Updated as of June 7th 2021 It's an excellent time to be an online retailer. In 2021, over 230 million Americans will be shopping digitally, positioning the United States as one of the leading e-commerce markets. Social platforms are highly influential with millennials, teens, and Gen Z consumers; 50 percent of college students have purchased on Instagram, and 48% of U.S. internet users aged 18 to 34 years have purchased through social media this year.

SMS-based phishing attacks are nothing new. They’ve been around in one form or another since the technology became mainstream in the mid-90s, and more so since the introduction of smartphones a decade and a half ago. However, in their latest incarnation, AKA Smishing, such attacks are progressively executed on a scale never seen before. In the last couple of months, Cyberint has seen an increase of SMS phishing attacks targeting the customers of retail companies.

The AXA Group has been targeted by Ransomware and the threat actors have publicly announced this incident. AXA Group’s IT Operations were affected regionally in the Philippines, Thailand, Malaysia and Hong Kong. The hostaged data, amounting to approximately 3 terabytes, consisted of customers’ personally identifiable information, health records, medical claims, patients’ personal health conditions, photos of IDs and passports, bank documents, and hospital invoices.

Threat intelligence solutions provide security teams with critical context on cybersecurity vulnerabilities and the threat actors seeking to exploit them. This helps organizations to respond proactively and efficiently to threats. Yet while all threat intelligence tools offer the core feature of basic information about cybersecurity threats, they vary significantly in the ways they make available that data.

First observed in 2019 and advertised (Figure 1) as a 'Malware-as-a-Service' (MaaS) threat on various cybercriminal forums, Raccoon is an information stealer targeting victim credentials and cryptocurrency wallets. Seemingly favored by some threat actors due to its simplicity, the malware element of Raccoon omits advanced features, such as those used to evade detection, and instead focuses on the 'stealer' task in hand.

In yet another high-impact and high-profile ransomware incident, the 'big game hunter' ransomware group 'DarkSide' accepted responsibility for an attack against the US-based Colonial Pipeline Company, an organization providing fuel pipeline services across multiple states (Figure 1) that transport a reported 100 million US gallons of fuel daily including direct service to airports.

Details of several high severity vulnerabilities in Dell's firmware update driver, grouped together as CVE2021-21551 with a CVSS score of 8.8, were published on 4 May 2021 and could lead to privilege escalation, denial of service and/or information disclosure on affected devices.

Your brand is the image your customers have of your business; this is precisely what makes your brand into such a valuable asset. It’s no surprise that brand presence is increasingly shifting into the digital realm. And while digital transformation brings with it a whole new world of possibilities, the digitization of the brand also introduces new risks.

If anyone has benefitted from the pandemic, it has been cyber attackers. As businesses expanded their investment in cloud resources and other IT resources in response to the pandemic, cyberattacks also dramatically increased. Businesses reported 445 million cyberattack incidents in 2020, double the rate for 2019. It didn’t have to be this way. With stronger threat intelligence solutions in place, many of the security incidents of 2020 could likely have been averted.

In yet another example of VPN appliance vulnerabilities being actively exploited by threat actors, 20 April 2021 saw the publication of a critical Pulse Connect Secure (PCS) SSL VPN appliance vulnerability, CVE-2021-22893, allowing an authentication bypass that leads to an unauthenticated threat actor gaining the ability to remotely execute arbitrary code on a PCS gateway.