Invoice fraud. Payroll diversion. Gift card requests. Fraudulent wire transfers. Malicious attachments. These types of attacks have dominated the cybersecurity space for the past few years, as security leaders worldwide attempt to find ways to stop increasingly-sophisticated inbound threats.
But what about those...
Whether for profit or in furtherance of Russian geopolitical interests - or both - former members of the Conti ransomware group have been targeting networks operated by the Ukrainian government and businesses, as well as European nonprofit organizations, Google's Threat Analysis Group reports.
CISO Marcin Szczepanik recalls when his team's budget was cut dramatically after the onset of the pandemic. He wanted to invest in the latest state-of-the-art tools but prioritized his costs and focused on email security - a move that improved the company's level of cyber maturity.
Why is business identity theft increasing, and what are the latest tactics fraudsters are using to scam businesses and gig workers? Eva Velasquez, CEO at the Identity Theft Resource Center, shares her views on how business identity theft has evolved over the years and how to prevent it.
Insurance market giant Lloyd's of London says that starting next year, its cyber insurance policies will no longer cover state-sponsored cyberattacks. But with attribution being inherently tricky, expect this move to be tested in court, says Jonathan Armstrong, a partner at Cordery law firm.
In the latest weekly update, four Information Security Media Group editors discuss key cybersecurity issues, including the high cost of BEC scams, a Cuba ransomware gang's attack on Montenegro, and why so many hacktivists couldn't overcome the technical ennui of the Russia-Ukraine cyberwar.
Ransomware gets the headlines, and phishing sets off the most alerts, but business email compromise costs enterprises the most - more than $43 billion since 2016. U.S. Secret Service agents Stephen Dougherty and Michael Johns discuss the criticality of rapid detection and response.
Identity and access management giant Okta says some customer data was exposed by the "relentless phishing campaign" that breached Twilio, which it uses to provide some SMS services. Twilio says attackers accessed data for 163 customer organizations.
An Iranian government-backed hacking group known as Charming Kitten has updated its malware arsenal to include an email inbox scraping tool, proof of the group's dedication to developing and maintaining purpose-built capabilities. The tool spoofs the user agent to look like an outdated browser.
In the tit-for-tat world of advanced persistent threats, security measures set by Microsoft such as multifactor authentication are being met by Russian hacking group APT29 with circumvention techniques. Mandiant says it's seeing several new hacking methods by the group, also known as Cozy Bear.
Four ISMG editors discuss how security leaders determine the right level of security for the business, the growing risk of business ID theft to enterprises, and the arrest of a developer suspected of working for cryptocurrency mixing service Tornado Cash, for "facilitating money laundering."
Cloud collaboration suites like Microsoft 365 are critical to business success, but have become significant entry points for potential exploitation. Just as your team relies on email and collaboration tools to accomplish their goals, so too do sophisticated threat actors. And while the built-in security of Microsoft...
Attackers are attempting to reset the passwords of some DigitalOcean customers, the cloud infrastructure provider says. The email addresses of these customers were likely exposed in a data breach involving Mailchimp, which provided transactional email services for DigitalOcean.
Marketers rely on events to create brand awareness and generate demand, and physical events are coming back after the COVID-19 pandemic, says Gily Netzer of Perimeter 81. But "not everybody is traveling," she says, so hybrid events - and SaaS-driven corporate networks - are the future for companies.
The average person believes using Multi-Factor Authentication (MFA) makes them significantly less likely to be hacked. That is simply not true! Hackers can bypass 90-95% of MFA solutions much easier than you would think. Using a regular looking phishing email, they can bypass MFA just as easily as if it were a simple...