Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Introduction AsyncRAT, also known as "Asynchronous Remote Access Trojan," represents a secretive form of malware meticulously crafted to infiltrate computer systems and exfiltrate critical data. Recently, McAfee Labs unveiled a novel avenue through which this insidious threat proliferates, elucidating its inherent peril and adeptness at circumventing security measures.

Imagine receiving a work email from your finance department asking about an overdue invoice. You notice it has a few extra typos and uses strange language, so disregarding it as junk. What you don’t know is that your very busy coworker receives the same email at the same time. Because they’re more distracted than normal, they respond, unknowingly aiding with a business email compromise (BEC) attack.

Behavioral threats and social engineering attacks target the human psyche rather than exploiting technical vulnerabilities. They rely on psychological manipulation, deception, and exploiting human trust to trick individuals into divulging sensitive information, clicking on malicious links, or taking actions that compromise security. Understanding these tactics and the human behaviors they exploit is key to effectively mitigating email security risks.

The long-awaited annual Verizon Data Breach Investigations Report is out, and it’s made very clear that users continue to be a problem in phishing attacks. I’ve said it before, if you only read one report each year, the Verizon Data Breach Investigations Report is one you shouldn’t miss. And this year’s report starts off with a topic close to our hearts here at KnowBe4: users engaging with phishing emails and clicking links.

Many of us think we’re too smart to get scammed by fake company emails. We also believe our biggest cybersecurity threats will be more complex than they have been in the past, and that today’s scammers and phishers will only target government and financial institutions with cutting-edge hacking and infiltration techniques. Regrettably, the threat of seemingly simple business email compromise (BEC) attacks is as prevalent as ever.

The FBI has named Business Email Compromise (BEC) a $26 billion scam, and the threat is only increasing. Business email compromise (BEC) is a type of cybercrime in which a threat actor uses an email information-seeking scam to target a business to defraud the entire organization. Using social engineering techniques, BEC often occurs over fraudulent emails.

In 2023, over 45% of all emails worldwide were spam - the digital equivalent of junk mail. Spam emails are an unsolicited nuisance and a pervasive problem overwhelming the Internet's email systems. Some spam is simply unwanted marketing and advertising from legitimate businesses, but some of it is much worse. It can quickly overwhelm your inbox and wreak havoc on your device. And yes, mobile phones can get viruses just like computers.

Newly-released data highlights our worst fears about the prevalence of phishing, and some glimmer of hope that the good guys may be winning the fight. Every quarter, the Anti-Phishing Working Group puts out a Phishing Activity Trends Report to highlight the changes in phishing attacks, including the number of campaigns, attacks, targets, and brands impersonated. The focus of the report covering 4th Quarter 2023 was the significant dip in the number of attacks in Q3 of last year.

Security awareness training (SAT) holds a crucial role in protecting businesses from modern threats. A well-designed SAT program not only educates employees but also helps foster a genuine security-conscious culture within the organization. In this blog, we explore how organizations can level up their basic SAT initiatives and highlight the oversight of compliance-driven training in fostering a genuine security-conscious culture.

This blog was co-written by Javvad Malik and Erich Kron. Let’s dive into the cautionary world of phishing simulations gone wrong. You know, those attempts to train users not to fall for phishing that somehow end up setting off more alarms than a Hawaiian missile alert system. Let's explore why we need to phish our users, but more importantly, how not to phish them. We turn to two of our trusted security awareness advocates Javvad Malik (JM) and Erich Kron (EK) to shed some light on the matter.