Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A crafty group of cybercriminals has been relentlessly pursuing Mexican banks, cryptocurrency platforms and other organizations in an extended campaign stretching back over two years. Their weapon of choice? A heavily customized version of the AllaKore remote access trojan (RAT). These threat actors are ruthlessly targeting any large Mexican enterprise they can get their hands on. With a sweet spot for companies pulling in over $100 million in annual revenue, they're not messing around with small fry.

My hacker story does not paint me in the best light, and it is not intended to. I am a firm believer in sharing one's mistakes and being open to learning from them. My incident taught me so much, and many years later, I am still benefiting from the learning opportunities. As the wise quote goes, "We have met the enemy, and they are us" — a sentiment that perfectly sums up my experience.

A new report from Barracuda has found that email conversation hijacking attacks have risen by 70% since 2022. Additionally, business email compromise (BEC) attacks accounted for 10.6% of social engineering attacks in 2023, compared to 8% in 2022 and 9% in 2021. These attacks require more effort on the part of attackers, but they typically have a much higher payout than other forms of social engineering.

Scammers are now impersonating legitimate services like Booking.com and Kayak to target people planning their summer vacations. One out of every 33 vacation-themed domains registered last month was malicious, researchers at Check Point warn. “In May 2024, Check Point Research (CPR) detected a significant surge in summer-related cyber scams, highlighting the need for travelers to stay informed and proactive in safeguarding their personal information,” the researchers write.

In this mad, mad world of breaches, organizations are scrambling to keep their heads above water. It's like trying to navigate a minefield while blindfolded and riding a unicycle — one wrong move, and everything goes up in flames. So, how do you know your security controls are up to the task of defending your organization? This is where red teaming comes in.

Mandiant has published a report looking at cyber threats targeting Brazil, finding that more than 85% of government-backed phishing activity comes from threat actors based in China, North Korea and Russia. “The Brazil-focused targeting of these groups mirrors the broader priorities and industry targeting trends we see elsewhere,” the researchers write.

We live in a world where the term "cybersecurity" tends to make folks either shiver with anxiety or yawn with boredom. The narrative has always been about hacking, phishing, and all sorts of digital skullduggery. However, the overlooked truth is that users don't adopt best security practices because they’re designed without the slightest nod to the user experience.

Increasing phishing attacks are a constant threat to organizations, making it crucial for users to report suspicious emails. This practice not only helps in identifying and mitigating potential threats, but also plays a significant role in educating and creating awareness among employees. The importance of reporting suspected phishing emails cannot be overstated, as it acts as a last line of defense against cyber threats.

Researchers at Trustwave warn that a phishing campaign is distributing malware via HTML attachments disguised as invoices. Notably, the HTML files abuse the Windows Search protocol to launch Windows Explorer and trick users into installing the malware. “Trustwave SpiderLabs has detected a sophisticated malware campaign that leverages the Windows search functionality embedded in HTML code to deploy malware,” the researchers state.

Based on news cycles within cybersecurity, it's easy to fall into the trap of thinking that threats only come from certain parts of the world or that they only target specific industries. However, the reality is that cyber attacks know no borders, and no organisation is immune. The recent report by Cisco Talos showcasing the discovery of a six-year campaign by Pakistani hackers targeting Indian government and defence organisations is a stark reminder of this fact.