Jeremy King is a partner at Olshan Frome Wolosky. He wrote an article for Bloomberg where he analyzed cyber risk management issues that companies should prioritize in response to new SEC reporting requirements for cybersecurity incidents and threats. Here is a quick summary and I suggest you send the link to your InfoSec budget holder so that they can assess the importance. Ransomware is a big deal these days.
The latest data from IBM shows that the average cost of a data breach has gone up by 2% to a whopping $4.45 million. You would think that in the cybersecurity industry, people would be all about safety and security, right? I mean, it's literally in the name. But here's the kicker: more than half (55%) of cybersecurity professionals have admitted to being risky when it comes to their cybersecurity practices at work.
There’s been a surge of Elon Musk-themed cryptocurrency scams on TikTok, BleepingComputer reports. The scammers inform the victims that they can claim their reward after spending a small amount of bitcoin (about $132) to activate their account. “BleepingComputer tested one of the giveaways to see how it works and found that almost all utilize the same template, which pretends to be a crypto investment platform,” BleepingComputer says.
Now entering its third year in business, the phishing platform, Classicam, represents the highest evolution of an “as a service” cybercrime, aiding more than 1000 attack groups worldwide. What do cybercriminals need for a successful attack? A convincing email, a list of potential target email addresses, and a website to extract payment details, bank login credentials, etc. And it’s the last part that’s usually the barrier to market for those that want to get into cybercrime.
A new SMS-based phishing attack uses a smishing kit-as-a-service to impersonate the U.S. Postal Service. If you’ve received a fake text from the U.S. Postal Service in the last month, you’re not alone. A Cybercrime-as-a-Service (CaaS) group based in China is likely behind the attack, and many others. According to security researchers at cybersecurity vendor Resecurity, the group is behind similar attacks throughout the globe, posing as the U.K.
Scammers are using dating sites to lure victims into phony cryptocurrency investment schemes, according to Sean Gallagher at Sophos. These types of investment scams are known as “pig butchering,” loosely translated from the Chinese phrase “sha zhu pan.” In this case, the scammers convince the victim to participate in a liquidity pool arrangement, a legitimate but risky cryptocurrency investment technique.
WASHINGTON – In a startling revelation, FBI Director Chris Wray disclosed at a recent conference that China's cyber espionage capabilities are so extensive, they bigger than the efforts of all other major nations combined. While the U.S. government has long been cautioning against the cyber threats emanating from China, Wray's statements took the conversation to a new level of urgency.
The International Joint Commission (ICJ), an organization that handles water issues along the Canada–United States border, was hit by a ransomware attack, the Register reports. The Commission said in a statement, “The International Joint Commission has experienced a cyber security incident.
Dallas Mavericks owner and well-known investor Mark Cuban reportedly lost nearly $900,000 in a phishing attack targeting his MetaMask cryptocurrency wallet. The incident was first flagged by crypto investigator WazzCrypto, who observed unusual transactions linked to a wallet associated with Cuban. This particular wallet had been dormant for about six months before all its funds were suddenly moved.
Out of the over 350 brands regularly impersonated in phishing attacks, Microsoft continues to stand out because they provide attackers with one unique advantage over other brands. The whole idea behind impersonation is to establish the illusion of legitimacy for a phishing email. This lowers the “defenses” of the email recipient, allowing social engineering tactics to take effect and to get the victim to interact with the email.
