Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What if there were a way to negate the effectiveness of multi-factor authentication (or even bypass secure login protocols) without ever cracking a password? Session hijacking offers attackers a tempting shortcut to user accounts, bypassing the usual security barriers. In 2022 alone, researchers scouring the shadier corners of the internet (like the dark web) found 22 billion device and session cookie records – each of which could help to enable session hijacking.

Today, businesses don’t just rely on digital networks—they’re woven into them, with partners, third-party apps, and cloud platforms shaping their every move. Yet, every click, swipe, and connection opens a new door for attackers. As of August 2024, a staggering 52,000 new common vulnerabilities and exposures (CVEs) were identified worldwide, with last year alone witnessing a record 29,000 CVEs. These numbers paint a clear picture: cyber threats are multiplying at an alarming rate.

If there’s one fraud statistic worth dwelling on as Fraud Awareness Week 2024 passes, it’s this – in the past year, scams of one type or other siphoned $1 trillion globally, according to the Global Scam Alliance’s State of Scams Report 2024. But this figure only scratches the surface of cybercrime’s total global cost, projected to reach $10.5 trillion in 2025, according to Cybersecurity Ventures, the world’s leading source of cyber research.

In today’s cyber attack scene, data often takes a detour – straight through hackers’ systems. Unlike phishing or ransomware, which aim to trick users into handing over credentials or stealing data directly from systems, a Man-in-the-Middle (MitM) attack involves an unseen intermediary trying to fool each of two parties into thinking he’s the other one, capturing and/or altering information communicated between the parties, etc.

Frequent flyer programs have long been a symbol of loyalty and reward in the airline industry. These programs are intended to reward travelers with benefits and encourage ongoing customer relationships. However, a growing and pervasive threat is lurking beneath the allure of free miles and exclusive perks: Frequent Flyer Miles fraud. At the last credible count in 2018, there were over 30 trillion unspent miles in circulation, according to McKinsey.

Your customers’ stolen data could be for sale right now – and you might not even know it. The dark web is a thriving, shadowy marketplace where fraudsters trade credit card numbers, account details, session cookies, and even entire identities. On average, there were more than 2.5 million daily visitors to the dark web in 2023, showcasing the scale of this underground economy.

If you’ve ever run an online ad campaign, be it through an advertising agency or in-house, there’s a very high chance that you, too, have fallen victim to undetected ad fraud. It’s not pleasant to hear, but your ad dollars often find their way into the pockets of cyber crooks. The costs of ad fraud are astronomical and continue to grow year after year. In Q1 of 2024, ad networks experienced an 18% click fraud rate across desktop web (26%), mobile web (15%), and mobile in-app (10%).

More transactions, less vigilant consumers, and countless digital impersonators ready to exploit them – for scam-targeted industries and cyber teams, the holiday season is a full-spectrum stress test. Those who pass with flying colors have likely adopted key reinforcements that adapt posture for the era of off-the-shelf social engineering scams assisted by AI. Those that don’t are likely still reliant on outdated solutions and customer education.

Imagine scanning a QR code to pay for parking or to buy a new jacket, only to realize you handed over credentials or card data to fraudsters. Yes – phishing is now also an offline phenomena, expanding its reach into real-world spaces via QR codes. Known as ‘QRishing’, this increasingly common attack exploits growing reliance on QR codes in both online and everyday physical environments, exploiting users’ lack of vigilance.

From groceries to gadgets, everything can be delivered to your doorstep these days with just a few clicks. In this e-commerce world, logistics and postal companies have become critical players in the retail sector, with brand names that everyone recognizes. But this has also made them goldmines of PII that attackers would do anything to get their hands on.