Recently, Apple launched its Apple Vision Pro to much fanfare and has pushed the discussion of Augmented Reality (AR) beyond the realms of gaming and entertainment. From healthcare innovations to retail experiences and manufacturing enhancements, AR has the potential to reshape operational frameworks and redefine user interactions. Yet, as we pivot towards exploring the symbiotic relationship between AR and cybersecurity, we're opening Pandora's box to a new dimension of cyber threats.

New data summarizing the compromises of data in 2023 provides key details on who’s being targeted, what types of data is being compromised, and what attack vectors are being used. I’ve covered reports from the Identity Theft Resource Center (ITRC) – their coverage of attacks over the years has grown to include much more than identity theft.

A phishing campaign is attempting to trick users into downloading remote monitoring and management (RMM) software like AnyDesk, Atera, and Splashtop, according to researchers at Malwarebytes. While these tools are legitimate, they can be exploited by threat actors to carry out many of the same functions as malware. These tools may also be less likely to be flagged as malicious by antivirus software.

As the popularity of SaaS apps continues to grow, security analysts expect the misuse of such apps as the host for malware downloads to continue to rise through 2024. I’ve provided plenty of examples on this blog of threat actors using cloud-based SaaS applications to host impersonated websites and malicious downloads. The credibility of such sites aids the cybercriminal, as traffic to and from reputable sites have a tendency to get past security solutions.

Researchers at Volexity warn that the suspected Iranian threat actor CharmingCypress (also known as “Charming Kitten” or “APT42”) has been launching spear phishing attacks against Middle Eastern policy experts. “Throughout 2023, Volexity observed a wide range of spear-phishing activity conducted by CharmingCypress,” the researchers write.

The UK's National Cyber Security Centre (NCSC), recently shared its findings on how AI might reshape the cyber landscape. In two separate posts, the NCSC is warning that the global ransomware threat is expected to rise with AI. It appears that while AI beckons with one hand, it wields a knife in the other. On one side, we have AI's potential to supercharge economic growth, scientific breakthroughs, and societal benefits. On the flip side lurks the specter of security risks posed by AI's misuse.

Analysis of this newly-spotted service makes it clear that the newest entrant into the Ransomware-as-a-Service (RaaS) space has taken note of where predecessors are lacking and launched a better product. Given the financial and operational disruption ransomware has caused since last year, any headline about a new RaaS will surely lead to anxiety and grimace for IT and security professionals.

Valentine's Day. A time where love is in the air, florists work overtime, and restaurant tables are as scarce as a truthful politician. But as we're busy swiping right in hopes of finding that special someone, cybercriminals are swiping left...on your security. Heartbreak hits differently when it's your bank account that's been ghosted.

The US Federal Trade Commission (FTC) has disclosed that people in the United States lost a record $10 billion to fraud in 2023, a 14% increase from 2022. Nearly half of the losses were due to investment scams. “Consumers reported losing more money to investment scams—more than $4.6 billion—than any other category in 2023. That amount represents a 21% increase over 2022,” the FTC says.

New data sheds light on what kinds of cyber attacks are targeting your cybersecurity team, what it’s costing them, why it’s taking so much time to fix, and where you should focus resources. Barracuda’s Cybernomics 101 report provides a lot of insight into the current economics of cyber attacks. According to the report: The average largest ransom any organization paid is $1.38 million, with an average cost of $5.34 million to respond to compromises!