New insight into ransomware attacks show that cyber attacks are a top concern for organizations – with many not aware they were a victim until after the attack. According to Arctic Wolf’s The State of Cybersecurity: 2024 Trends Report, 91% of reported ransomware attacks included a data exfiltration effort. This is far more than the sub-80% numbers we’ve seen from the Coveware quarterly reports we cover.

Security awareness training (SAT) and simulated phishing works to significantly reduce cybersecurity risk. We have the data, customer testimonials and government recommendations to prove it. Social engineering, especially as enabled by email, text messages, the web and phone calls, is involved in the vast majority of cybersecurity attacks. No other root initial access hacking method comes close.

The China-aligned threat actor “Sharp Dragon” is launching spear phishing attacks against government entities in African and Caribbean countries, according to researchers at Check Point. “In recent months, we have observed a significant shift in Sharp Dragon’s activities and lures, now targeting governmental organizations in Africa and the Caribbean,” the researchers write.

We are big fans of the U.S. Cybersecurity Infrastructure Security Agency (CISA), whose informal slogan of “An organization so committed to security that it’s in our name twice” is a source of pride. CISA is a non-regulatory government agency dedicated to protecting U.S. and global infrastructure and organizations against malicious hackers and their malware (and other types of threats).

Fluctuations in consecutive quarterly reports demonstrates that organizations should be worried that their cyber defenses may not be strong enough to stop phishing attacks. I wrote an article back in April of last year about how 1 in 8 emails make it to a user’s Inbox. That number has remained relatively consistent — so much that even the Threat Insights Report for Q1 2024 from HP Wolf Security shows that stat is still accurate. But then there’s the Threat Insights Report for Q4 2023.

Working to ensure all communities within the United States are educated and prepared, the Cybersecurity and Infrastructure Security Agency (CISA) has released a set of tools, services and assistance to level the playing field. It’s no secret that any part of society that is less prepared for a cyber attack has less of a chance to defend itself — which potentially puts all of us at risk. So, CISA began placing some of their focus on high-risk communities within the United States.

Several phishing campaigns are targeting users of the Foxit PDF Reader, according to researchers at Check Point. Foxit is a popular alternative to Adobe Acrobat Reader for viewing PDF files. “Check Point Research has identified an unusual pattern of behavior involving PDF exploitation, mainly targeting users of Foxit Reader,” the researchers write. “This exploit triggers security warnings that could deceive unsuspecting users into executing harmful commands.

Companies have needed a website for the last 25 years at least. But where do you host your site? The techies at HostingAdvice decided to create an extremely thorough real-world review site to share their expertise. And clearly, your organization's website is an attack vector and so cybersecurity has become critical.

Analysis of malicious large language model (LLM) offerings on the dark web uncovers wide variation in service quality, methodology and value – with some being downright scams. We’ve seen the use of this technology grow to the point where an expansion of the cybercrime economy occurred to include GenAI-based services like FraudGPT and PoisonGPT, with many others joining their ranks.

The UK’s National Cyber Security Centre (NCSC) has issued guidance to help medium-sized organizations defend themselves against business email compromise (BEC) attacks, especially those targeting senior staff members. The NCSC says employees should be cautious about the type of personal information they post on the internet, since criminals can use this knowledge to make their attacks more convincing.

Researchers at IBM X-Force are tracking several large phishing campaigns spreading an updated version of the Grandoreiro banking trojan. The criminal malware operation was disrupted by law enforcement in January 2024 but resurfaced in March with an expanded set of targets. The new version of the malware is targeting more than 1,500 banks in over sixty countries.

New data covering cyber insurance claims through 2023 shows claims have increased while reaffirming what we already know: phishing and social engineering are the real problem. If you’ve read enough of my articles here, you already know my view is a bit skewed towards the need for organizations to be aware of the true dangers of email-based cyber attacks.

Analysis of over 3.5 billion attacks provides insight into where threat actors are placing their efforts and where you should focus your cyber defenses. It’s said you can predict the outcome of the presidential election with a small number of votes. That’s the power of statistics and a valid sample size. So, when you have 3.5 billion cyber attacks as your sample data, it’s a very accurate reflection of the state of attacks.

Regardless of whether your environment is on-premises, in the cloud or hybrid, new data makes it clear that users are the top cybersecurity concern, and we cover what you can do about it. According to Netwrix’s 2024 Hybrid Security Trends Report, 79% of organizations experience one or more security incidents in the last 12 months. This is a 16% increase from the previous year, demonstrating that attacks are not subsiding one bit and that they are increasingly successful.

Despite growing security investments in prevention, detection and response to threats, users are still making uninformed mistakes and causing breaches. One of the basic tenets of KnowBe4 is that your users provide the organization with an opportunity to have a material (and hopefully positive) impact on a cyber attack. They are the ones clicking malicious links, opening unknown attachments, providing company credentials on impersonated websites and falling for social engineering scams of all kinds.

Rapid7 reports an interesting social engineering scheme that easily bypasses content filtering defenses and creatively uses a fake help desk to supposedly “help” users put down the attack. The Black Basta ransomware group, also covered in a recent CISA warning bulletin, floods a victim’s email inbox with many, many emails. The emails are often otherwise legitimate emails, such as newsletter confirmation emails, which most email content filtering gateways would not block.

A scam operation called “Estate” has attempted to trick nearly a hundred thousand people into handing over multi-factor authentication codes over the past year, according to Zack Whittaker at TechCrunch. The scammers target users of Amazon, Bank of America, Capital One, Chase, Coinbase, Instagram, Mastercard, PayPal, Venmo, Yahoo and more.

The US Federal Bureau of Investigation’s (FBI’s) San Francisco division warns that threat actors are increasingly using AI tools to improve their social engineering attacks. “AI provides augmented and enhanced capabilities to schemes that attackers already use and increases cyber-attack speed, scale, and automation,” the FBI says.

