According to IBM X-Force’s latest Threat Intelligence Index, 30% of all cyber incidents in 2023 involved abuse of valid credentials. X-Force’s report stated that abuse of valid credentials exceeded phishing as a top threat for the first time. I love IBM, but they are mixing up root causes and outcomes of root causes. What I mean is that you have to ask yourself how the credentials were stolen in the first place. Were they stolen from the user or a website? Were they guessed at?

New analysis of a phishing campaign shows how cybercriminals use brand impersonation of the platforms they need to compromise accounts and takeover legitimate services. Every day there seems to be a new term for yet another creative attack technique. The latest is phishception (a play on words from the movie Inception) coined by security analysts at cybersecurity company Netcraft.

I have been working in cybersecurity for a long time, since 1987, over 35 years. And, surprisingly to many readers/observers, I often say I have not seen anything new in the hacker/malware space since I began. The same threats that were a problem then are the same problems now. Social engineering and unpatched software (and firmware) have long been the two biggest initial root causes for hacking…for decades.

For the first time, analysis of ransomware payments made in a single year tops $1,000,000,000. This signals a massive return to more frequent, sophisticated, and successful attacks. Each year, blockchain analysis company, Chainalysis, reports on ransomware payments based on the payments made to digital wallets known to belong to cybercriminals and cybercriminal gangs.

Emails are still the most common delivery method for malicious files, according to Check Point’s Cyber Security Report for 2024. “Email-based attacks continue to be the dominant initial infection vector,” the report says.

Attacks targeting Swiss residents increased 10% last year, according to newly-released data that shows a growth in not just phishing attacks, but brand impersonation at purely a national level. The Swiss Federation’s National Cyber Security Centre (NCSC) hosts a phishing site reporting tool where individuals and businesses can report suspicious websites and emails. They analyze and track reports, consolidating their findings annually into their Anti-Phishing Report.

A single account being phished caused millions of French healthcare policyholder records to be breached. I’ve said it before… it only takes one phish. And in the case of French payment processor, Malakoff Humanis, a single click enabled a cyber attack was the catalyst for a data breach that occurred earlier this month, according to their post on LinkedIn (press See Translation for a localized version of the post).

Thirty percent of all cyber incidents in 2023 involved abuse of valid credentials, according to IBM X-Force’s latest Threat Intelligence Index. This represents a seventy-one percent increase compared to 2022. “One of the top initial access vectors in 2023—jumping from third to first place— was the abuse of valid accounts identified in 30% of the observed incidents X-Force responded to,” the researchers write.

Venturebeat had the scoop on a fresh Group-IB report. They discovered the first banking trojan that steals people’s faces. Unsuspecting users are tricked into giving up personal IDs and phone numbers and are prompted to perform face scans. These images are then swapped out with AI-generated deepfakes that can easily bypass security checkpoints.

Researchers at VIPRE Security observed a 276% increase in malware delivered by phishing between Q1 and Q4 of 2023. “Last year, our YARA rules caught between one and two million generic malware instances each quarter, with a nearly 20% jump in Q4,” VIPRE’s report says.

I recently read an article about a bright, sophisticated woman who fell victim to an unbelievable scam. By unbelievable, I mean most people reading or hearing about it could not believe it was successful. A group posing as an Amazon employee and various U.S. law enforcement agencies were able to convince a woman to take $50,000 out of her bank account in cash and hand it off to a complete stranger in the streets. It is a wild story and most of us would not be tricked into doing what happened to her.

A widespread malvertising campaign is attempting to trick users into paying phony utility bills, according to researchers at Malwarebytes. “We discovered a prolific campaign of fraudulent ads shown to users via Google searches,” the researchers write. “To give an idea of scale, the number of ads we found exceeds what we have found in previous malvertising cases....The scam begins when a user searches for keywords related to their energy bill.

With the idea in mind to “audio-jack” a live call-based banking transaction, security researchers were successful in inserting cybercriminal-controlled account details. Deepfake audio is nothing new… but it is getting very advanced. So much so, that security researchers at IBM Threat Intelligence were able to test out a hypothesis as to whether it’s possible to perform an audio-based “Man in the Middle” attack.

