What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-23 15:37:01 | Le fournisseur d'optique mondial a frappé d'attaque par ransomware et d'une rançon de 10 millions de dollars Global Optics Provider Hit with Ransomware Attack and a $10M Ransom (lien direct) |
|
Ransomware | ★★★ | |
|
2024-04-22 20:21:06 | [Nouveau jeu] The Inside Man: New Recruts Game [NEW GAME] The Inside Man: New Recruits Game (lien direct) |
![[nouveau jeu] The Inside Man: new recruts game](https://blog.knowbe4.com/hubfs/inside-man.JPG ) Ce nouveau jeu dure 10 minutes, disponible en anglais (GB) et au niveau d'abonnement Diamond. & Nbsp;
![[NEW GAME] The Inside Man: New Recruits Game](https://blog.knowbe4.com/hubfs/inside-man.jpg)
We released a new game, now available on the KnowBe4 Modstore. I played it myself and this is recommended for all Inside Man fans! "Mark Shepherd, The Inside Man himself, is recruiting a crack security team to thwart the sinister \'Handler\'. Your mission is to accumulate points in a series of challenges that apply lessons learnt throughout The Inside Man series, to test your expertise in combating phishing, social engineering, password breaches, ransomware and document security. "This new Game is 10 minutes in duration, available in English (GB), and at Diamond subscription level. |
Ransomware | ★★ | |
|
2024-03-18 14:14:00 | CISA: Healthcare Organizations Should Be Wary of Increased Ransomware Attacks by ALPHV Blackcat (lien direct) |
|
Ransomware Medical | ★★ | |
|
2024-03-07 20:22:08 | L'IA et les ransomwares en tête de liste des cyber-menaces informatiques du marché intermédiaire AI and Ransomware Top the List of Mid-Market IT Cyber Threats (lien direct) |
Un rapport récent révèle un écart important dans les priorités des services informatiques de marché intermédiaire lorsqu'il s'agit de traiter les cybermenaces.
Il est quelque peu ironique que les professionnels informatiques se retrouvent enchevêtrés dans un paradoxe logique lorsqu'ils répondent aux enquêtes, comme le démontre Node4 \\ 's & nbsp; Rapport de priorités informatiques du marché moyen 2024 .Ce rapport met en lumière le fait que deux des trois principales cyber-menaces concernant les services informatiques du marché intermédiaire sont des menaces et des ransomwares basés sur l'IA, les menaces d'initiés se classant comme la principale préoccupation cette année.
A recent report reveals a significant discrepancy in the priorities of mid-market IT departments when it comes to addressing cyber threats.
It\'s somewhat ironic that IT professionals find themselves entangled in a logical paradox when responding to surveys, as demonstrated by Node4\'s Mid-Market IT Priorities Report 2024. This report sheds light on the fact that two of the top three cyber threats concerning mid-market IT departments are AI-based threats and ransomware, with insider threats ranking as the primary concern this year. |
Ransomware | ★★ | |
|
2024-02-28 19:26:02 | Nouvelles recherches: les incidents de ransomware augmentent 84% en 2023 New Research: Ransomware Incidents Spike 84% in 2023 (lien direct) |
Des données nouvellement publiées couvrant les cyber-états vécues en 2023 éclairent à quel point l'an dernier était très différent et peint un tableau de ce à quoi s'attendre des cyberattaques en 2024.
