerly known as "Royal" has rebranded itself as BlackSuit and updated their attack methods, warns the FBI. The latest advisory from the FBI on ransomware threat group BlackSuit, is actually an updated 18-month-old advisory originally released to warn organizations about the threat group Royal. It appears that the group has rebranded, according to the advisory, and has updated their methods of attack.

The Long Road to Recovery Following a Ransomware Attack

When it comes to the duration of a ransomware attack and the subsequent recovery process, the numbers are staggering and vary wildly. Partly because there’s no single source which compiles all the information in a consistent manner. On average, a cyber attack can last anywhere from a few days to several weeks, with the recovery time often extending to months or even years.

Latest Phishing Scam Uses Cross-Site Scripting Attack to Harvest Personal Details

Cross-Site Scripting (XSS) is alive and well, and used in attacks to obfuscate malicious links in phishing emails to redirect users to threat-actor controlled websites. We saw earlier this year that phishing attacks leveraging XSS were on the rise. Now, new scams are using XSS to hide their malicious intent within emails, according to new analysis from cybersecurity vendor INKY. These attacks usually begin with an email stating the victim has won something, as shown below: Source: INKY.

Ransomware Payments Decline While Data Exfiltration Payments Are On The Rise

The latest data from Coveware shows a slowing of attack efficacy, a decrease in ransom payments being made, and a shift in initial access tactics. According to Coveware’s Q2 2024 Ransomware Quarterly Report, we see a few interesting trends: A new data point brought to light this quarter is the data exfiltration only (DXF) payment trend, which is relatively flat despite fluctuating between 53% in Q1 of 2022 when tracking began, down to a low of 23% in Q1 of this year.

File-Sharing Phishing Attacks Increased by 350% Over the Past Year

File-sharing phishing attacks have skyrocketed over the past year, according to a new report from Abnormal Security. “In file-sharing phishing attacks, threat actors exploit popular platforms and plausible pretexts to impersonate trusted contacts and trick employees into disclosing private information or installing malware,” the report says.

Chameleon Malware Poses as CRM App

Researchers at ThreatFabric warn that a phishing campaign is distributing the Chameleon Android malware by impersonating a Customer Relationship Management (CRM) app. The campaign is currently targeting users in Canada and Europe, but may expand to other regions. “The naming used for the dropper and the payloads clearly shows that the intended victims of the campaign are hospitality workers and potentially B2C business employees in general,” ThreatFabric says.

Attackers Abuse Google Drawings to Host Phishing Pages

Researchers at Menlo Security warn that a phishing campaign is exploiting Google Drawings to evade security filters. The phishing emails inform the user that their Amazon account has been suspended, instructing them to click on a link in order to update their information and reactivate their account. The phishing page is crafted with Google Drawings, which makes it more likely to fool humans while evading detection by security technologies.

Reflecting on KnowBe4's 5th Consecutive TrustRadius Tech Cares Award

For the fifth year in a row, we've been honored with the TrustRadius Tech Cares Award! This recognition is a testament to our unwavering commitment to corporate social responsibility (CSR) and the incredible efforts of our team. What makes this recognition so special is that it celebrates companies that go above and beyond in their CSR programs. At KnowBe4, we've always believed that our responsibility extends far beyond our products and services.

Not Just Us: North Korean Remote IT Fraudster Arrested in Tennessee

Just when we thought we had something special with our very own North Korean hacker, it turns out this type of fraud has made it to the Volunteer State. A recent arrest in Nashville, Tennessee is just another example of this global tactic finding its way into U.S. organizations. Fortunately, the authorities caught up with this one. According to the tech news site Cyberscoop, authorities arrested a 38-year-old man for allegedly getting himself hired by U.S. and British companies under false identities.

SEC Report Provides Insight into Key Tronic Ransomware Costs Totaling Over $17 Million

The financial repercussions of the May 2024 ransomware attack on the electronics manufacturing services firm Key Tronic underscores just how costly these attacks are. Key Tronic makes parts for a number of sectors, including computer, telecom, medical, industrial, automotive and aerospace. They were struck in May with a ransomware attack by Black Basta, which claimed to have stolen 500 GB of data.

