A new malware loader is delivering the Agent Tesla remote access Trojan (RAT), according to researchers at Trustwave SpiderLabs. The malware is distributed by phishing emails with malicious attachments. “The threat begins with a fake bank payment email designed to deceive recipients,” the researchers write.

New data shows organizations are well aware that their users are one of their greatest cybersecurity risks today, and yet aren’t taking the right steps to remediate the risk. KnowBe4 exists and continues to thrive because the human threat surface is far and wide. Email, text, web surfing, phone calls and crafty combinations therein all create somewhat unique attacks. In each of these instances, the user is relying on technology to stop the threat before the attack gets to them.

Using little more than a well-known business name and a invoice-related PDF, the “NaurLegal” phishing campaign aims at installing malware trojans. This new campaign spotted by security analysts at BlueVoyant demonstrates how effective spear phishing can be — even when the phishing execution itself is relatively basic. According to the analysis, threat actors impersonate well-known law firms and send out PDF attachments with the filename "Invoice_.pdf." Simple enough, right?

Analysis of a new initial access malware attack shows how simple these attacks can be while also proving that malware can reside on legitimate repositories. Security analysts at cybersecurity company Fortinet dissect the methods and actions taken by a new malicious Java-based downloader intent on spreading the remote access trojans (RAT) VCURMS and STRRAT.

The threat of novel malware is growing exponentially, making it more difficult for security solutions to identify attachments and links to files as being malware. According to BlackBerry’s new Global Threat Intelligence Report, the problem of novel malware has been continually growing over the last year. At the beginning of last year, BlackBerry was detecting new malware at a rate of just one per minute. By the next month, it was 1.5, 2.9 pieces per minute by August of last year.

A Phishing-as-a-Service (PhaaS) platform called “Tycoon 2FA” has surged in popularity over the past several months, according to researchers at Sekoia. The phishing kit is notable for its focus on bypassing victims’ multi-factor authentication measures.

A new report on the state of email security sheds some light on how organizations are viewing and approaching cyber insurance as they shift strategy toward being cyber resilient. The topic of cyber insurance has been covered quite a bit here on this blog. From when cyber insurance first began as a concept, to the challenges it poses for organizations looking as their last resort after an attack, to changes in insurance policy and law.

The FBI’s Internet Crime Complaint Center (IC3) newly-released Internet Crimes Report provides an unbiased big picture of the cyber crimes that were the most used and most successful. A few weeks ago we covered the alarming trends on ransomware, and FBI’s IC3 division took in over 880,000 complaints last year from individuals and businesses about every cyber crime being committed. Unfortunately, the details on overall cyber crime show things are not improving.

New data shows increased expertise in leveraging and exploiting cloud environments. CrowdStrike’s 2024 Global Threat Report shows that targeted attacks on cloud environments have increased, signaling that the cybercrime economy has realized the “untapped market” of the cloud environment.

In an age when 70% - 90% of successful data breaches involve social engineering (which gets past all other defenses), sufficient training is needed to best reduce human-side cybersecurity risk. Everyone should be trained in how to recognize social engineering attempts, how to mitigate (i.e., delete, ignore, etc.) them, and how to appropriately report them if in a business scenario. The amount of time an organization should devote to security awareness training (SAT) is still up for debate.

The threat group "RA World" (formerly RA Group) has shifted from country-specific ransomware attacks to include specific industries via a new - not previously seen - method of extortion. I don’t like it when I hear about ransomware groups growing, but that's the case in TrendMicro’s new analysis of RA World ransomware. What was once through to be a smaller operation focused on attacks targeting organizations in South Korea and the U.S.

The following paragraphs were cited directly from my recent article highlighting social engineering. "Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close. This is not a recent development. Social engineering has been the number one type of attack since the beginning of networked computers. Despite this long-time fact, most organizations do not spend 3% of their IT/IT Security budget to fight it.

Researchers at IBM X-Force are monitoring several ongoing phishing campaigns by the Russian state-sponsored threat actor ITG05 (also known as “APT28” or “Fancy Bear”). APT28 has been tied to Russia’s military intelligence agency, the GRU.

New analysis shows that the combination of phishing, email, remote access, and compromised accounts are the focus for most threat actors. Data across the industry corroborates new findings in cyber risk advisory and response firm Kroll’s just-released Q4 2023 Cyber Threat Landscape Report. But what’s interesting in this report is how the data tells a story of where organizations are falling short in their preventative efforts.

Today, artificial intelligence (AI) is no longer a futuristic concept but a tool that is driving operational efficiency, customer experience, and decision-making processes. Organizations are observing its transformative power firsthand across various industries and organizational aspects.

A joint cybersecurity advisory published last week discusses ransomware attack impacts on healthcare, along with ALPHV’s attack techniques, indicators of compromise (IoCs) and proper response actions. ALPHV is a big enough problem that Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Department of Health and Human Services (HHS) all are getting together to put healthcare organizations on notice.

New analysis of incident data shows threat actors are evolving their attack techniques to take advantage of budget and resource-strapped small businesses. We’ve seen industry data showing that cybercriminals have been slowly creeping downward from solely going after enterprises to targeting the SMB.

Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close. This is not a recent development. Social engineering has been the number one type of attack since the beginning of networked computers. Despite this long-time fact, most organizations do not spend 3% of their IT/IT Security budget to fight it.

Business email compromise (BEC) attacks surged by 246% last year, according to researchers at ReliaQuest.The researchers believe the increase is due to widely available phishing kits that facilitate BEC.

With QR-code phishing attacks on the rise, new data sheds light on just how unprepared organizations actually are in stopping and detecting these device-shifting attacks. One of the challenges with attacks is that we rely on security solutions to look for indicators of malicious intent. Content within an email, where a link points to, and the insides of an attachment can indicate potential foul play.

Scammers are using AI technology to assist in voice phishing (vishing) campaigns, the Better Business Bureau (BBB) warns. Generative AI tools can now be used to create convincing imitations of people’s voices based on very small audio samples. “At work, you get a voicemail from your boss,” the BBB says. “They instruct you to wire thousands of dollars to a vendor for a rush project. The request is out of the blue. But it’s the boss’s orders, so you make the transfer.

Data trends show a clear upward momentum of posts from initial access brokers on the dark web, putting the spotlight on what may become cybersecurity’s greatest challenge. Any organization that has made cybersecurity a priority is laser focused on putting preventative measures, multiple means of detection, and a response plan in place.

As cybercriminals leverage tools like generative AI, making attacks easier to execute and with a higher degree of success, phishing attacks continues to increase in frequency. I’ve been covering the cybercrime economy’s use of AI since it started. I’ve pointed out the simple misuse of ChatGPT when it launched, the creation of AI-based cybercrime platforms like FraudGPT, and how today’s cybercriminal can basically create foolproof malicious content.

Do not forget, AI-enabled technologies, like KnowBe4’s Artificial Intelligence Defense Agents (AIDA), will make defenses increasingly better. I get asked a lot to comment on AI, usually from people who wonder, or are even a bit scared, about how AI can be used to hurt them and others. It is certainly a top topic everyone in the cybersecurity world is wondering about. One of the key questions I get is: How much worse will AI make cybercrime? The quick answer is: No one knows.

Scammers are impersonating job-seeking platform Dice with phony employment opportunities designed to steal victims’ information. “This week, Dice received reports that individuals are receiving messages from senders claiming to be Dice recruiters on various messaging apps,” the company says.

According to my research, it became clear that if CISO's focused on these three items, it would take care of 99% of the vulnerabilities. One: There are three top root hacking causes, and they comprise almost all of the cybersecurity risk most organizations face: These three most popular root hacking causes are often co-mingled together to bring about the desired effect.

The specter of cybercrime continues to grow, with losses soaring to $12.5 billion in 2023, according to the recently released Internet Crime Report by the FBI's Internet Crime Complaint Center (IC3). The revelations underline an alarming surge in cybercrime, affecting both business and personal interests alike, with the main attack vectors being investment fraud, business email compromises and an increased surge of ransomware attacks on nearly every critical infrastructure sector.

The construction of a more cyber resilient European Union (EU) took a remarkable step forward this past week as negotiators from the European Parliament and the European Council reached a provisional agreement on the proposed Cyber Solidarity Act. Proposed last year, the Cyber Solidarity Act is composed of three key pillars that seek to crack the daunting challenge of detecting, preparing for, and responding to cybersecurity threats and incidents that shake up the security sphere.

A recent report reveals a significant discrepancy in the priorities of mid-market IT departments when it comes to addressing cyber threats. It's somewhat ironic that IT professionals find themselves entangled in a logical paradox when responding to surveys, as demonstrated by Node4’s Mid-Market IT Priorities Report 2024.

New analysis of DNS queries shows material growth in phishing, malware and botnets and offers insight into how many threats the average person experiences. Most of the reports I cover use detection on an endpoint, a security solution, or the corporate network for their analysis, but the 2024 Annual Security Report from DNSFilter feels a bit more impartial because it uses DNS queries to determine whether whether malicious activity is occuring.

Researchers at Lookout have discovered a sophisticated phishing kit that’s targeting employees at the US Federal Communications Commission (FCC), as well as employees of cryptocurrency exchanges Binance and Coinbase. The kit also targets users of cryptocurrency platforms, including Binance, Coinbase, Gemini, Kraken, ShakePay, Caleb & Brown and Trezor.

A recent great article by BleepingComputer about domain hijacking and DMARC abuse reminded me that many companies and people do not understand DMARC well enough to understand what it does and how it helps to prevent phishing. And look-alike and neglected domains challenge its protective value to unknowledgeable email recipients. This article is about how to understand and proactively use DMARC. DMARC.

Analysis of the second half of 2023 shows attackers are getting more aggressive with email-based phishing attacks in both frequency and execution. Until there’s a catch-all way to stop malicious emails from being an effective means of initial attack, phishing will continue to grow as the primary initial attack vector for cybercriminals.

As social media phishing reaches new heights, new data reviewing 2023 shows a massive effort by cybercriminals to leverage impersonation of social media brands. Cybercriminals are no longer just targeting your corporate network. Due to the rise of the cybercrime economy, there are a growing number of cybercriminal gangs strictly going after initial access (that can be sold to other cybercriminals).