Analysis of typosquatting and brand impersonation activity across 500 of the most visited domains provides insight in to how these techniques come together to effectively deceive. From February 2024 to July 2024, Zscaler’s ThreatLabz tracked more than 30,000 lookalike domains that impersonated some of the world’s most well-known brands.

Since the beginning of computers, social engineering has been the number one way that computers and networks have been compromised. Social engineering is involved in 70% to 90% of all successful data breaches. Nothing else is even close (unpatched software and firmware are involved in 33% of successful attacks, everything else is 1% or less).

New analysis of attacks on the financial sector shows that the combination of phishing emails and compromised credentials is a recurring — and financially impactful — threat. According to IBM, financial services is the second most expensive sector with an average cost of a data breach at $6.1 million.

Researchers at Barracuda have observed an increase in phishing attacks that abuse popular content creation and collaboration platforms. These include online graphic design platforms and document-sharing services widely used by educational institutions and businesses. “The analysts found that attackers are sending out emails from these platforms, featuring legitimate-looking posts, designs, and documents, but with embedded phishing links,” the researchers write.

New analysis of blockchain activity shows scammers are needing less time to obtain crypto payments and are seeing higher payoffs per scam. I continue to repeatedly cover breakdowns of cybercrime activity from the folks at Chainalysis because it represents an unbiased view that some security vendors may inherently have (because their data is based on what their solutions do and don’t discover).

Analyst reports aim to provide market insights. But when it comes to Human Risk Management (HRM), we’ve noticed that they often fall short of capturing the full picture. You already know that we are the undisputed leader in the essential areas that have been standard features in the security awareness market for years. Those capabilities are why we’ve become the largest vendor in the space. But for years now we have exceeded just those standard features.

Increased ransomware attacks on industrial control systems (ICS), mixed with general ICS insecurity found across the manufacturing sector, has given rise to a guide specifically addressing this risk. Manufacturing has been a target of ransomware for quite some time — I’ve even covered a recent attack focused on credential harvesting.

Researchers at ReversingLabs warn that North Korea’s Lazarus Group is targeting software developers with phony job interviews. The threat actors are posing as employees of major financial services firms and send coding assessment tests as part of the interview process. Our team recently recorded a webinar that covers this exact topic, as our cybersecurity experts discuss how we spotted the red flags and stopped it before any damage was done.

Statista projects that the total cost of cybercrime will increase from $6.4 trillion between 2024 and 2029, reaching a staggering $15.63 trillion by the end of this period. They reported: "The global indicator 'Estimated Cost of Cybercrime' in the cybersecurity market was forecast to continuously increase between 2024 and 2029 by in total 6.4 trillion U.S. dollars (+69.41 percent). "After the eleventh consecutive increasing year, the indicator is estimated to reach 15.63 trillion U.S.

The latest evolution of the ransomware service model, RansomHub, has only been around since February of this year, but its affiliates are already successfully exfiltrating data. You know you’re a problem when the U.S. government puts out a notice about you. That’s the case for RansomHub — the latest iteration of a ransomware as a service group formerly working under the names Cyclops and Knight.