The US Federal Bureau of Investigation (FBI) has issued an alert warning that scammers are tricking victims into converting their savings into cash or precious metals, then sending couriers to pick up the items for safekeeping. The scammers then steal the goods and cut contact with the victims. The FBI says victims lost more than $55 million to these scams between May and December 2023.

New data for Q4 of 2023 reveals a sizable shift in the cyber threat landscape, with serious implications regarding ransomware and social engineering attacks targeting both the largest and smallest organizations worldwide. The good news is that ransoms continue to decline – according to the most recent Quarterly Ransomware Report from ransomware response vendor Coveware.

Phishing attacks are increasingly using open redirects to evade detection by security filters, according to researchers at Trustwave. Open redirects are URLs hosted on trusted domains that take users to separate, potentially malicious domains. The researchers explain the process using the example URL “hxxps://goodsitecom.” Trustwave has observed a “significant rise” in phishing attacks using open redirects over the past several months.

Check Point’s review of ransomware shows that the percent of organizations worldwide hit by this greatest of cyberthreats rose by a whopping 33% in 2023. In 2022, 1 in 13 organizations globally had been the victim of a ransomware attack. According to the latest Check Point Research, that ratio worsened to just 1 in 10 in 2023. That represents 60,000 attempted attacks per organization throughout the year.

Researchers have developed AI technology that can mimic someone’s handwriting with only a few paragraphs of written content. Experts worry about the possibility of misuse. The Mohamed bin Zayed University of Artificial Intelligence (MBZUAI) in Abu Dhabi announced they have developed handwriting AI based on a neural network designed to learn context and meaning in sequential data.

Researchers at Check Point warn that scammers are using airdrops to distribute phony non-fungible tokens (NFTs) that direct users to malicious sites. “This campaign is unique in its methodology, employing a source spoofing technique to target a broad spectrum of token holders,” the researchers write.

Passwords are part of every organization’s security risk profile. Just one weak password with access to an organization’s critical systems can cause a breach, take down a network or worse. Whether we like it or not, passwords are here to stay as a form of authentication. It’s why cybercriminals never stop looking for ways to hack into your network. If your users’ passwords can be guessed, they’ve made the bad actors’ jobs that much easier.

Researchers at Malwarebytes warn that a malvertising campaign is targeting Chinese-speaking users with phony ads for encrypted messaging apps. The ads impersonate apps that are restricted in China, such as Telegram or LINE. “The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead,” Malwarebytes says.

Spear phishing and voice phishing (vishing) are on the rise in the trucking industry, according to a new report from the National Motor Freight Traffic Association (NMFTA). “Spear phishing is still one of the most effective tools attackers have to breach networks,” the report says.

Researchers at Menlo Security observed a 198% increase in browser-based phishing attacks over the past six months. “Attackers have developed tools to craft high quality large scale attacks that target the browser,” the researchers write. “Cybercrime tools, such as phish kits (PhaaS) and ransomware-as-a-service kits (RaaS), have simplified the process of launching sophisticated attacks.

In a new SEC disclosure, Hewlett Packard Enterprise (HPE) announced on Wednesday that it fell prey to the same Russian intelligence group, known as Midnight Blizzard or Cozy Bear, that recently breached Microsoft's email system. This disclosure comes just a week after Microsoft reported a similar intrusion, putting the spotlight back on this notorious hacking group.

The surge in Ransomware-as-a-Service affiliates is likely the reason behind the dramatic increase in the number of victimized organizations, with all indicators suggesting that this trend will persist into 2024. I love it when vendors put out a yearly summary, and do it in the first month of the next year! The data is relevant and helps paint a picture of what the industry should expect in the near future. In Cyberint’s 2023 Ransomware Recap report, we find that ransomware had quite the year.

A suspected North Korean state-sponsored threat actor called “ScarCruft” is launching spear phishing attacks against cybersecurity professionals, according to researchers at SentinelOne.

As the use of Cloud SaaS platforms of generative AI solutions increases, the likelihood of more “GPT” attacks used to gather credentials, payment info and corporate data also increases. In Netskope’s Cloud and Threat Report 2024, they show a massive growth in the use of generative AI solutions – from just above 2% of enterprise users prior to 2023 to over 10% in November of last year. Mainstream AI services ChatGPT, Grammarly, and Google Bard all top the list of those used.

