Since March 2nd, 2023, intelligence from the Egress Intelligent Email Security platform shows Emotet malware being used within Microsoft OneNote attachments, as cybercriminals evolve their attacks in attempts to avoid detection. Emotet is sophisticated malware primarily used for stealing sensitive information, such as credentials, from the machines it infects.
In business, we measure everything. Like the saying goes, “What gets measured gets done,” and most companies pay close attention to KPIs like qualified leads, new pipeline, net customer retention and fraction of roadmap completed on time. But if you were asked, “Are you meeting all your trust obligations with your employees, customers, board members, and the government?”, how would you answer?
In recent years, cybercrime has evolved to become more sophisticated than ever before. One of the up and coming methods used by criminals is vishing (voice phishing). This is where an attacker phones up a victim to simulate a trusted source such as a bank to phish for sensitive information. No one is immune from a vishing attack, even the Social Security Administration.
A report from Palo Alto Networks’ Unit 42 found that data theft extortion occurred in 70% of ransomware attacks in 2022, compared to 40% in 2021. The researchers examined the four most common methods of cyber extortion (encryption, data theft, harassment, and DDoS attacks) noting that threat actors often combine these tactics within a single attack campaign.
The details in this thwarted VEC attack demonstrate how the use of just a few key details can both establish credibility and indicate the entire thing is a scam. It’s not every day you hear about a purely social engineering-based scam taking place that is looking to run away with tens of millions of dollars. But, according to security researchers at Abnormal Security, cybercriminals are becoming brazen and are taking their shots at very large prizes.
Recently, we discussed the most effective cybersecurity frameworks to reduce the risk of cyber threats. One of the most important systems is the Federal Information Security Management Act (FISMA). This act applies to certain organizations, and is imperative to help protect them against data breaches. Let’s take a look at four things to know about FISMA, from what it is to how to monitor FISMA compliance.
