Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks

7 ways to defend against a credential stuffing attack

This blog was written by an independent guest blogger. Credential stuffing attacks essentially doubled in number between 2020 and 2021. As reported by Help Net Security, researchers detected 2,831,028,247 credential stuffing attacks between October 2020 and September 2021—growth of 98% over the previous year. Of the sectors that did experience credential stuffing during that period, gaming, digital and social media, as well as financial services experienced the greatest volume of attacks.

The Security Community Needs to Take a Long, Hard Look in the Mirror

The security community took a step backward last week in our ability to deal with the crisis involving Okta. Instead of exercising well-thought-out and practiced contingency plans to objectively assess risk, many individuals took a trolling posture on social media. The reaction was neither professional nor conducive to our mission as defenders against threat actors seeking to do us harm.

How to Get Security Peace of Mind Against Advanced Email Threats

The dangers of email security are often understated. One successful email attack can lead to malware injection, system compromise, impersonation, espionage, ransomware and more. After all, phishing remains the top attack vector used by hackers. The FBI reported phishing scams were extremely prominent, with 323,972 complaints being made in the U.S. in 2021, compared to 241,342 the previous year. Adjusted losses resulting from these attacks is more than $44 million, a $10 million decrease from 2020.

Five Steps to Protect Your Organization against Phishing Attacks

The rise in cybercrime has accelerated 600% over the last three years, and shows no signs of slowing down. Even though the pandemic accelerated online services, data, and particularly vulnerable home networks, the truth is that cybercriminals are caught only 0.03 percent of the time. That rate, combined with the fact that the average cost of a data breach stands at $3.86 million makes for an attractive calculation for cybercriminals.

Mind your Single Sign-On (SSO) logs

The news that hacking group Lapsus$ gained unauthorized access to Single Sign-On (SSO) provider Okta through a third-party support account sent chills through information security professionals everywhere. Organizations have adopted SSO identity providers to enable a modern workforce that is increasingly reliant on secure access to cloud-hosted applications to perform critical business functions.

Cyber Attackers Leverage Russia-Ukraine Conflict in Multiple Spam Campaigns

The Trustwave SpiderLabs email security team has been monitoring the ongoing Russia-Ukraine crisis to ensure that our clients are protected and aware of any imminent threats. This research blog captures some of the phishing email threats we have discovered. Whenever there is a global event, threat actors are sure to take advantage of the situation. As the war between Russia and Ukraine continues, cybercriminals are pumping out spam emails that use the crisis as a lure.