Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

KnowBe4

knowbe4

Phishing Attack Takes a Two-Step Approach to Leverage Legitimate Sites and Evade Detection

Sep 6, 2024 By Stu Sjouwerman In KnowBe4
Analysis of a new phishing attack demonstrates how attackers may take a longer path to reach their malicious goals while staying “under the radar” of security products. It would be pretty simple to create a phishing attack that sends its’ victims a brand-impersonated email with a link that takes you to an impersonated webpage that asks for credentials, personal details or credit card information. But many of today’s security products will detect the impersonation immediately.
Read Post
knowbe4

Phishing is Still the Top Initial Access Vector

Sep 5, 2024 By Stu Sjouwerman In KnowBe4
Phishing remains a top initial access vector for threat actors, according to researchers at ReliaQuest. Phishing and other social engineering tactics can bypass security technologies by targeting humans directly. “The enduring dominance of phishing as an initial access technique underscores its effectiveness and persistence in the face of cybersecurity advancements and more sophisticated methodologies,” the researchers write.
Read Post
knowbe4

Threat Actors Increasingly Exploit Deepfakes for Social Engineering

Sep 4, 2024 By Stu Sjouwerman In KnowBe4
The availability of deepfake technology has given threat actors a valuable tool for social engineering attacks, according to researchers at BlackBerry. “Typically, online scams prey on the presumed weaknesses and susceptibility of the targeted individual,” the researchers write.
Read Post
knowbe4

Major Scam Operation Uses Deepfake Videos

Sep 3, 2024 By Stu Sjouwerman In KnowBe4
Researchers at Palo Alto Networks’ Unit 42 are tracking dozens of scam campaigns that are using deepfake videos to impersonate CEOs, news anchors, and high-profile government officials. Unit 42 believes a single threat actor is behind the scheme. The researchers discovered hundreds of domains used to spread these campaigns, each of which has been visited an average of 114,000 times. The goal of the operation is to spread investment scams and fake government-sponsored giveaways.
Read Post
knowbe4

U.S. Experiences 52% Increase in the Number of Ransomware Attacks in One Year

Aug 30, 2024 By Stu Sjouwerman In KnowBe4
New analysis of current ransomware attacks shows a massive focus on U.S. organizations, with growth spread across nearly every industry. One would think there would be a slowdown in the number of ransomware attacks due to the amount of threat intelligence and best practices to mitigate this threat.
Read Post
knowbe4

Nearly Half of Mid-Market and Enterprise Organizations Have Experienced Four or More Ransomware Attacks in the Last Year

Aug 30, 2024 By Stu Sjouwerman In KnowBe4
New data exposes the reality of ransomware attacks today, including their frequency, impact, ransom payment – and the involvement of human error. It’s readily evident that ransomware is only growing as a threat. But a new infographic from ERP Cybersecurity vendor Onapsis covering the state of ransomware provides some context on just how critical the threat is right now: The most shocking stat is that in 81% of attacks, human error was involved in the successful execution of the ransomware.
Read Post
knowbe4

Threat Actors Abuse Microsoft Sway to Launch QR Code Phishing Attacks

Aug 30, 2024 By Stu Sjouwerman In KnowBe4
Researchers at Netskope last month observed a 2000-fold increase in traffic to phishing pages delivered through Microsoft Sway. The phishing attacks are targeting organizations in the technology, manufacturing, and finance sectors in Asia and North America. Most of these attacks involved QR code phishing (quishing) to trick victims into visiting the malicious sites.
Read Post
knowbe4

Fewer, High-Profile Ransomware Attacks Are Yielding Higher Ransoms

Aug 29, 2024 By Stu Sjouwerman In KnowBe4
Analysis of cryptocurrency payments made on the blockchain highlights shifts in the size and frequency of ransomware attacks and may paint a bleak picture for the remainder of the year. Each quarter, blockchain analysis company, Chainalysis, analyzes cybercriminal activity from the perspective of blockchain use to facilitate payments, crypto theft, etc.
Read Post
knowbe4

Phishing Attacks Are Increasingly Targeting Social Media and Smartphone Users

Aug 28, 2024 By Stu Sjouwerman In KnowBe4
Threat actors are increasingly tailoring their attacks to target social media apps and smartphone users, according to a new report from the Anti-Phishing Working Group (APWG). As email security technologies improve, scammers are turning to social media apps, text messages, and voice calls to conduct social engineering attacks.
Read Post
knowbe4

Email Compromise Remains Top Threat Incident Type for the Third Quarter in a Row

Aug 28, 2024 By Stu Sjouwerman In KnowBe4
New analysis of Q2 threats shows a consistent pattern of behavior on the part of threat actors and threat groups, providing organizations with a clear path to protect themselves. It’s every cybersecurity professionals’ worry; whether the security controls they’ve put in place will actually stop attacks.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.