In the rapidly evolving landscape of artificial intelligence (AI), the launch of Sora by OpenAI marks an unnerving milestone in video synthesis. The unveiling of such revolutionary technology is simultaneously exciting and raises red flags to the broader implications of AI's role in digital content creation and cybersecurity. The potential of Sora to generate up to one-minute video clips from mere text input is staggering.

Numerous state-sponsored threat actors frequently launched spear phishing attacks against European Union entities last year, according to a new report from the EU’s Emergency Response Team (CERT-EU). “In 2023, spear phishing remained the predominant initial access method for state-sponsored and cybercrime groups seeking to infiltrate target networks,” the report says.

New data on how organizations are able to respond to ransomware attacks also shows that paying a ransom is highly likely, despite having a policy of “Do Not Pay.” New research from security vendor Cohesity says organizations are overconfident in their ability to recover from a ransomware attack. According to the data: And even if you do have an outstanding recovery plan, when’s the last time you tested it?

Cybercriminals are taking advantage of the messaging platform Telegram by creating channels and groups where learning and commerce all can take place freely. We’ve long known the dark web to be the back shadowed corner of the Internet where cybercriminals go to do business. But we’ve seen more examples of marketplaces frequented by threat actors shifting to the open web. One of the latest is the continued misuse of messaging platform Telegram.

Recently, Apple launched its Apple Vision Pro to much fanfare and has pushed the discussion of Augmented Reality (AR) beyond the realms of gaming and entertainment. From healthcare innovations to retail experiences and manufacturing enhancements, AR has the potential to reshape operational frameworks and redefine user interactions. Yet, as we pivot towards exploring the symbiotic relationship between AR and cybersecurity, we're opening Pandora's box to a new dimension of cyber threats.

New data summarizing the compromises of data in 2023 provides key details on who’s being targeted, what types of data is being compromised, and what attack vectors are being used. I’ve covered reports from the Identity Theft Resource Center (ITRC) – their coverage of attacks over the years has grown to include much more than identity theft.

A phishing campaign is attempting to trick users into downloading remote monitoring and management (RMM) software like AnyDesk, Atera, and Splashtop, according to researchers at Malwarebytes. While these tools are legitimate, they can be exploited by threat actors to carry out many of the same functions as malware. These tools may also be less likely to be flagged as malicious by antivirus software.

As the popularity of SaaS apps continues to grow, security analysts expect the misuse of such apps as the host for malware downloads to continue to rise through 2024. I’ve provided plenty of examples on this blog of threat actors using cloud-based SaaS applications to host impersonated websites and malicious downloads. The credibility of such sites aids the cybercriminal, as traffic to and from reputable sites have a tendency to get past security solutions.

Researchers at Volexity warn that the suspected Iranian threat actor CharmingCypress (also known as “Charming Kitten” or “APT42”) has been launching spear phishing attacks against Middle Eastern policy experts. “Throughout 2023, Volexity observed a wide range of spear-phishing activity conducted by CharmingCypress,” the researchers write.

The UK's National Cyber Security Centre (NCSC), recently shared its findings on how AI might reshape the cyber landscape. In two separate posts, the NCSC is warning that the global ransomware threat is expected to rise with AI. It appears that while AI beckons with one hand, it wields a knife in the other. On one side, we have AI's potential to supercharge economic growth, scientific breakthroughs, and societal benefits. On the flip side lurks the specter of security risks posed by AI's misuse.

Analysis of this newly-spotted service makes it clear that the newest entrant into the Ransomware-as-a-Service (RaaS) space has taken note of where predecessors are lacking and launched a better product. Given the financial and operational disruption ransomware has caused since last year, any headline about a new RaaS will surely lead to anxiety and grimace for IT and security professionals.

Valentine's Day. A time where love is in the air, florists work overtime, and restaurant tables are as scarce as a truthful politician. But as we're busy swiping right in hopes of finding that special someone, cybercriminals are swiping left...on your security. Heartbreak hits differently when it's your bank account that's been ghosted.

The US Federal Trade Commission (FTC) has disclosed that people in the United States lost a record $10 billion to fraud in 2023, a 14% increase from 2022. Nearly half of the losses were due to investment scams. “Consumers reported losing more money to investment scams—more than $4.6 billion—than any other category in 2023. That amount represents a 21% increase over 2022,” the FTC says.

