Check Point’s review of ransomware shows that the percent of organizations worldwide hit by this greatest of cyberthreats rose by a whopping 33% in 2023. In 2022, 1 in 13 organizations globally had been the victim of a ransomware attack. According to the latest Check Point Research, that ratio worsened to just 1 in 10 in 2023. That represents 60,000 attempted attacks per organization throughout the year.

Researchers have developed AI technology that can mimic someone’s handwriting with only a few paragraphs of written content. Experts worry about the possibility of misuse. The Mohamed bin Zayed University of Artificial Intelligence (MBZUAI) in Abu Dhabi announced they have developed handwriting AI based on a neural network designed to learn context and meaning in sequential data.

Researchers at Check Point warn that scammers are using airdrops to distribute phony non-fungible tokens (NFTs) that direct users to malicious sites. “This campaign is unique in its methodology, employing a source spoofing technique to target a broad spectrum of token holders,” the researchers write.

Passwords are part of every organization’s security risk profile. Just one weak password with access to an organization’s critical systems can cause a breach, take down a network or worse. Whether we like it or not, passwords are here to stay as a form of authentication. It’s why cybercriminals never stop looking for ways to hack into your network. If your users’ passwords can be guessed, they’ve made the bad actors’ jobs that much easier.

Researchers at Malwarebytes warn that a malvertising campaign is targeting Chinese-speaking users with phony ads for encrypted messaging apps. The ads impersonate apps that are restricted in China, such as Telegram or LINE. “The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead,” Malwarebytes says.

Spear phishing and voice phishing (vishing) are on the rise in the trucking industry, according to a new report from the National Motor Freight Traffic Association (NMFTA). “Spear phishing is still one of the most effective tools attackers have to breach networks,” the report says.

Researchers at Menlo Security observed a 198% increase in browser-based phishing attacks over the past six months. “Attackers have developed tools to craft high quality large scale attacks that target the browser,” the researchers write. “Cybercrime tools, such as phish kits (PhaaS) and ransomware-as-a-service kits (RaaS), have simplified the process of launching sophisticated attacks.

In a new SEC disclosure, Hewlett Packard Enterprise (HPE) announced on Wednesday that it fell prey to the same Russian intelligence group, known as Midnight Blizzard or Cozy Bear, that recently breached Microsoft's email system. This disclosure comes just a week after Microsoft reported a similar intrusion, putting the spotlight back on this notorious hacking group.

The surge in Ransomware-as-a-Service affiliates is likely the reason behind the dramatic increase in the number of victimized organizations, with all indicators suggesting that this trend will persist into 2024. I love it when vendors put out a yearly summary, and do it in the first month of the next year! The data is relevant and helps paint a picture of what the industry should expect in the near future. In Cyberint’s 2023 Ransomware Recap report, we find that ransomware had quite the year.

A suspected North Korean state-sponsored threat actor called “ScarCruft” is launching spear phishing attacks against cybersecurity professionals, according to researchers at SentinelOne.