Attackers predominantly use phishing attacks to steal and misuse user identities. A global Statista study on employee-reported malicious emails revealed that in the first quarter of 2023, 58.2% of malicious emails were credential theft attacks, 40.5% were impersonation attacks, and 1.3% were malware deliveries. Phishing attacks create a sense of urgency and panic in users, who, as a result, easily fall victim to them.

Global optics manufacturer Hoya had business operations at its headquarters and several business divisions impacted and is now facing a “No Negotiation / No Discount Policy” $10 million ransom decision to make.

A new survey of physicians details the devastating impact of the Change Healthcare cyber attack on the healthcare sector. In February, a cyber attack on Change Healthcare brought much of the U.S. healthcare system to a halt. The revenue and payment cycle management provider is central to connecting payers, providers and patients within the U.S. healthcare system to ensure payments are made.

April 16, 2024: UnitedHealth Group, parent of Change Healthcare, reported on April 16, 2024 in its Q1 results a negative impact of $872 million “in unfavorable cyberattack effects” due to cyberattack direct response costs and the business disruption impacts. The company anticipates additional costs associated with the attack.

Recently a large service provider in Eastern Europe contacted the A10 threat research team for insight into a series of DDoS attacks against its network. While the attacks were not service impacting, the frequency and persistence of the attacks raised internal concerns that the attacks might mask a more malicious intent: could this be a state actor planting malware or testing their defenses for a larger attack against critical infrastructure?

Welcome to the 17th edition of Cloudflare’s DDoS threat report. This edition covers the DDoS threat landscape along with key findings as observed from the Cloudflare network during the first quarter of 2024.

With DDoS attacks on the rise—surpassing 4.25 billion in 2023—the right protection is crucial. Costly downtime—$6,130/minute—underscores the urgency. These attacks are getting more sophisticated, especially those that target the application layer. They’re hard to spot because they look like normal traffic and can seriously mess up a company’s operations and finances.

In a new report, Cisco says the cyber readiness of organizations is lacking despite having experienced multiple cyber attacks within the last year. The maturity of an organization’s state of cyber readiness may very well dictate the outcome of an attack; it’s one thing to have a bunch of solutions in place, and it’s completely another to have the right solutions, policies, practices, and plans in place to address cyber risks.

Brute force attacks are one of the most common methods used by cybercriminals to steal credentials from organizations. To prevent brute force attacks, organizations need to enforce the use of strong and unique passwords, invest in a business password manager, require employees to enable MFA, monitor and limit login attempts, implement passwordless authentication and delete inactive accounts.