A recent report from UK Finance covered by the BBC paints a concerning picture of the evolving landscape of financial fraud. With a 16% rise in fraud cases and criminals stealing over £3 million daily, it's clear that awareness of cybersecurity threats has never been more crucial. Why Social Engineering Continues to Triumph At the heart of many of these scams is the fact that even the most robust technological defenses can be circumvented by exploiting humans.

Cybercriminals are offering tools to help phishing pages avoid detection by security tools, according to researchers at SlashNext. “Anti-bot services, like Otus Anti-Bot, Remove Red, and Limitless Anti-Bot, have become a cornerstone of complex phishing operations,” the researchers write. “These services aim to prevent security crawlers from identifying phishing pages and blocklisting them.

Phishing remains a top initial access vector for cyberattacks, according to researchers at Cisco Talos. The researchers have published a report on threat trends in the third quarter of 2024, finding that attackers are increasingly targeting valid accounts to gain footholds within organizations.

Despite the belief that today’s SOC should be doing the lion’s share of protecting an organization, new data shows reliance on more than just security teams is needed. Many of our blogs have something to do with the increasing risk of cyber attacks. So, it’s natural to see that organizations are increasing cybersecurity budgets. But according to Red Canary’s 2024 Security Operations Trends Report, it might not be enough to address the evolving threat landscape.

A recent analysis of the ransomware group Meow raises the notion that groups are evolving from using encryption as a tactic to more profitable and cost-effective methods. At the end of the day, ransomware is a business. Those behind the malware used in ransomware attacks typically seek to make money, whether that be directly from the victim organization or by way of a nation-state paying for the gang’s services.

Researchers at Trustwave observed a 140% increase in callback phishing attacks between July and September 2024. Callback phishing is a social engineering tactic that involves emails and phone calls to trick users into handing over login credentials or other sensitive data or installing malware. The attacks begin with a phishing email that appears to be a notification for something that needs to be addressed urgently, such as an order invoice or an account termination notice.

Sixty-four percent of IT leaders have clicked on phishing links, a new survey by Arctic Wolf has found. Despite this, 80% of these same professionals are confident their organization won’t fall victim to a phishing attack. The survey found that 34% of organizations send simulated phishing emails to their employees at least once every two weeks, but only 15% of end users are aware of them. Likewise, the IT and security leaders surveyed said 83% of their employees fall for the phishing simulations.

Action Fraud, the UK’s national fraud and cyber crime reporting service, warns that more than 33,000 people have reported that their online accounts have been hacked over the past year. Most of these hacks were the result of phishing and other social engineering tactics. Action Fraud describes one technique that involves using a compromised account to target the victim’s friends.

With 16+ billion mobile devices in use worldwide, new data sheds light on how cyber attackers are shifting focus and tactics to put attacks into the victim’s hands. There’s an interesting story woven throughout mobile security provider Zimperium’s 2024 Global Mobile Threat Report that demands the attention of organizations intent on securing every attack vector – which includes personal mobile devices.

The U.S. FBI warns that scammers are attempting to trick law firms into transferring money as part of a phony debt collection scheme. The scam “may focus on any type of representation where a lawyer is hired to assist in the transfer or collection of money, e.g. real estate, collection matters, collaborative law agreements in family matters, etc.” The schemes typically take the following steps: The FBI outlines some recommendations to help organizations avoid falling for these scams.