A report from Palo Alto Networks’ Unit 42 found that data theft extortion occurred in 70% of ransomware attacks in 2022, compared to 40% in 2021. The researchers examined the four most common methods of cyber extortion (encryption, data theft, harassment, and DDoS attacks) noting that threat actors often combine these tactics within a single attack campaign.
The details in this thwarted VEC attack demonstrate how the use of just a few key details can both establish credibility and indicate the entire thing is a scam. It’s not every day you hear about a purely social engineering-based scam taking place that is looking to run away with tens of millions of dollars. But, according to security researchers at Abnormal Security, cybercriminals are becoming brazen and are taking their shots at very large prizes.
New data on the current state of cybersecurity shows that organizations are experiencing challenges, falling behind, and seeing the impact of all this post-attack. If you’ve read any of the articles I post here, you already know that cybercriminals are constantly improving their game. So are cybersecurity vendors – but what about the orgs themselves?
As cyber insurers become more experienced in what kinds of claims are being presented, and the threat action details therein, specific types of coverages are no longer being included. I’ve written quite a few times about specific cyber insurance claim cases that required going to court to settle. And in most of them, the courts sided with the insurer because the wording in the cyber insurance policy made certain it was covering specific use cases.
New data shows that phishing mobile devices as an attack vector is growing in popularity – mostly because it’s increasingly working... in exponential terms. We all know phishing is the number one attack vector. But we should wonder whether phishing attacks that hit a corporate desktop email client or a mobile device are more impactful.