Newly-released data covering cyberthreats experienced in 2023 sheds some light on how very different last year was and paints a picture of what to expect of cyber attacks in 2024. |
Ransomware | ★★★ | |
|
2024-02-19 21:01:02 | Seules 7% des organisations peuvent restaurer les processus de données dans les 1 à 3 jours après une attaque de ransomware Only 7% of Organizations Can Restore Data Processes within 1-3 Days After a Ransomware Attack (lien direct) |
|
Ransomware | ★★ | |
|
2024-02-14 13:57:40 | AI dans le cyberespace: une épée à double tranchant AI in Cyberspace: A Double-Edged Sword (lien direct) |
Ransomware Threat | ★★★ | ||
|
2024-02-08 13:00:00 | Rise sans précédent de la malvertisation comme précurseur de ransomware Unprecedented Rise of Malvertising as a Precursor to Ransomware (lien direct) |
Ransomware Malware | ★★ | ||
|
2024-01-31 18:52:23 | Les paiements de ransomware sur le déclin alors que les cyberattaquants se concentrent sur les organisations les plus petites et les plus grandes Ransomware Payments On The Decline As Cyber Attackers Focus on The Smallest, And Largest, Organizations (lien direct) |
Ransomware Threat | ★★★ | ||
|
2024-01-25 17:43:48 | Le nombre de victimes d'attaque ransomware augmente en 2023 à plus de 4000 The Number of Ransomware Attack Victims Surge in 2023 to over 4000 (lien direct) |
La poussée de ransomware -As-A-Service Affiliates est probablement la raison de l'augmentation spectaculaire du nombre d'organisations victimes, avec tous les indicateurs suggérant que cette tendance persistera en 2024.
The surge in Ransomware-as-a-Service affiliates is likely the reason behind the dramatic increase in the number of victimized organizations, with all indicators suggesting that this trend will persist into 2024.
|
Ransomware Prediction | ★★★ | |
|
2024-01-18 13:38:31 | \\ 'Swatting \\' devient la dernière tactique d'extorsion dans les attaques de ransomwares \\'Swatting\\' Becomes the Latest Extortion Tactic in Ransomware Attacks (lien direct) |
Ransomware | ★★★ | ||
|
2024-01-03 15:57:52 | Ransomware Lockbit 3.0 perturbe les soins d'urgence dans plusieurs hôpitaux allemands Lockbit 3.0 Ransomware Disrupts Emergency Care at Multiple German Hospitals (lien direct) |
|
Ransomware | ★★ | |
|
2023-12-28 16:06:43 | Gouvernement du Royaume-Uni \\ 'mal préparé \\' pour faire face à un risque élevé d'attaques de ransomware catastrophiques U.K. Government \\'Ill-Prepared\\' to Deal With High Risk of Catastrophic Ransomware Attacks (lien direct) |
Ransomware | ★★★ | ||
|
2023-12-06 19:23:26 | L'unité de New York de la plus grande banque des mondes devient une victime de ransomware New York Unit of Worlds Largest Bank Becomes Ransomware Victim (lien direct) |
|
Ransomware | ★★ | |
|
2023-11-21 21:25:14 | 73% des organisations touchées par des attaques de ransomwares à l'échelle mondiale en 2023, selon Statista 73% of Organizations Affected by Ransomware Attacks Globally in 2023, According to Statista (lien direct) |
Ransomware Studies | ★★★ | ||
|
2023-11-17 15:56:46 | KnowBe4 s'intègre au duo Cisco pour rationaliser Secure Sign Ins KnowBe4 Integrates With Cisco Duo To Streamline Secure Sign Ins (lien direct) |
Ransomware | ★★ | ||
|
2023-11-16 21:42:05 | Blackcat Ransomware \\'s New SEC Reporting Tactic: Règlement contre les victimes BlackCat Ransomware\\'s New SEC Reporting Tactic: Turn Regulations Against Victims (lien direct) |
L'homme mord le chien: Dans une touche inhabituelle dans la cybercriminalité, le groupe Ransomware Blackcat / Alphv manipule la nouvelle règle de 4 jours de la sec \\ pour augmenter la pression sur leurs victimes.Cette dernière manœuvre met en évidence une compréhension sophistiquée des impacts réglementaires sur les stratégies de ransomware.