New data shows that despite the massive evolution of the cybercrime economy, threat actors are sticking with the basics in social engineering attacks, with a goal at stealing data. I probably could have called this purely based on all the articles I’ve written (and all the articles I’ve read that never made it here). But when it comes to protecting your organization from social engineering, stick to the basics.

New analysis of Q1’s ransomware attacks uncovers a single group responsible for the majority and discusses what makes them so successful. This sort of analysis helps to establish threat landscape trends and keeps our collective focus on the places where cyber attacks are working.

Attackers are exploiting Reflected Cross-Site Scripting (XSS) flaws to bypass security filters, according to a new report from Vipre. This technique allows attackers to send benign links in phishing emails that will redirect users to malicious sites. Vipre also found that attackers are increasingly using links instead of malicious attachments in their phishing emails. “Three years ago, it was a 50/50 split between phishing emails utilizing links versus attachments,” the researchers write.

Trend analysis of ransomware attacks in the first quarter of this year reveals a continual increase in the number of "unknown" initial attack vectors, and I think I might understand why. There are two reports that you should be keeping an eye on—the updated Verizon Data Breach Report and ransomware response vendor Coveware’s Quarterly Ransomware Reports. In their latest report covering Q1 of this year, we see a continuing upward trend in “unknown” as the top initial attack vector.

Just when you think bad actors cannot sink any lower, they find a way to. In a recent chilling evolution of ransomware tactics, attackers are now also targeting the families of corporate executives to force compliance and payment. Mandiant's Chief Technology Officer, Charles Carmakal, highlighted this disturbing trend at RSA last week: criminals engaging in SIM swapping attacks against executives' children.

The Met Gala, fashion's biggest night, was not just the A-list attendees who stole the spotlight—digital imposters in the form of AI-generated superstars sent social media into a frenzy. As the actual stars showcased their designer ensembles at the gala, X and other platforms were overrun with images of celebrities who were shown to be there, but they actually didn't attend. This new phenomenon has given rise to a online spectacle that is challenging the realms of reality and fantasy.

One of the largest phishing-as-a-service platforms, LabHost, was severely disrupted by law enforcement in 19 countries during a year-long operation that resulted in 37 arrests. According to a recent Europol announcement, the folks behind the LabHost Phishing as a Service (PhaaS) platform were arrested last month. In a coordinated search over three days, 37 suspects were apprehended, disrupting the well-known service.

Boeing recently confirmed that in October 2023, it fell victim to an attack by the LockBit ransomware gang, which disrupted some of its parts and distribution operations. The attackers demanded a whopping $200 million not to release the data they had exfiltrated. On Wednesday, Boeing admitted it was the company described as the "multinational aeronautical and defense corporation headquartered in Virginia" in a recently unsealed U.S. Department of Justice indictment.

KnowBe4 is proud to be recognized by TrustRadius for our Security Awareness Training and PhishER platforms. KnowBe4's Security Awareness Training won in the Security Awareness Training category and PhishER won in Incident Response, Security Orchestration, Automation and Response and the Phishing Detection and Response categories.

New analysis of cyber attacks shows ransomware attacks are running far more rampant than previously thought, with half of organizations blaming poor cyber hygiene. After last year’s shocking stat that 70% of organizations pay the ransom, it’s really surprising to see that an even greater percentage (91%) have paid a ransom at least once in the last 12 months – this according to Extrahop’s 2024 Global Cyber Confidence Index.

New data from Verizon makes it clear that the Education sector is under attack, but also breaks down which threat actions and patterns are used most. We’ve seen Education institutions become a major focus for cybercriminals and entities like the New York State Education Department and the FBI have issued warnings.

Innovative analysis of data breaches shows which attack vectors are being used and how they’re enabled, highlighting the roles phishing and credentials play. In light of the recent release of the Verizon Data Breach Investigations Report this week, we have delved into the findings to continue our coverage of important cybersecurity issues, specifically data breaches and phishing.

For most folks, social media has become integral to their daily lives in today's hyperconnected world. They use platforms like Facebook, Twitter and Instagram to share their thoughts, experiences and personal moments with friends and family. Being online has even become a business for content creators, who share their insights and thoughts of their daily lives, from “Getting Ready With Me” (GRWM) to recording video trends of jumping over your camera to the beach or the latest dance craze.

The long-awaited annual Verizon Data Breach Investigations Report is out, and it’s made very clear that users continue to be a problem in phishing attacks. I’ve said it before, if you only read one report each year, the Verizon Data Breach Investigations Report is one you shouldn’t miss. And this year’s report starts off with a topic close to our hearts here at KnowBe4: users engaging with phishing emails and clicking links.

Is "RogerLovesTaco$24" a strong password? No! Everyone has a ton of passwords. They should be strong and unique for every site and service you use. Everyone knows this. Note: The information and recommendations in this post are supported in detail by the KnowBe4 ebook,

Newly-released data highlights our worst fears about the prevalence of phishing, and some glimmer of hope that the good guys may be winning the fight. Every quarter, the Anti-Phishing Working Group puts out a Phishing Activity Trends Report to highlight the changes in phishing attacks, including the number of campaigns, attacks, targets, and brands impersonated. The focus of the report covering 4th Quarter 2023 was the significant dip in the number of attacks in Q3 of last year.

Suspected North Korean threat actors are attempting to trick software developers into downloading malware during phony job interviews, according to researchers at Securonix. The threat actors contact software developers with seemingly legitimate employment opportunities before scheduling virtual job interviews.

With all great power, there comes an equal potential for misuse. Among the sophisticated arsenal of threat actors, impersonation attacks have surged to the forefront, which questions our sense of trust.