It seems that once again bad actors have found a new way to infect our devices with malware. This time, they are using a devious little trick to spread trojanized versions of popular chat apps Telegram and WhatsApp. Now, I am sure you are all familiar with these apps – they are hugely popular for communication and messaging, with millions of users around the world. And unfortunately, that is exactly what makes them such an attractive target for cybercriminals.

In recent years, cybercrime has evolved to become more sophisticated than ever before. One of the up and coming methods used by criminals is vishing (voice phishing). This is where an attacker phones up a victim to simulate a trusted source such as a bank to phish for sensitive information. No one is immune from a vishing attack, even the Social Security Administration.

A report from Palo Alto Networks’ Unit 42 found that data theft extortion occurred in 70% of ransomware attacks in 2022, compared to 40% in 2021. The researchers examined the four most common methods of cyber extortion (encryption, data theft, harassment, and DDoS attacks) noting that threat actors often combine these tactics within a single attack campaign.

The details in this thwarted VEC attack demonstrate how the use of just a few key details can both establish credibility and indicate the entire thing is a scam. It’s not every day you hear about a purely social engineering-based scam taking place that is looking to run away with tens of millions of dollars. But, according to security researchers at Abnormal Security, cybercriminals are becoming brazen and are taking their shots at very large prizes.

New data on the current state of cybersecurity shows that organizations are experiencing challenges, falling behind, and seeing the impact of all this post-attack. If you’ve read any of the articles I post here, you already know that cybercriminals are constantly improving their game. So are cybersecurity vendors – but what about the orgs themselves?

As cyber insurers become more experienced in what kinds of claims are being presented, and the threat action details therein, specific types of coverages are no longer being included. I’ve written quite a few times about specific cyber insurance claim cases that required going to court to settle. And in most of them, the courts sided with the insurer because the wording in the cyber insurance policy made certain it was covering specific use cases.

New data shows that phishing mobile devices as an attack vector is growing in popularity – mostly because it’s increasingly working... in exponential terms. We all know phishing is the number one attack vector. But we should wonder whether phishing attacks that hit a corporate desktop email client or a mobile device are more impactful.