Researchers at ESET describe various types of scams launched by users of Telekopye, a telegram bot that assists in crafting social engineering attacks. The scammers call their victims “mammoths,” so ESET has dubbed the scammers “Neanderthals.” The first type of scam is simply financial data theft via phishing sites.
New data sheds light on just how active the Initial Access Broker (IAB) business is, and the growth uncovered doesn’t bode well for potential victim organizations. There’s plenty of fodder in tech news about the use of IABs and their role in cyber attacks. But rarely do we get to see a more comprehensive analysis of just how much growth in both the number of brokers and posts of credentials for sale.
Another day, another warning about holiday scams! Lookout Inc., a data-centric cloud security company, is warning employees and businesses that phishing attacks are expected to more than double this week, based on historical data. With more corporate data residing in the cloud and a massive amount of employees still working remotely, mobile has become the endpoint of choice for the modern workforce.
The latest report from UK Finance paints a mixed picture of financial fraud in the United Kingdom, with losses exceeding £500 million in the first half of the year. However, amidst these concerning figures, there is a glimmer of hope as cyber fraud rates have shown a slight 2% decrease from the previous year.
Clark County School District in Nevada, the fifth-largest school district in the United States, recently experienced a massive data breach. Threat actors gained access to the school district’s email servers, which exposed the sensitive data of over 200,000 students. The district is now facing a class-action lawsuit from parents, alleging it failed to protect sensitive personal information and take steps to prevent the cybersecurity attack.
Today’s adversaries increasingly use compromised credentials to breach target environments, move laterally and cause damage. When attackers are logging in — not breaking in — legacy endpoint security offers little help in detecting and stopping breaches. Exacerbating the problem is an expanding attack surface, largely due to the growth of remote work and evolving supply chains.