Given the increase in attack sophistication over the years, it is imperative for security leaders to establish new rules of the road for risk management and cyber fraud prevention.
CISA and FBI urge organizations to remain vigilant to ransomware threats on holidays, including this Labor Day
September 1, 2021
The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have observed an increase in highly impactful ransomware attacks occurring on holidays and weekends—when offices are customarily closed—in the United States, as recently as the Fourth of July holiday in 2021.
As detailed in a new Area 1 Security report, threats ranging from ransomware, credential harvesters to difficult-to-discover but costly business email compromise targeted inboxes, could have resulted in over $354 million in direct losses had they been successful.
Traditional cybersecurity training can be individual or LMS-based and generally hinges on a 30- to 60-minute session of basic training once a year. There will be some visual reminders taking the form of emails or posters during the year. But regardless of the minor variations, traditional training doesn’t work.
Avanan announced the release of the company's 1H 2021 Global Phish Cyber Attack Report, which analyzes today’s threat landscape, phishing vectors, and industry-based attacks, exposing healthcare and manufacturing as two of the top industries being targeted by hackers in the first half of the year.
Most IT leaders believe that ransomware attacks will be a greater concern in a hybrid workplace, with legal firms and healthcare organizations particularly concerned about this threat, according to a new Tessian report.
The Kimsuky APT—also known as Thallium, Black Banshee, and Velvet Chollima— continues to target the South Korean government, according to the Malwarebytes Threat Intelligence team, who is actively monitoring this actor and has been able to spot phishing websites, malicious documents, and scripts that have been used to target high profile people within the government of South Korea. The structure and TTPs used in these recent activities align with what has been reported in KISA’s report.
Microsoft has warned that Nobelium is currently conducting a phishing campaign after the Russian-backed group managed to take control of the account used by USAID on the email marketing platform Constant Contact. The phishing campaign has targeted around 3,000 accounts linked to government agencies, think tanks, consultants, and non-governmental organizations.