Man Bites Dog: In an unusual twist in cybercrime, the ransomware group BlackCat/ALPHV is manipulating the SEC\'s new 4-day rule on cyber incident reporting to increase pressure on their victims. This latest maneuver highlights a sophisticated understanding of regulatory impacts in ransomware strategies. |
Ransomware | ★★ | |
|
2023-11-14 19:01:17 | 1 organisations sur 34 sur les 34 dans le monde a connu une tentative d'attaque de ransomware 1 Out of Every 34 Organizations Worldwide Have Experienced an Attempted Ransomware Attack (lien direct) |
|
Ransomware | ★★★ | |
|
2023-11-09 20:57:11 | «Ingénierie sociale habile du bureau de support informatique» l'une des tactiques les plus courantes dans les attaques de ransomwares “Skillful Social Engineering of the IT Support Desk” One of the Most Common Tactics in Ransomware Attacks (lien direct) |
|
Ransomware | ★★ | |
|
2023-11-02 14:20:30 | Enquêter avec les e-mails signalés par l'utilisateur avec facilité grâce à la puissante combinaison de CrowdStrike Falcon Sandbox et de Knowbe4 Phisher Plus Investigate User-Reported Emails with Ease Through the Powerful Combination of CrowdStrike Falcon Sandbox and KnowBe4 PhishER Plus (lien direct) |
Ransomware Malware Threat | ★★ | ||
|
2023-10-17 18:40:56 | Les cyber-assureurs notent que les revendications de ransomware ont augmenté de manière significative au premier semestre de 2023 Cyber Insurers Notes Ransomware Claims Rose Significantly in the First Half of 2023 (lien direct) |
|
Ransomware | ★★ | |
|
2023-10-12 12:02:06 | Les attaques des ransomwares «exploitées par l'homme» sont doubles au cours de la dernière année “Human-Operated” Ransomware Attacks Double in the Last Year (lien direct) |
|
Ransomware | ★★ | |
|
2023-10-09 12:17:46 | Le temps de résidence des attaques de ransomware baisse de 77% à moins de 24 heures Ransomware Attack Dwell Time Drops by 77% to Under 24 Hours (lien direct) |
Alors que les attaquants évoluent leurs ensembles d'outils et leurs outils, la baisse significative du temps de résidence signifie un risque beaucoup plus élevé pour les organisations qui ont désormais moins de temps pour détecter et répondre aux attaques initiales.
As attackers evolve their toolsets and processes, the significant drop in dwell time signifies a much higher risk to organizations that now have less time to detect and respond to initial attacks. |
Ransomware | ★★★ | |
|
2023-09-25 13:53:35 | Les organisations commencent à comprendre l'impact des ransomwares, mais leurs efforts ne sont pas suffisants pour surmonter les logiciels malveillants de l'infostaler Organizations Starting to Understand the Impact of Ransomware, But Their Efforts Not Enough to Overcome Infostealer Malware (lien direct) |
Les résultats récents dans un rapport Spycloud montrent que les entreprises commencent à reconnaître et à déplacer leurs priorités pour se défendre contre Ransomware Attaques, mais l'utilisationdes logiciels malveillants d'infostealer ont toujours un taux de réussite élevé pour les cybercriminels.
Recent findings in a SpyCloud report shows companies are starting to recognize and shift their priorities to defend against ransomware attacks, but the use of infostealer malware still has a high success rate for cybercriminals. |
Ransomware Malware | ★★ | |
|
2023-09-19 13:00:00 | CyberheistNews Vol 13 # 38 Pas de dés pour MGM Vegas alors qu'il lutte contre les temps d'arrêt d'attaque des ransomwares CyberheistNews Vol 13 #38 No Dice for MGM Vegas As It Battles Ransomware Attack Downtime (lien direct) |
|
Ransomware | ★★ | |
|
2023-09-14 20:03:51 | Pas de dés pour MGM Las Vegas alors qu'il lutte contre les retombées de Ransomware Attack après une arnaque de 10 minutes No Dice for MGM Las Vegas as It Battles Fallout from Ransomware Attack After a 10-minute Vishing Scam (lien direct) |
quatre jours plus tard, 52 millions de dollars en revenus et en comptage, une cyberattaque contre MGM Resorts International, un empire de jeu de Las Vegas de 14 milliards de dollars avec des spreads d'hôtel célèbre à Hollywood comme le Bellagio, le Cosmopolitan, E Xcalibur, Louxor et le MGM Grand lui-même, a fait tomber la maison par un parfaitExemple de Vishing … a 10 minutes Appel téléphonique.
