Researchers at Abnormal Security have observed a 360% increase in phishing attacks against state and local government entities over the past year. The researchers write, “While phishing tends to consistently increase each year and regularly accounts for the majority of advanced threats, this level of growth is extraordinary.” Threat actors often use phishing to gain a foothold within an organization before launching more follow-on attacks.

Ransomware is more prolific and expensive than ever. Depending on the source you read, the average or median ransomware payment was at least several hundred thousand dollars to well over several million in 2023. Marsh, a leader in cybersecurity insurance, wrote that its customers paid an average of $6.5 million in ransom in 2023 (after just paying an average of $1.4 million in 2023).

Recently I had to prepare for a governance, risk and compliance conference. I promptly realized that although I used to be quite immersed in this field as an ISO 27k implementation consultant and even a short stint as a Payment Card Industry (PCI QSA) auditor years ago, it has been a while since I looked into this.

I recently read a story about a South Korean telecom company that pushed out malware to over 600,000 of its customers who were using torrents to share files, in a bid to limit their file-sharing capabilities. Users reported that their files went missing, random folders appeared, and in some cases, their PCs were disabled.

Researchers at Check Point observed more than a thousand newly registered malicious or suspicious web domains related to Amazon last month. The criminals are likely gearing up to target users during Amazon Prime Day next week. “While Prime Day offers incredible savings, it is crucial for shoppers to remain vigilant, exercise caution while clicking on links or providing sensitive information, and ensure they are navigating legitimate platforms,” the researchers write.

Analysis of the latest phishing-as-a-service (PhaaS) platform ONNX Store highlights just how successful these platforms can be. Security analysts at threat intelligence vendor Eclectic IQ have been tracking ONNX Store, noting it’s a rebranded evolution of the Caffeine PhaaS platform. According to analysis, ONNX has been used to target financial institutions, “including banks, private funding firms and credit union service providers across the EMEA and AMER regions.”

A new phishing campaign tries to trick email recipients into pasting and executing malicious commands on their system that installs DarkGate malware. Security researchers at Ahnlab have discovered a new phishing campaign that leverages a unique user interaction. Normally, phishing campaigns simply need users to open an HTML attachment.

As social media becomes more intertwined with our daily routines, cybercriminals are using it to trick people with fake job offers. What are these social-media recruitment scams, and how can you spot the red flags? With unemployment surging in many countries around the world, in particular countries like South Africa, which is currently at the top of the highest unemployment list in the world at over 32%, it’s no wonder that scams targeting job seekers are becoming more common.

Researchers at Menlo Security discovered three state-sponsored phishing campaigns that have targeted 40,000 important individuals over the past three months.