Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Criminals have historically been quick to embrace cutting-edge technology for their financial gain. For instance, the notorious bank robbers Bonnie and Clyde utilized high-powered V-8 engine-equipped Ford cars to outpace local law enforcement. Other criminal groups leveraged telephones to coordinate their activities, while some recognized the advantage of wielding Thomson submachine guns to outgun security personnel and police.

New analysis shows that the combination of phishing, email, remote access, and compromised accounts are the focus for most threat actors. Data across the industry corroborates new findings in cyber risk advisory and response firm Kroll’s just-released Q4 2023 Cyber Threat Landscape Report. But what’s interesting in this report is how the data tells a story of where organizations are falling short in their preventative efforts.

Generative AI exploded in popularity not too long ago but its influence on text and media creation is already undeniable. AI content is becoming ubiquitous on the internet, and this technology is slowly seeping into real life, impacting sectors such as healthcare, finance, agriculture, and education. In a previous blog post, we discussed the rise of malicious AI chatbots and how they can be leveraged in cyberattacks. Now, we are seeing these potentially AI-written spam being distributed via email.

Researchers at IBM X-Force are monitoring several ongoing phishing campaigns by the Russian state-sponsored threat actor ITG05 (also known as “APT28” or “Fancy Bear”). APT28 has been tied to Russia’s military intelligence agency, the GRU.

Business email compromise (BEC) attacks surged by 246% last year, according to researchers at ReliaQuest.The researchers believe the increase is due to widely available phishing kits that facilitate BEC.

Did you know that 41% of breaches involve email? For threat actors, cloud email systems like Gmail and Microsoft Exchange are treasure troves for valuable internal information like PII, PCI, PHI, secrets, and credentials. In order to limit the blast radius of privilege escalation attacks, and to remain in compliance with standards like HIPAA, it’s essential for enterprises to protect thousands of emails per day.

As cybercriminals leverage tools like generative AI, making attacks easier to execute and with a higher degree of success, phishing attacks continues to increase in frequency. I’ve been covering the cybercrime economy’s use of AI since it started. I’ve pointed out the simple misuse of ChatGPT when it launched, the creation of AI-based cybercrime platforms like FraudGPT, and how today’s cybercriminal can basically create foolproof malicious content.

Phishing remains an ever persistent and grave threat to organizations, serving as the primary conduit for infiltrating network infrastructures and pilfering valuable credentials. According to an FBI report phishing is ranked number 1 in the top five Internet crime types. Recently, the Cato Networks Threat Research team analyzed and mitigated through our IPS engine multiple advanced Phishing Kits, some of which include clever evasion techniques to avoid detection.

The importance of security awareness It’s well worth taking the time to craft a meaningful and engaging security awareness program. By presenting the right mix of information to your users in a compelling way, you can empower them to help you improve your organization’s security posture as well as create a more robust security culture overall. The cybersecurity topics that you include in your program should be relevant to your business and industry, of course.

The importance of security awareness It’s well worth taking the time to craft a meaningful and engaging security awareness program. By presenting the right mix of information to your users in a compelling way, you can empower them to help you improve your organization’s security posture as well as create a more robust security culture overall. The cybersecurity topics that you include in your program should be relevant to your business and industry, of course.