APT28 exploits a critical Outlook vulnerability, QR phishing campaigns grow more complex, and an SQL brute force attack results in BlueSky ransomware.

Ransomware as a Service (RaaS) is a business model in which cybercriminals develop and sell ransomware to buyers known as affiliates who use it to execute ransomware attacks. Ransomware is a type of malware that prevents users from accessing their data or devices by encrypting them and locking users out until a ransom is paid. Typically, cybercriminals need to know some coding to develop and execute ransomware attacks.

Identity-based threats specifically target the digital identities of individuals and the identity infrastructure of organizations.

Your data has left the premises. While virtual private networks (VPNs) used to be the go-to solution for extending access to private apps to remote users, they aren't a sufficient solution for securing a hybrid workforce. Because they place so much trust in users and devices, they end up granting overly permissive access to everything inside the perimeter, putting your data at risk.

Phishing, already a serious, ever-present threat, is getting even more pernicious thanks to ChatGPT, which enables threat actors to craft more realistic emails. Clearly, organizations need a way to fight back that recognizes the depth of the threat, including by employing managed detection and response services.

Personal information stored in business-owned accounts is a risk, especially when it contains vulnerabilities like weak or reused passwords.

Monitoring user behavior is an effective practice for early detection and prevention of insider threats. Identifying suspicious user behavior can help eliminate potential threats, data breaches, and policy violations. Thus, your organization will better meet the requirements of many industry standards such as NIST, HIPAA, PCI DSS, and more. But to get the most out of user behavior monitoring, you need to better understand its principles.

As the curtains close for year 2023, the financial impact of cyberattacks on the global economy is predicted to reach $10.5 trillion. It is imperative for IT managers to be aware of the evolving landscape. Let’s see what will shape the cybersecurity arena in the coming year. From a data-centric perspective, we have identified 7 trends that will be important for data security.

Electrical utilities are responsible for just about everything we do. This presents a tremendous burden on those who operate those utilities. One way these organizations offer assurance is through the audit process. While audits can generate tremendous anxiety, good planning, and tools can help make the entire process go smoothly. Moreover, these can also help to achieve positive results.

Frankly stated, operational resilience is your ability to climb the mountain, no matter the weather. Businesses now need more than a good security structure to weather the storms of AI-driven threats, APTs, cloud-based risks, and hyper-distributed environments. And more importantly, operational resilience in 2024 requires a paradigm shift. Attackers aren’t out there doing the bare minimum. As the numbers suggest, they’re getting the job done.