Numerous state-sponsored threat actors frequently launched spear phishing attacks against European Union entities last year, according to a new report from the EU’s Emergency Response Team (CERT-EU). “In 2023, spear phishing remained the predominant initial access method for state-sponsored and cybercrime groups seeking to infiltrate target networks,” the report says.

New data on how organizations are able to respond to ransomware attacks also shows that paying a ransom is highly likely, despite having a policy of “Do Not Pay.” New research from security vendor Cohesity says organizations are overconfident in their ability to recover from a ransomware attack. According to the data: And even if you do have an outstanding recovery plan, when’s the last time you tested it?

Cybercriminals are taking advantage of the messaging platform Telegram by creating channels and groups where learning and commerce all can take place freely. We’ve long known the dark web to be the back shadowed corner of the Internet where cybercriminals go to do business. But we’ve seen more examples of marketplaces frequented by threat actors shifting to the open web. One of the latest is the continued misuse of messaging platform Telegram.

Recently, Apple launched its Apple Vision Pro to much fanfare and has pushed the discussion of Augmented Reality (AR) beyond the realms of gaming and entertainment. From healthcare innovations to retail experiences and manufacturing enhancements, AR has the potential to reshape operational frameworks and redefine user interactions. Yet, as we pivot towards exploring the symbiotic relationship between AR and cybersecurity, we're opening Pandora's box to a new dimension of cyber threats.

New data summarizing the compromises of data in 2023 provides key details on who’s being targeted, what types of data is being compromised, and what attack vectors are being used. I’ve covered reports from the Identity Theft Resource Center (ITRC) – their coverage of attacks over the years has grown to include much more than identity theft.

A phishing campaign is attempting to trick users into downloading remote monitoring and management (RMM) software like AnyDesk, Atera, and Splashtop, according to researchers at Malwarebytes. While these tools are legitimate, they can be exploited by threat actors to carry out many of the same functions as malware. These tools may also be less likely to be flagged as malicious by antivirus software.

As the popularity of SaaS apps continues to grow, security analysts expect the misuse of such apps as the host for malware downloads to continue to rise through 2024. I’ve provided plenty of examples on this blog of threat actors using cloud-based SaaS applications to host impersonated websites and malicious downloads. The credibility of such sites aids the cybercriminal, as traffic to and from reputable sites have a tendency to get past security solutions.

Researchers at Volexity warn that the suspected Iranian threat actor CharmingCypress (also known as “Charming Kitten” or “APT42”) has been launching spear phishing attacks against Middle Eastern policy experts. “Throughout 2023, Volexity observed a wide range of spear-phishing activity conducted by CharmingCypress,” the researchers write.

The UK's National Cyber Security Centre (NCSC), recently shared its findings on how AI might reshape the cyber landscape. In two separate posts, the NCSC is warning that the global ransomware threat is expected to rise with AI. It appears that while AI beckons with one hand, it wields a knife in the other. On one side, we have AI's potential to supercharge economic growth, scientific breakthroughs, and societal benefits. On the flip side lurks the specter of security risks posed by AI's misuse.

Analysis of this newly-spotted service makes it clear that the newest entrant into the Ransomware-as-a-Service (RaaS) space has taken note of where predecessors are lacking and launched a better product. Given the financial and operational disruption ransomware has caused since last year, any headline about a new RaaS will surely lead to anxiety and grimace for IT and security professionals.