Fake mobile app fraud tripled in first half of 2019
In the first six months of this year, phishing campaigns rose by 6% compared to the second half of 2018, while other fraud attacks such as fake mobile apps and financial malware skyrocketed, increasing by 191% and 80%, respectively, a new report by RSA Security shows. Phishing remained the top
Iran-Linked ‘Charming Kitten’ Touts New Spearphishing Tactics
Iranian state-backed hacking group APT 25 (also known as Charming Kitten, Phosphorus, Ajax Security Team, NewsBeef and Newscaster) has updated its attack techniques to carry out a spearphishing campaign targeting US President Donald Trump’s re-election campaign, according to recent research[pdf] by ClearSky Cyber Security. The report states that the new attack
Financial industry spending millions to deal with breaches in 2019
82% of organizations suffered a DNS attack last year, and many companies were hit multiple times, with the average number of attacks per company falling just short of 9.5, a new report by EfficientIP shows. Because the average cost per attack exceed $1.3 million, companies can expect to lose over
Only 1 in 5 enterprises have DMARC records set up with an enforcement policy
A new Valimail report shows that while companies are increasingly adopting the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol for email authentication, which is designed to prevent email spoofing attacks, the vast majority have not configured it properly. In fact, only 17% of email domains using DMARC have an enforcement
Phishing attempts increase 400%, many malicious URLs found on trusted domains
Between January and July of this year, the number of detected phishing URLs surged by 400%, a recent Webroot study found. Phishing attacks continue to get more sophisticated, with 29% of phishing sites now using HTTPS in order to appear more legitimate, while 24% of malicious URLS are hosted on
FBI warns about attacks that bypass multi-factor authentication (MFA)
Last month, the US Federal Bureau of Investigation (FBI) warned private industry partners that sophisticated cyberattacks capable of bypassing multi-factor authentication (MFA) solutions are on the rise. The FBI stated that threat actors were increasingly “circumventing multi-factor authentication through common social engineering and technical attacks” and listed a number of
New Silent Starling Attack Group Puts Spin on BEC
Security researchers with Agari warn that scammers are targeting companies with a new technique, which is a variation of business email compromise (BEC). The new attack, dubbed “vendor email compromise,” has been used by the Silent Starling group that is operating from West Africa. The scammers have so far taken
New Adwind RAT Variant Used Against the US Petroleum Sector
Security researchers with Netskope have uncovered a sophisticated malware campaign targeting firms in the US petroleum industry. Companies in the sector are receiving malicious phishing messages that trigger the download of a new variant of the Adwind Remote Access Trojan (RAT). Adwind is also known as jRAT, AlienSpy, JSocket, and
75% of execs cite phishing as the most significant security threat to businesses
A new report by CybeReady shows that three in four (75%) executives consider phishing to be the top threat to their organization. A majority (58%) of respondents said that cybersecurity / phishing awareness training is a better way to mitigate the phishing threat than purchasing technology solutions. However, many companies
Zebrocy Retools for New Political Attacks
Notorious Russian hacking group Fancy Bear (aka Sofacy, APT28 and Sednit) is targeting embassies and foreign affairs ministries in Eastern European and Central Asian countries in a new spearphishing campaign, researchers with ESET have discovered. The phishing emails contain a malicious attachment that delivers an updated version of the Zebrocy