A survey by Egress has found that 94% of organizations were hit by phishing attacks in 2023, Infosecurity Magazine reports. Additionally, 91% of firms experienced data loss and exfiltration. The three most common causes of data loss were reckless behavior, human error and malicious exfiltration.
Rather than stick to traditional ransomware extortion methods that revolve around the attack itself, a new form of extortion known as Swatting puts the focus on the victim organization’s customers. A somewhat unexpected mode of extortion appears to be popping up in attacks targeting medical institutions. According to Dark Reading, cybercriminals are making repeat prank calls to police about individuals that are patients impacted by a data breach of a medical facility they are a customer of.
A new analysis of data breaches in the United Kingdom's legal sector shows that organizations need to be looking inward more and look for ways to elevate the security awareness of employees. There’s so much focus on external cybercriminal activity, we often forget about the actions of internal employees that often facilitate a data breach.
Some particularly cold-hearted scammers are targeting users of lost pet forums with phony ransom demands, the BBC reports. “A BBC North West investigation found scammers have targeted scores of dog and cat lovers with threatening calls,” the BBC says. “They prey on owners by claiming to have their lost pets before demanding cash.
A phishing campaign is targeting Chinese users in an attempt to distribute malicious apps, according to researchers at Palo Alto Networks’s Unit 42. "The threat actor masquerades as a law enforcement official and says the target's phone number or bank account is suspected of being involved in financial fraud,” the researchers write. “They then guide the person to download an app that will allow the attacker to investigate their bank transactions.
Mandiant has published a report on “CLINKSINK,” a cryptocurrency Drainer-as-a-Service (DaaS) that’s targeting users of the Solana currency. Mandiant’s own X (formerly Twitter) account was hacked earlier this month and used to distribute a link to the drainer. Threat actors using CLINKSINK have stolen at least $900,000 worth of cryptocurrency in recent weeks.
A new article explains how business professionals are beginning to be not-so-professional and seeking to make personal connections. It’s only a matter of time before cybercriminals jump in. I came across a recent Business Insider article entitled, “The hottest new dating site: LinkedIn.” The title made me laugh… and then when I put my cybersecurity hat back on, the laughing stopped.
Regardless of whether your environment remains on-premise, resides in the cloud, or is a hybrid configuration, new data makes it clear that your biggest risk is phishing attacks. According to Netwrix’s 2023 Hybrid Security Trends Report, released late last month, 73% of organizations have some form of hybrid environment, with slightly less than half of all workloads (44%) residing in the cloud.
