Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Is your industry at risk? Everyone should be adequately prepared to resist and recover from cyber threats, but these sectors will most likely be targeted in 2025 (based on insights from Spambrella cybersecurity specialists).

A widespread phishing campaign is attempting to steal credentials from employees working at dozens of organizations around the world, according to researchers at Group-IB. The campaign has targeted organizations across twelve industries, including government, aerospace, finance, energy, telecommunications, and fashion. “The campaign begins with phishing links crafted to mimic trusted platforms commonly used for document management and electronic signatures, such as DocuSign,” Group-IB says.

A new report makes it clear that U.K. organizations need to do more security awareness training to ensure their employees don’t fall victim to the evolving use of AI. Here at KnowBe4, we’ve long known that AI is going to be a growing problem, with phishing attacks and the social engineering they employ far more believable and effective.

A new report from Hornetsecurity has found that 427.8 million emails received by businesses in 2024 contained malicious content. “Once again, phishing remains the most prevalent form of attack, responsible for a third of all cyber-attacks in 2024,” Hornetsecurity’s researchers write. “This was confirmed by the analysis of 55.6 billion emails, showing that Phishing remains a top concern consistently year over year.

New analysis of ransomware attacks shows that phishing is the primary delivery method and organizations need to offer more effective security awareness training to mitigate the threat. Hornet Security’s Q3 2024 Ransomware Attacks Survey report paints a pretty bleak picture of how organizations have fared this year against ransomware attacks. So almost one in five organizations is a victim. According to the survey data, 52.3% of the attacks started with a phishing email.

Researchers at Silent Push warn that a phishing campaign is using malicious Google Ads to conduct payroll redirect scams. The attackers are buying search ads with brand keywords to boost their phishing pages to the top of the search results. “We have identified hundreds of domains primarily focused on Workday users and high-profile organizations, including the California Employment Development Department (EDD), Kaiser Permanente, Macy’s, New York Life, and Roche,” the researchers write.

It’s that time again— we’re saying goodbye to 2024 and looking ahead to what the new year may bring. From AI-driven attacks and the rise of deepfakes to the growing vulnerabilities in collaboration tools, the cyber landscape is set to face new and evolving threats. What trends should we prepare for and how can we stay one step ahead?

Frequently, when a cybersecurity training manager sends out a controversial simulated phishing attack message that angers a bunch of employees and ends up making headlines, we get called by the media to comment on the story. Here are some examples of potentially controversial simulated phishing messages: I have read many stories of security awareness training managers sending simulated phishing emails with these types of messages, often around Christmas or other national holidays.

In recent years, the world of cybersecurity has witnessed a concerning trend: a significant increase in phishing attacks. A new study reveals that these attacks have surged by nearly 40% in the year ending August, 2024. What's particularly alarming is the role played by new generic top-level domains (gTLDs) in this spike. While gTLDs like.shop, .top, and.xyz make up only 11% of new domain registrations, they account for a staggering 37% of reported cybercrime domains.