Four days later, $52 million in lost revenues and counting, a cyber attack on MGM Resorts International, a $14 billion Las Vegas gaming empire with Hollywood-famous hotel spreads like the Bellagio, Cosmopolitan, Excalibur, Luxor, and the MGM Grand itself, had the house brought down by a perfect example of vishing…a 10-minute phone call. |
Ransomware | ★★ | |
|
2023-09-14 19:56:43 | MGM subit une attaque de ransomware qui a commencé avec un simple appel d'assistance MGM Suffers Ransomware Attack that Started with a Simple Helpdesk Call (lien direct) |
|
Ransomware | ★★ | |
|
2023-08-16 18:00:17 | Ransomware attaque la montée en flèche alors que l'IA génératrice devient un outil de marchandise dans l'arsenal de l'acteur de menace Ransomware Attacks Surge as Generative AI Becomes a Commodity Tool in the Threat Actor\\'s Arsenal (lien direct) |
|
Ransomware Tool Threat | ★★ | |
|
2023-08-02 18:46:03 | Le besoin urgent de cyber-résilience dans les soins de santé The Urgent Need For Cyber Resilience in Healthcare (lien direct) |
Ransomware | ★★ | ||
|
2023-07-06 12:00:00 | Nerve Center: Protégez votre réseau contre les nouvelles souches de ransomware avec notre dernière mise à jour RANSIM Nerve Center: Protect Your Network Against New Ransomware Strains with Our Latest RanSim Update (lien direct) |
ransomware continue d'être une menace majeure pour toutes les organisations et, selon le Verizon 2023 Data Breach Investigations Report , est toujours présent dans 24% des violations.
Ransomware continues to be a major threat for all organizations and, according to the Verizon 2023 Data Breach Investigations Report, is still present in 24% of breaches. |
Ransomware Data Breach Threat | ★★ | |
|
2023-07-05 13:23:22 | Le plus grand port du Japon est la dernière victime d'une attaque de ransomware Japan\\'s Largest Port is the Latest Victim of a Ransomware Attack (lien direct) |
|
Ransomware | ★★ | |
|
2023-06-27 13:00:00 | Cyberheistnews Vol 13 # 26 [Eyes Open] La FTC révèle les cinq dernières escroqueries par SMS CyberheistNews Vol 13 #26 [Eyes Open] The FTC Reveals the Latest Top Five Text Message Scams (lien direct) |
CyberheistNews Vol 13 #26 | June 27th, 2023
[Eyes Open] The FTC Reveals the Latest Top Five Text Message Scams
The U.S. Federal Trade Commission (FTC) has published a data spotlight outlining the most common text message scams. Phony bank fraud prevention alerts were the most common type of text scam last year. "Reports about texts impersonating banks are up nearly tenfold since 2019 with median reported individual losses of $3,000 last year," the report says.
These are the top five text scams reported by the FTC:
Copycat bank fraud prevention alerts
Bogus "gifts" that can cost you
Fake package delivery problems
Phony job offers
Not-really-from-Amazon security alerts
"People get a text supposedly from a bank asking them to call a number ASAP about suspicious activity or to reply YES or NO to verify whether a transaction was authorized. If they reply, they\'ll get a call from a phony \'fraud department\' claiming they want to \'help get your money back.\' What they really want to do is make unauthorized transfers.
"What\'s more, they may ask for personal information like Social Security numbers, setting people up for possible identity theft."