"Pastejacking" Attacks Are Becoming a Thing (Because Users are Falling for Them)

New analysis shows users can be convinced to copy and paste malicious code on behalf of the attacker. I first saw this kind of attack earlier this month – where the user is asked to launch the Run dialog box and paste in a malicious command. I never thought I'd see something similar again, but I was wrong.

62% of Phishing Emails Bypassed DMARC Checks in 1H of 2024

A report from Darktrace has found that 62% of phishing emails in the first half of 2024 were able to bypass DMARC verification checks in order to reach users’ inboxes. “Building on the insights from the 2023 End of Year Threat Report, an analysis of malicious emails detected by Darktrace / EMAIL in 2024 underscores the implication that email threats are increasingly capable of circumventing conventional email security tools,” the report says.

New Malvertising Campaign Impersonates Google Authenticator

Researchers at Malwarebytes spotted a malvertising campaign that abused Google Ads to target people searching for Google Authenticator. If someone typed “Google Authenticator” into Google, the malicious ad would be at the top of the search results. The ad copied the website description from the real Google Authenticator, but would redirect users to a phishing site. “We can follow what happens when you click on the ad by monitoring web traffic,” the researchers explain.

AI Tools Have Increased the Sophistication of Social Engineering Attacks

The Cyber Security Agency of Singapore (CSA) has warned that threat actors are increasingly using AI to enhance phishing and other social engineering attacks, Channel News Asia reports. The CSA’s report found that cybercriminals are selling tools that automate these attacks, allowing unskilled threat actors to launch sophisticated attacks.

Brand Impersonation of Microsoft Increases 50% in One Quarter

The use of the Microsoft brand in phishing attacks demonstrates both its widespread credibility as well as the continued success of attacks leveraging it. Each quarter, security vendor Check Point builds its’ Brand Phishing Ranking, identifying the top ten impersonated brands used in phishing attacks. And, while we’ve seen Microsoft at the top of this quite a few times before in their previous rankings, it’s the growth we see in their latest report covering Q2.

Creating a Big Security Culture With a Tiny Button

When it comes to creating a strong cybersecurity culture, one of the most powerful tools we have at our disposal is the Phish Alert Button (PAB). This unassuming little add-in for your email client can make all the difference between falling victim to a malicious email and stopping a potential cyber attack in its tracks. And yet, many employees hesitate to use it, fearing the embarrassment of being wrong. I've been there myself.

New Research: Smaller Companies Receiving Higher Rates Of Phishing Emails

Researchers at Barracuda have found that smaller companies tend to receive a higher rate of phishing attacks spread across the organization, according to a report looking at the phishing attack surfaces of companies of different sizes. This is likely due to the smaller number of potential targets and the higher level of access possessed by each employee.

Global Cyber Attacks See Highest Increases in the Last Two Years

New analysis of Q2 2024 cyber attacks shows the number of attacks experienced weekly by organizations globally is on the rise. Each quarter, Check Point Research puts out a quarterly report covering what cyber attack activity they’re seeing globally. Their latest report covering Q2 of 2024 highlights an unexpected rise in overall attack numbers.

Phishing Attacks Continue to Leverage URL Shorteners to Obfuscate Malicious Links

Analysis of current phishing attacks by security researchers have uncovered an increase in the use of trusted shortlink services. To be successful, phishing scammers need to establish legitimacy as much and as early as possible. Brand impersonation within an email has long been one method, but to establish legitimacy to security solutions, scammers have had to do more than just have a look-alike domain.

KnowBe4 Named a Leader in the Summer 2024 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) Software

We are excited to announce that KnowBe4 has been named a leader in the Summer 2024 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) for the PhishER platform for the 13th consecutive quarter! The latest G2 Grid Report compares Security Orchestration, Automation, and Response (SOAR) Software vendors based on user reviews, customer satisfaction, popularity and market presence. Based on 305 G2 customer reviews, KnowBe4’s PhishER platform is the top ranked SOAR software.