The latest data from the FBI’s Internet Crime Complaint Center (IC3) ups the estimate for the cost of losses and exposure through business email compromise (BEC) attacks from 2013 through 2023. In the latest advisory from the IC3 entitled “Business Email Compromise: The $50 Billion Scam,” there was a 17% increase in losses from BEC attacks in 2022.
Cybercriminals are exploiting the introduction of “.ZIP” as a new generic Top-Level Domain (gTLD) to launch phishing attacks, according to researchers at Fortinet. “Cybercriminals are always on the lookout for new opportunities and techniques to exploit, and the recent availability of '.ZIP' domains for public purchase has unfortunately created such an opportunity,” the researchers write.
CyberWire wrote: "Researchers at SlashNext describe a generative AI cybercrime tool called “WormGPT,” which is being advertised on underground forums as “a blackhat alternative to GPT models, designed specifically for malicious activities.” The tool can generate output that legitimate AI models try to prevent, such as malware code or phishing templates.
A new scam aimed at stealing your credit card and banking information has reared its’ ugly head as a completely legitimate ad that is likely to be clicked based on the corresponding search term. If you type in “USPS Tracking” in Google, you probably want to enter a U.S. Postal Service tracking number so you can see where your package is, right? So, if you saw the following result, would you give it a second thought? Source: Malwarebytes.
The quantity of emails involved in scams and cyber attacks continues to grow as credential theft and response-based phishing persist as top attack variants. The ripple effect from cybercrime-as-a-service launching a few years back has reached critical mass, where we’re seeing significant increases in the percentage of emails that are either clearly determined to be malicious (7.7%) as well as those suspicious enough that users are recommended to not engage with (15.9%).
New insight from blockchain analysis company, Chainalysis, shows that activity involving known ransomware crypto addresses has grown over the last 18 months, despite a downfall of other malicious activity. When I cover reports, there’s an understanding that the accuracy of the data provided is dependent on the number of organizations responding to a survey, the geos and industries represented, etc.
Researchers at Check Point outline various forms of tailgating attacks. These attacks can allow threat actors to bypass physical security measures via social engineering. “Tailgating is a common form of social engineering attack,” the researchers write. “Social engineering attacks use trickery, deception, or coercion to induce someone to take actions that are not in the best interests of themselves or the organization.
PoisonGPT works completely normally, until you ask it who the first person to walk on the moon was. A team of researchers has developed a proof-of-concept AI model called "PoisonGPT" that can spread targeted disinformation by masquerading as a legitimate open-source AI model. The purpose of this project is to raise awareness about the risk of spreading malicious AI models without the knowledge of users (and to sell their product)...
As the rate of ransomware attacks steadily increased over time, there are clear indicators as to how these attacks are starting and, therefore, what can be done to stop them. With the exception of the Verizon Data Breach Investigations Report, we rarely get insight into specific industry verticals.
On July 10th, the EU Commission adopted an adequacy decision for the proposed EU-U.S. Data Privacy Framework. This is exciting news for organizations, as many have been stuck in privacy "limbo" since the annulment of the previous EU-U.S. Data transfer mechanism, Privacy Shield, which was annulled due to challenges in court by privacy activist Max Schrems.