Fake gift card offers took second place, followed by phony package delivery problems. "Scammers understand how our shopping habits have changed and have updated their sleazy tactics accordingly," the FTC says. "People may get a text pretending to be from the U.S. Postal Service, FedEx, or UPS claiming there\'s a problem with a delivery.
"The text links to a convincing-looking – but utterly bogus – website that asks for a credit card number to cover a small \'redelivery fee.\'"
Scammers also target job seekers with bogus job offers in an attempt to steal their money and personal information. "With workplaces in transition, some scammers are using texts to perpetrate old-school forms of fraud – for example, fake \'mystery shopper\' jobs or bogus money-making offers for driving around with cars wrapped in ads," the report says.
"Other texts target people who post their resumes on employment websites. They claim to offer jobs and even send job seekers checks, usually with instructions to send some of the money to a different address for materials, training, or the like. By the time the check bounces, the person\'s money – and the phony \'employer\' – are long gone."
Finally, scammers impersonate Amazon and send fake security alerts to trick victims into sending money. "People may get what looks like a message from \'Amazon,\' asking to verify a big-ticket order they didn\'t place," the FTC says. "Concerned |
Ransomware Spam Malware Hack Tool Threat | FedEx APT 28 APT 15 ChatGPT ChatGPT | ★★ |
|
2023-06-27 12:54:20 | Le nouveau rapport de Singapore Cyber Landscape 2022 montre que les conflits de la Russie-Ukraine, les attaques de phishing et les attaques de ransomware augmentent, et bien plus encore New Singapore Cyber Landscape 2022 Report Shows Russia-Ukraine Conflict, Phishing and Ransomware Attack Increases, and Much More (lien direct) |
|
Ransomware | ★★★ | |
|
2023-06-20 13:00:00 | Cyberheistnews Vol 13 # 25 [empreintes digitales partout] Les informations d'identification volées sont la cause profonde n ° 1 des violations de données CyberheistNews Vol 13 #25 [Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches (lien direct) |
CyberheistNews Vol 13 #25 | June 20th, 2023
[Fingerprints All Over] Stolen Credentials Are the No. 1 Root Cause of Data Breaches
Verizon\'s DBIR always has a lot of information to unpack, so I\'ll continue my review by covering how stolen credentials play a role in attacks.
This year\'s Data Breach Investigations Report has nearly 1 million incidents in their data set, making it the most statistically relevant set of report data anywhere.
So, what does the report say about the most common threat actions that are involved in data breaches? Overall, the use of stolen credentials is the overwhelming leader in data breaches, being involved in nearly 45% of breaches – this is more than double the second-place spot of "Other" (which includes a number of types of threat actions) and ransomware, which sits at around 20% of data breaches.
According to Verizon, stolen credentials were the "most popular entry point for breaches." As an example, in Basic Web Application Attacks, the use of stolen credentials was involved in 86% of attacks. The prevalence of credential use should come as no surprise, given the number of attacks that have focused on harvesting online credentials to provide access to both cloud platforms and on-premises networks alike.
And it\'s the social engineering attacks (whether via phish, vish, SMiSh, or web) where these credentials are compromised - something that can be significantly diminished by engaging users in security awareness training to familiarize them with common techniques and examples of attacks, so when they come across an attack set on stealing credentials, the user avoids becoming a victim.
