Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Our recent research reveals a concerning discrepancy between employees' confidence in their ability to identify social engineering attempts and their actual vulnerability to these attacks. While 86% of respondents believe they can confidently identify phishing emails, nearly half have fallen for scams in the past. This disconnect between perceived competence and demonstrated vulnerability, the "confidence gap", poses a substantial risk to organizations. The Danger of Overconfidence.

My two previous recent postings on AI covered “Agentic AI” and how that impacts cybersecurity and the eventual emergence of malicious agentic AI malware. Both of those articles started to touch on the idea of automated agentic AI defenses. This posting goes into a little more detail on what agentic AI defenses might mean. It starts with agentic AI, which is a collection of automated programs (i.e., bots or agents) working toward a common goal.

A KnowBe4 Threat Lab publication Authors: Martin Kraemer, Jeewan Singh Jalal, Anand Bodke, and James Dyer EXECUTIVE SUMMARY: We observed a 98% rise in phishing campaigns hosted on Russian (.ru) top-level domains (TLDs) from December 2024 to January 2025, primarily used for credential harvesting. These Russian.ru domains are run by so-called “bullet-proof” hosting providers, that are known to keep malicious domains running and ignore abuse reports which is ideal for cybercriminals.

Group-IB has published a report on SIM swapping attacks, finding that attackers continue to use social engineering to bypass technical security measures. SIM swapping is a technique in which an attacker takes over a victim’s phone number, which enables them to access the victim’s accounts. This involves tricking the telecom operator into reassigning the victim’s phone number to a SIM card controlled by the attacker.

I infrequently get emails from customers who are frustrated because their employer sent out some legitimate mass email to all employees that unfortunately had all the hallmarks of a malicious phishing attack. Everyone gets worked up about it and a large percentage of people report it as a possible phishing attack. And it is not. It is just frustrating. Sound familiar?

Microsoft warns that a widespread malvertising campaign hit nearly one million devices around the world. The campaign, which began on illegal streaming sites, impacted both consumer and enterprise devices across a wide range of industries. “Analysis of the redirector chain determined the attack likely originated from illegal streaming websites where users can watch pirated videos,” Microsoft says.

Artificial Intelligence (AI) is no longer just a tool—it is a game changer in our lives, our work as well as in both cybersecurity and cybercrime. While organizations leverage AI to enhance defences, cybercriminals are weaponizing AI to make these attacks more scalable and convincing .

The KnowBe4 Threat Research team has observed a sustained increase in the use of Scalable Vector Graphics (SVG) files to obfuscate malicious payloads. SVGs are vector based, rather than pixel-based like PNGs and JPGs. This means the graphic elements can be scaled up without loss of quality - making them perfect for sharing graphics, such as logos and icons, via email.

In the realm of cybersecurity, perception often diverges from reality. A common misconception is that nation-state cybercriminals primarily target the United States. However, recent evidence suggests a more ubiquitous threat landscape, with significant activities targeting the UK, Australia and other regions globally. The notion that certain countries are immune to sophisticated cyberattacks is not just outdated—it's dangerous.

I’ve been in the cybersecurity industry for over 36 years. Surprisingly, hackers and malware haven't changed all that much. The malware today is not all that different from the stuff I was disassembling for John McAfee back in the late 1980s and early 1990s. A lot of the involved programming languages, technology and communication channels have changed, but not how malware operated and what it did. We had ransomware back in 1989. We had polymorphic, crypto-morphing malware back then.