Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Spear phishing was the top cybersecurity threat to the manufacturing sector over the past six months, according to a report from ReliaQuest. These attacks accounted for 41% of true-positive alerts in the sector. “Spear phishing remains a favored tactic for attackers targeting manufacturing companies—and it’s easy to see why,” ReliaQuest says.

Several Russian threat actors, including the SVR’s Cozy Bear, are launching highly targeted spear phishing attacks against Microsoft 365 accounts, according to researchers at Volexity. The attackers are impersonating employees at the US State Department, the Ukrainian Ministry of Defence, the European Union Parliament, and well-known research institutions.

At KnowBe4, we constantly strive to stay ahead of emerging threats and create training content to warn users about the latest tactics used by cybercriminals. One of the ways we do this is through our internally produced demo video productions, which used to star the incredible Kevin Mitnick and his legendary hacking demos. In these modules we showcase real-world attack scenarios and provide actionable insights on how to defend against them. Last year my colleague Dr.

This Valentine’s Day, Cupid wasn’t the only one taking aim. Our Threat Research team noted a 34.8% increase on Valentine-related threat traffic in comparison to February of 2024. Leveraging impersonation and social engineering techniques, attackers have used a seasonal event to exploit heightened emotions and a sense of urgency, effectively increasing the likelihood of success in their phishing campaigns.

Data theft extortion attacks increased by 46% in the fourth quarter of 2024, according to a new report from Nuspire. These incidents have become a routine part of ransomware attacks, since the threat of a data breach puts additional pressure on victims to pay the ransom. Ransomware gangs published stolen data on leak sites more than 2,200 times during Q4 2024. The finance and insurance industry saw the sharpest rise in data theft extortion last quarter.

SentinelOne warns that a phishing campaign is targeting high-profile X accounts, including those belonging to US political figures, leading journalists, major technology companies, cryptocurrency organizations, and owners of coveted usernames. “SentinelLABS’ analysis links this activity to a similar operation from last year that successfully compromised multiple accounts to spread scam content with financial objectives,” the researchers write.

Check Point warns that a large-scale phishing campaign is targeting Facebook accounts with phony copyright infringement notices. The phishing emails have targeted more than 12,000 email addresses at hundreds of companies. Nearly all of the emails targeted individuals in the US, the EU, and Australia, though the researchers also observed some phishing templates written in Chinese and Arabic.

Dr. Martin J. Kraemer discusses learning from The Word Economics Forum Cybersecurity Outlook 2025 report Last year, the British multinational corporation Arup lost about 20 million pounds after falling victim to a deepfake scam. A finance worker in their Hong Kong office carried out 15 transactions to seven different bank accounts after joining an online meeting, during which urgent financial requirements were discussed among senior leadership.

2024 saw the highest-ever amount of ransomware attacks, according to a new report from NCC Group. There were 5,263 observed ransomware incidents last year, with the LockBit gang accounting for ten percent (526) of these attacks. RansomHub was the second most active group, accounting for 501 attacks. Notably, the industrial sector was the most commonly targeted, accounting for 27% of ransomware attacks in 2024 (a 15% increase from 2023).

Scammers are taking advantage of the newfound popularity of the China-based AI app DeepSeek, according to researchers at ESET. DeepSeek released its generative AI tool last month, and it’s since overtaken ChatGPT as the top free app in Apple’s App Store. Users are now spotting lookalike domains designed to deliver malware or steal information. Other scams offer users the opportunity to buy phony stocks in DeepSeek.