Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

KnowBe4

Major Scam Operation Uses Deepfake Videos

Researchers at Palo Alto Networks’ Unit 42 are tracking dozens of scam campaigns that are using deepfake videos to impersonate CEOs, news anchors, and high-profile government officials. Unit 42 believes a single threat actor is behind the scheme. The researchers discovered hundreds of domains used to spread these campaigns, each of which has been visited an average of 114,000 times. The goal of the operation is to spread investment scams and fake government-sponsored giveaways.

U.S. Experiences 52% Increase in the Number of Ransomware Attacks in One Year

New analysis of current ransomware attacks shows a massive focus on U.S. organizations, with growth spread across nearly every industry. One would think there would be a slowdown in the number of ransomware attacks due to the amount of threat intelligence and best practices to mitigate this threat.

Nearly Half of Mid-Market and Enterprise Organizations Have Experienced Four or More Ransomware Attacks in the Last Year

New data exposes the reality of ransomware attacks today, including their frequency, impact, ransom payment – and the involvement of human error. It’s readily evident that ransomware is only growing as a threat. But a new infographic from ERP Cybersecurity vendor Onapsis covering the state of ransomware provides some context on just how critical the threat is right now: The most shocking stat is that in 81% of attacks, human error was involved in the successful execution of the ransomware.

Threat Actors Abuse Microsoft Sway to Launch QR Code Phishing Attacks

Researchers at Netskope last month observed a 2000-fold increase in traffic to phishing pages delivered through Microsoft Sway. The phishing attacks are targeting organizations in the technology, manufacturing, and finance sectors in Asia and North America. Most of these attacks involved QR code phishing (quishing) to trick victims into visiting the malicious sites.

Fewer, High-Profile Ransomware Attacks Are Yielding Higher Ransoms

Analysis of cryptocurrency payments made on the blockchain highlights shifts in the size and frequency of ransomware attacks and may paint a bleak picture for the remainder of the year. Each quarter, blockchain analysis company, Chainalysis, analyzes cybercriminal activity from the perspective of blockchain use to facilitate payments, crypto theft, etc.

Phishing Attacks Are Increasingly Targeting Social Media and Smartphone Users

Threat actors are increasingly tailoring their attacks to target social media apps and smartphone users, according to a new report from the Anti-Phishing Working Group (APWG). As email security technologies improve, scammers are turning to social media apps, text messages, and voice calls to conduct social engineering attacks.

Email Compromise Remains Top Threat Incident Type for the Third Quarter in a Row

New analysis of Q2 threats shows a consistent pattern of behavior on the part of threat actors and threat groups, providing organizations with a clear path to protect themselves. It’s every cybersecurity professionals’ worry; whether the security controls they’ve put in place will actually stop attacks.

More Carrots and Fewer Sticks

As I sit in the 2024 Seattle Convene conference this week and listen to speaker after speaker talk about their successful security awareness training programs, one thing is perfectly clear. They all prefer carrots and fewer sticks. A question human risk managers frequently ask me is what role negative consequences should play in a successful security awareness training program?

Ransomware Recovery Costs Have Doubled for State and Local Governments

Thirty-four percent of state and local government entities were hit by ransomware in 2024, a new report from Sophos has found. While this is a decrease compared to the attack rate in 2023, the mean cost of recovery for these entities has more than doubled to $2.83 million. Seventy-two percent of ransom demands made to state and local government organizations in 2024 were for $1 million or more, with 37% of demands for $5 million or more.

The Number of Email-Based Cyber Attacks Detected Surge 239% in 1H 2024

New data shows the most prevalent and obvious path into an organization – email – continues to be exploited by a growing number of cybercriminals. Email is one of those technologies that doesn’t seem willing to be replaced by collaborative tools that connect individuals and organizations – in many cases – in far more productive ways. And because of this, cybercriminals continue to leverage email to gain access to users.