In what appears to be a digital tsunami, Cybernews has reported a colossal data breach has surfaced, unveiling a staggering 26 billion records – a figure that's hard to even fathom. Termed as the Mother of all Breaches (MOAB), this leak is not just another incident in the cybersecurity world, it's a seismic event that dwarfs previous breaches in its sheer magnitude.

I am not scared of AI. What I mean is that I do not think AI is going to kill humanity Terminator-style. I think AI is going to be responsible for more cybercrime and more realistic phishing messages, but it is already pretty bad. Social engineering, without AI, is already involved in 70% - 90% of successful cyber attacks.

BleepingComputer describes a phishing scam that’s been running rampant on Facebook for the past several months, in which threat actors use hacked accounts to post links to phony articles implying that someone has been killed in an accident. The Facebook posts have captions like “I can't believe he is gone,” accompanied by thumbnails of news articles involving car accidents or crime scenes.

The Russian state-sponsored threat actor “COLDRIVER” is launching phishing campaigns against “high profile individuals in NGOs, former intelligence and military officers, and NATO governments,” according to researchers at Google’s Threat Analysis Group (TAG). “COLDRIVER continues its focus on credential phishing against Ukraine, NATO countries, academic institutions and NGOs,” TAG says.

In a Friday regulatory filing, Microsoft has reported that its corporate email accounts were compromised by a Russian state-sponsored hacking group known as Midnight Blizzard, also identified as Nobelium or APT29. Microsoft's disclosure aligns with new U.S. requirements for reporting cybersecurity incidents. The attack was detected on January 12th, 2024, but it appears to have started in November 2023.

A survey by Egress has found that 94% of organizations were hit by phishing attacks in 2023, Infosecurity Magazine reports. Additionally, 91% of firms experienced data loss and exfiltration. The three most common causes of data loss were reckless behavior, human error and malicious exfiltration.

Rather than stick to traditional ransomware extortion methods that revolve around the attack itself, a new form of extortion known as Swatting puts the focus on the victim organization’s customers. A somewhat unexpected mode of extortion appears to be popping up in attacks targeting medical institutions. According to Dark Reading, cybercriminals are making repeat prank calls to police about individuals that are patients impacted by a data breach of a medical facility they are a customer of.

A new analysis of data breaches in the United Kingdom's legal sector shows that organizations need to be looking inward more and look for ways to elevate the security awareness of employees. There’s so much focus on external cybercriminal activity, we often forget about the actions of internal employees that often facilitate a data breach.

A phishing campaign is targeting Chinese users in an attempt to distribute malicious apps, according to researchers at Palo Alto Networks’s Unit 42. "The threat actor masquerades as a law enforcement official and says the target's phone number or bank account is suspected of being involved in financial fraud,” the researchers write. “They then guide the person to download an app that will allow the attacker to investigate their bank transactions.

Mandiant has published a report on “CLINKSINK,” a cryptocurrency Drainer-as-a-Service (DaaS) that’s targeting users of the Solana currency. Mandiant’s own X (formerly Twitter) account was hacked earlier this month and used to distribute a link to the drainer. Threat actors using CLINKSINK have stolen at least $900,000 worth of cryptocurrency in recent weeks.

Regardless of whether your environment remains on-premise, resides in the cloud, or is a hybrid configuration, new data makes it clear that your biggest risk is phishing attacks. According to Netwrix’s 2023 Hybrid Security Trends Report, released late last month, 73% of organizations have some form of hybrid environment, with slightly less than half of all workloads (44%) residing in the cloud.

The Canada-based Women CyberSecurity Society (WCS2) has warned that its leadership, members, and volunteers are being targeted by an SMS phishing (smishing) campaign, IT World Canada reports. “A volunteer recently reported receiving a text message claiming to be from founder Lisa Kearney citing an urgent need for help,” WCS2 says.

It’s no longer theoretical; phishing attacks and email scams are leveraging AI-generated content based on testing with anti-AI content solutions. I’ve been telling you since the advent of ChatGPT’s public availability that we’d see AI’s misuse to craft compelling and business-level email content.

The latest consumer alert posted by the federal trade commission (FTC) signals that the upticks in QR code-based scams are being seen by cybersecurity vendors are indeed a valid growing problem. You won’t need to go very far before you find a QR code. Restaurants commonly use QR codes to point you to a menu, parking lots use them to point you to a website to pay for parking, and according to the FTC, scammers use them to engage you in scams.