New data sheds light on what kinds of cyber attacks are targeting your cybersecurity team, what it’s costing them, why it’s taking so much time to fix, and where you should focus resources. Barracuda’s Cybernomics 101 report provides a lot of insight into the current economics of cyber attacks. According to the report: The average largest ransom any organization paid is $1.38 million, with an average cost of $5.34 million to respond to compromises!

A new report shows massive increases in browser attacks in the second half of 2023, with over 31,000 threats specifically designed to bypass security solution detection. I spend a lot of time on this blog talking about phishing, social engineering, smishing, deepfakes and more – all topics centered around attack techniques designed to interact and fool a user.

Organizations are finally dialing in on where they need to focus their cybersecurity strategies, starting with phishing. But the top four cited security risks all have one element in common. Organizations today realize that maintaining operational resilience is a matter of measuring and addressing risk. According to the 2024 Fortra State of Cybersecurity Survey Results Guide there is a distinct cybersecurity risk that stands out among its peers.

Cybercriminals increasingly used malvertising to gain initial access to victims’ networks in 2023, according to Malwarebytes’s latest State of Malware report. The researchers note that the Royal ransomware group has been using phony ads for TeamViewer to deliver malware as a precursor to its ransomware attacks.

Growing cybersecurity threats, especially ransomware attacks, and the Securities and Exchange Commission’s (SEC) recent rules have made having a cybersecurity-aware Board of Directors (BOD) a critical business requirement.

In a revelation that adds yet another chapter to the ongoing saga of international cybersecurity threats, the Dutch Ministry of Defense recently shed light on a significant security breach. Reports that state-sponsored Chinese hackers have infiltrated the internal computer network the ministry uses were confirmed.

Criminal threat actors are increasingly utilizing generative AI tools like ChatGPT to launch social engineering attacks, according to researchers at Check Point. “Malicious spam is one of the oldest illicit services found on underground cybercrime forums,” the researchers write. “Spam is the most common initial vector for various attack scenario objectives such as phishing and credential harvesting, malware distribution, scams/fraud, etc.

Organizations are increasingly facing cyber attacks resulting in data breaches, and part of their post-incident responsibilities includes adhering to mandatory reporting requirements. Notably, the infamous BlackCat ransomware group has been exploiting these requirements for their benefit. They apply pressure on victims by threatening to inform the Securities and Exchange Commission (SEC) about the company's supposed failure to report significant data breaches.

Check out this one line for a moment...“duped into attending a video call with what he thought were several other members of staff, but all of whom were in fact deepfake recreations.” In a worrying display of social engineering sophistication, a multinational company was defrauded of $25 million through an intricately planned deepfake scam.

A new scam relies on a victim's sense of curiosity, brand impersonation, and the hopes of a new login to compromise Facebook credentials. We’ve all seen one of those posts on social media about some actor, musician or famous person that has passed away. Feeling a sense of sadness and wanting to know more details, these posts garner a lot of attention.

A phishing-as-a-service platform called “Greatness” is facilitating phishing attacks against Microsoft 365 accounts, according to researchers at Sucuri. “Greatness operates as a Phishing as a Service (PhaaS) platform, providing a number of features and components for bad actors to conduct their phishing attacks against Microsoft 365 accounts,” the researchers write. “URLScan results show thousands of affected pages related to this kit.

Analysis of 2023 attacks shows how the financial services industry had a very bad year, with increases in both vendor email compromise (VEC) and business email compromise (BEC) attacks, targeting millions of dollars using very specific methods. There’s no industry that has more money than the one dealing in it. So, it shouldn’t come as a surprise that attacks on the financial services industry continue at an increasing rate.

New data from cyber insurance underwriters shows what they think the biggest threats will be in 2024 and what organizations should do about it. Because insurance underwriters analyse lots of risk data to make decisions about insurance premiums and policies, it makes sense to hear their perspective on 2024’s outlook will be. According to insurer Woodruff Sawyer’s Cyber Looking Ahead Guide 2024, there’s some good news and some bad news.

Attackers are abusing Microsoft Teams to send phishing messages, according to researchers at AT&T Cybersecurity. “While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector,” the researchers write.