Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Newly-released data highlights our worst fears about the prevalence of phishing, and some glimmer of hope that the good guys may be winning the fight. Every quarter, the Anti-Phishing Working Group puts out a Phishing Activity Trends Report to highlight the changes in phishing attacks, including the number of campaigns, attacks, targets, and brands impersonated. The focus of the report covering 4th Quarter 2023 was the significant dip in the number of attacks in Q3 of last year.

Suspected North Korean threat actors are attempting to trick software developers into downloading malware during phony job interviews, according to researchers at Securonix. The threat actors contact software developers with seemingly legitimate employment opportunities before scheduling virtual job interviews.

With all great power, there comes an equal potential for misuse. Among the sophisticated arsenal of threat actors, impersonation attacks have surged to the forefront, which questions our sense of trust.

This blog was co-written by Javvad Malik and Erich Kron. Let’s dive into the cautionary world of phishing simulations gone wrong. You know, those attempts to train users not to fall for phishing that somehow end up setting off more alarms than a Hawaiian missile alert system. Let's explore why we need to phish our users, but more importantly, how not to phish them. We turn to two of our trusted security awareness advocates Javvad Malik (JM) and Erich Kron (EK) to shed some light on the matter.

For many fresh out of college, the drive to land that first professional role is a top priority. Yet, new graduates can be exposed to sophisticated scams that can jeopardize not just their finances but also their identities. Imagine receiving an email that mentions your former school dean or a professor, claiming they've personally recommended you for a fantastic job opportunity.

Cyber activity by the group "The Com," which leverages (SIM) swapping, cryptocurrency theft, swatting, and corporate intrusions, is increasing. Security researchers at Intel471 have published an analysis of the threat group, “The Com” (short for “The Community”), providing details about their targets and tactics. Operating mostly from Canada, the U.S.

One of the best things you can teach yourself, your family, and your organization is how to recognize the common signs of phishing and how to mitigate and appropriately report it. Phishing messages can have many different looks, traits and narratives. What worked yesterday for the attackers eventually becomes blocked, recognized, and less profitable, and they move on to different tactics.

The US Department of Justice has indicted four Iranian nationals for allegedly launching spear phishing attacks against the US government and defense contractors. In one instance, the hackers compromised over 200,000 employee accounts at a victim organization. “In conducting their hacking campaigns, the group used spearphishing — tricking an email recipient into clicking on a malicious link — to infect victim computers with malware,” the Justice Department said.

Threat actors are increasingly using generative AI tools to improve their phishing campaigns, according to a new report from Zscaler. “AI represents a paradigm shift in the realm of cybercrime, particularly for phishing scams,” the researchers write. “With the aid of generative AI, cybercriminals can rapidly construct highly convincing phishing campaigns that surpass previous benchmarks of complexity and effectiveness.

According to the U.S. Chamber of Commerce, the pressure is mounting on small and medium businesses (SMBs), as they must get their cyber preparedness correct or the next cyber attacks could prove disastrous.