Microsoft was the most impersonated brand last quarter, accounting for a third (33%) of all brand phishing attempts in October, November, and December 2023, according to Check Point’s Brand Phishing Report for Q4 2023. Check Point notes, “The technology sector stood out as the most targeted industry overall, with Amazon securing second place with 9% and Google in third at 8%.

Trained security awareness professionals are aware that whatever someone says about themselves and personal experiences can be used against them in a social engineering scam. It is always good to share that message, at least once a year with co-workers, family members, and friends. I was reminded of this latest news story discussing a recent Instagram and TikTok trend. Basically, users are sent (or send) a “survey” that asks the receiver to describe themselves.

We are excited to announce that KnowBe4 has been named a leader in the Winter 2024 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) for the PhishER platform for the eleventh consecutive quarter! The latest G2 Grid Report compares Security Orchestration, Automation, and Response (SOAR) Software vendors based on user reviews, customer satisfaction, popularity and market presence.

We are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares security awareness training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence. Based on 1,455 G2 customer reviews, KnowBe4’s KMSAT is the top ranked SAT platform with 98% of users rating 4 or 5 stars. The KMSAT platform received the highest G2 score among products in the SAT category with a score of 93 out of 100.

Verizon has published an article outlining various forms of social engineering attacks, including SMS/text messaging phishing (smishing), voice phishing (vishing), and spear phishing (targeted attacks, often via email). Verizon warns users to be on the lookout for the following red flags: Verizon concludes, “Remember, phishing is common and perpetrators are hoping to catch you with your guard down. But most companies will never proactively reach out to you.

Millions of data records and GBs of data from organizations around the globe were made freely available to cybercriminals to coincide with dates around Christmas of 2023. The pressure presented by cybercriminals threatening to publish data on the web is very compelling. After all, what company wants to be responsible for millions of everyday people potentially becoming victims of scams and cyber attacks? That’s right, not a single one.

For the first time ever, the U.S. Justice Department announced the existence of an FBI-developed decryption tool that has been used to save hundreds of victim organizations attacked by one of the most prolific ransomware variants in the world. In an announcement made last month, the Justice Department made the world aware of the existence of a decryption tool to be used by those organizations hit by Blackcat – also known as ALPHV or Noberus.

With over half of organizations being the victim of password-based attacks in the last year, new data sheds light on the risk of phishing attacks and the use of password-based credentials. If you don’t think credentials are a key element in cyber attacks, I refer you back to an article of mine from the middle of last year where 15 billion (with a ‘b’) credentials are on sale on the dark web.

Resecurity is tracking a cybercriminal gang called “GXC Team” that develops and sells tools to facilitate online banking theft and social engineering attacks. In November, the gang began selling a tool that uses artificial intelligence to craft fraudulent invoices for use in business email compromise (BEC) attacks. The invoices can hijack business transactions by replacing banking information contained in legitimate invoices.

Be careful of emails, SMS messages, or calls claiming to be from your bank about your card being used fraudulently. If this ever happens, call the phone number on the back of your card. This is a very common sort of social engineering fraud. Do not get scammed like TV host Andy Cohen did.

A flaw found by security researchers in the encryption software allows victim organizations to use “Black Basta Buster” to recover some of their data – but there’s a catch. We’ve all heard – for as long as ransomware attacks have been happening, you either need to pay the ransom or recover from backups. But a third option has now sprouted up on GitHub.

Researchers at Scam Sniffers have found that phishing attacks stole nearly $295 million worth of cryptocurrency from 324,000 victims in 2023, CryptoSlate reports. The cryptocurrency is stolen by malware delivered via phishing sites. “Wallet Drainers, a type of malware related to cryptocurrency, has achieved significant success over the past year,” the researchers write.

Hitting three hospitals within a Germany-based hospital network, the extent of the damage in this confirmed ransomware attack remains undetermined but has stopped parts of operations. It appears that affiliates of ransomware gangs have forgotten the golden rule – you don’t hit hospitals. It’s one thing to disrupt operations at a regular brick and mortar business. But hitting a business where someone’s life could be literally placed in jeopardy because a system is unavailable?

Every person and organization is different and requires slightly different methods and ways of learning. But every person and organization can benefit by more frequent security awareness training (SAT). Most organizations do not do enough. Training and testing once a year certainly is not that helpful. How often should you do SAT to get the biggest decrease in cybersecurity risk? At least once a month, if not more. But a sophisticated SAT program includes a combination of methods and tools.