A survey by Egress has found that 94% of organizations were hit by phishing attacks in 2023, Infosecurity Magazine reports. Additionally, 91% of firms experienced data loss and exfiltration. The three most common causes of data loss were reckless behavior, human error and malicious exfiltration.
Account takeover (ATO) is a form of identity theft that happens when cybercriminals get their hands on a victim's login details. Once a fraudster has unlawful access to users' email accounts, they can impersonate their victims and trick employees into sending sensitive business data or large sums of money. In our recently published Email Security Risk Report, 58% of the 500 companies surveyed had experienced account takeover.
This year’s Email Security Risk Report touches on a range of topics from inbound email security and data loss prevention, including the fallout of successful phishing attacks, how Cybersecurity leaders feel about their secure email gateways (SEGs), and the limitations of traditional SAT programs.
A phishing campaign is targeting Chinese users in an attempt to distribute malicious apps, according to researchers at Palo Alto Networks’s Unit 42. "The threat actor masquerades as a law enforcement official and says the target's phone number or bank account is suspected of being involved in financial fraud,” the researchers write. “They then guide the person to download an app that will allow the attacker to investigate their bank transactions.
Mandiant has published a report on “CLINKSINK,” a cryptocurrency Drainer-as-a-Service (DaaS) that’s targeting users of the Solana currency. Mandiant’s own X (formerly Twitter) account was hacked earlier this month and used to distribute a link to the drainer. Threat actors using CLINKSINK have stolen at least $900,000 worth of cryptocurrency in recent weeks.
Regardless of whether your environment remains on-premise, resides in the cloud, or is a hybrid configuration, new data makes it clear that your biggest risk is phishing attacks. According to Netwrix’s 2023 Hybrid Security Trends Report, released late last month, 73% of organizations have some form of hybrid environment, with slightly less than half of all workloads (44%) residing in the cloud.