A new report focused on cyber espionage actors targeting government and critical infrastructure sectors highlights the strategic use of ransomware for distraction or misattribution. It was inevitable: a threat group using a secondary attack type to cover their tracks – whether those “tracks” are the groups true intent, who’s responsible – or to simply make some additional money after they’re done with the initial attack.

Phishing remains a top initial access vector for ransomware actors, according to researchers at Cisco Talos. The threat actors often use phishing to steal legitimate credentials so they can use employee accounts without raising suspicion.

New data shows that only 3 percent of organizations are solely relying on their current cyber defenses when adding on cyber insurance, indicating that organizations are beginning to understand the true value and place of a cyber insurance policy. For the last few years, it felt like organizations were seeing cyber insurance like they do their car insurance; have an “accident” and let the policy cover it.

Ransomware is more prolific and expensive than ever. Depending on the source you read, the average or median ransomware payment was at least several hundred thousand dollars to well over several million in 2023. Marsh, a leader in cybersecurity insurance, wrote that its customers paid an average of $6.5 million in ransom in 2023 (after just paying an average of $1.4 million in 2023).

Researchers at Abnormal Security have observed a 360% increase in phishing attacks against state and local government entities over the past year. The researchers write, “While phishing tends to consistently increase each year and regularly accounts for the majority of advanced threats, this level of growth is extraordinary.” Threat actors often use phishing to gain a foothold within an organization before launching more follow-on attacks.

Recently I had to prepare for a governance, risk and compliance conference. I promptly realized that although I used to be quite immersed in this field as an ISO 27k implementation consultant and even a short stint as a Payment Card Industry (PCI QSA) auditor years ago, it has been a while since I looked into this.

I recently read a story about a South Korean telecom company that pushed out malware to over 600,000 of its customers who were using torrents to share files, in a bid to limit their file-sharing capabilities. Users reported that their files went missing, random folders appeared, and in some cases, their PCs were disabled.

Researchers at Check Point observed more than a thousand newly registered malicious or suspicious web domains related to Amazon last month. The criminals are likely gearing up to target users during Amazon Prime Day next week. “While Prime Day offers incredible savings, it is crucial for shoppers to remain vigilant, exercise caution while clicking on links or providing sensitive information, and ensure they are navigating legitimate platforms,” the researchers write.

Analysis of the latest phishing-as-a-service (PhaaS) platform ONNX Store highlights just how successful these platforms can be. Security analysts at threat intelligence vendor Eclectic IQ have been tracking ONNX Store, noting it’s a rebranded evolution of the Caffeine PhaaS platform. According to analysis, ONNX has been used to target financial institutions, “including banks, private funding firms and credit union service providers across the EMEA and AMER regions.”