Researchers at ESET describe various types of scams launched by users of Telekopye, a telegram bot that assists in crafting social engineering attacks. The scammers call their victims “mammoths,” so ESET has dubbed the scammers “Neanderthals.” The first type of scam is simply financial data theft via phishing sites.
The digital landscape is evolving at an exponential rate, and with it, the cybersecurity challenges we face. As we approach 2024, I've reflected on the insights gleaned from recent discussions I was privileged to partake in, such as the World Economic Forum's annual cybersecurity conference, ThreatCon and conversations with industry leaders, academics, and government representatives. Here are my top seven takeaways for 2024.
Huntress has released a report finding that business email compromise (BEC) attacks have risen in the third quarter of 2023. “64% of identity-focused incidents in Q3 2023 involved malicious forwarding or other malicious inbox rules, a key indicator of business email compromise (BEC),” the researchers write. “Another 24% of identity-focused incidents involved logins from unusual or suspicious locations.
New data sheds light on just how active the Initial Access Broker (IAB) business is, and the growth uncovered doesn’t bode well for potential victim organizations. There’s plenty of fodder in tech news about the use of IABs and their role in cyber attacks. But rarely do we get to see a more comprehensive analysis of just how much growth in both the number of brokers and posts of credentials for sale.
Visa Payment Fraud Disruption (PFD) expects phishing attacks to increase between November 2023 and January 2024. Findings in its Holiday Edition Threats Report outline the popular fraud tactics predicted this holiday season. Expected Holiday Phishing Scams.
Another day, another warning about holiday scams! Lookout Inc., a data-centric cloud security company, is warning employees and businesses that phishing attacks are expected to more than double this week, based on historical data. With more corporate data residing in the cloud and a massive amount of employees still working remotely, mobile has become the endpoint of choice for the modern workforce.
Security researchers identify growth in the use of an ongoing cyberskimming campaign that involves compromising legitimate website checkout code. We’ve all seen a video that shows someone fidgeting with a credit card terminal only to pull off a very realistic molded cover that looks identical to the actual device beneath it complete with its own circuitry to read and store credit card swipes. Now take that very same idea and put it into the digital world.
A new analysis of the retail market’s threat landscape discusses the challenges faced by this industry and what threat tactics are being used to take advantage of retail’s cyber weaknesses. Not every report needs to have stats on the state of how bad things are. In fact, it’s quite refreshing for a report to simply state what kinds of attacks are transpiring and what the reader can do to mitigate such threats.
The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have released a joint Cybersecurity Advisory describing the Scattered Spider cybercriminal gang’s activities. The group, believed to be unusual both for the relative youth of its members and their native proficiency in English, was responsible for this summer’s compromises of MGM Resorts and Caesars Entertainment. It also excels at social engineering.
If increases in cyberattacks this year are any indication of what to expect in the next six weeks of holiday shopping, we should expect a massive uptick in holiday-related scams. The expectation by the National Retail Foundation for this year’s holiday shopping is that we will see 4% more spending than last year. This is a slight year over year decrease (as last year saw a 5.4% increase over 2021), but still indicates increases in spending.