Blog post with links:https://blog.knowbe4.com/stolen-credentials-top-breach-threat
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever l |
Ransomware Data Breach Spam Malware Hack Vulnerability Threat Cloud | ChatGPT ChatGPT | ★★ |
|
2023-06-15 19:20:15 | Un attaquant britannique responsable d'une attaque littérale «man-in-the-middle» est finalement traduit en justice UK Attacker Responsible for a Literal “Man-in-the-Middle” Ransomware Attack is Finally Brought to Justice (lien direct) |
|
Ransomware | ★★ | |
|
2023-06-13 13:56:50 | 85% des organisations ont connu au moins une attaque de ransomware au cours de la dernière année 85% of Organizations Have Experienced At Least One Ransomware Attack in the Last Year (lien direct) |
|
Ransomware | ★★ | |
|
2023-06-07 17:27:13 | Verizon: Email Reigns Supreme comme vecteur d'attaque initial pour les attaques de ransomwares Verizon: Email Reigns Supreme as Initial Attack Vector for Ransomware Attacks (lien direct) |
|
Ransomware | ★★ | |
|
2023-06-06 13:00:00 | Cyberheistnews Vol 13 # 23 [réveil] Il est temps de se concentrer davantage sur la prévention du phishing de lance CyberheistNews Vol 13 #23 [Wake-Up Call] It\\'s Time to Focus More on Preventing Spear Phishing (lien direct) |
CyberheistNews Vol 13 #23 | June 6th, 2023
[Wake-Up Call] It\'s Time to Focus More on Preventing Spear Phishing
Fighting spear phishing attacks is the single best thing you can do to prevent breaches. Social engineering is involved in 70% to 90% of successful compromises. It is the number one way that all hackers and malware compromise devices and networks. No other initial root cause comes close (unpatched software and firmware is a distant second being involved in about 33% of attacks).
A new, HUGE, very important, fact has been gleaned by Barracuda Networks which should impact the way that EVERYONE does security awareness training. Everyone needs to know about this fact and react accordingly.
This is that fact: "...spear phishing attacks that use personalized messages... make up only 0.1% of all email-based attacks according to Barracuda\'s data but are responsible for 66% of all breaches."
Let that sink in for a moment.
What exactly is spear phishing? Spear phishing is when a social engineering attacker uses personal or confidential information they have learned about a potential victim or organization in order to more readily fool the victim into performing a harmful action. Within that definition, spear phishing can be accomplished in thousands of different ways, ranging from basic attacks to more advanced, longer-range attacks.
[CONTINUED] at KnowBe4 blog:https://blog.knowbe4.com/wake-up-call-its-time-to-focus-more-on-preventing-spear-phishing
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
NEW! Executive Reports - Can create, tailor and deliver advanced executive-level reports
NEW! KnowBe4 |
Ransomware Malware Hack Tool Threat | ★★ | |
|
2023-05-31 13:00:00 | Cyberheistnews Vol 13 # 22 [Eye on Fraud] Un examen plus approfondi de la hausse massive de 72% des attaques de phishing financier CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks (lien direct) |
CyberheistNews Vol 13 #22 | May 31st, 2023
[Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks
With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all.
When you want tires, where do you go? Right – to the tire store. Shoes? Yup – shoe store. The most money you can scam from a single attack? That\'s right – the financial services industry, at least according to cybersecurity vendor Armorblox\'s 2023 Email Security Threat Report.
According to the report, the financial services industry as a target has increased by 72% over 2022 and was the single largest target of financial fraud attacks, representing 49% of all such attacks. When breaking down the specific types of financial fraud, it doesn\'t get any better for the financial industry:
51% of invoice fraud attacks targeted the financial services industry
42% were payroll fraud attacks
63% were payment fraud
To make matters worse, nearly one-quarter (22%) of financial fraud attacks successfully bypassed native email security controls, according to Armorblox. That means one in five email-based attacks made it all the way to the Inbox.
The next layer in your defense should be a user that\'s properly educated using security awareness training to easily identify financial fraud and other phishing-based threats, stopping them before they do actual damage.
Blog post with links:https://blog.knowbe4.com/financial-fraud-phishing
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us Wednesday, June 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
|
Ransomware Malware Hack Tool Threat Conference | Uber ChatGPT ChatGPT Guam | ★★ |
|
2023-05-23 13:00:00 | Cyberheistnews Vol 13 # 21 [Double Trouble] 78% des victimes de ransomwares sont confrontées à plusieurs extensions en tendance effrayante CyberheistNews Vol 13 #21 [Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend (lien direct) |
CyberheistNews Vol 13 #21 | May 23rd, 2023
[Double Trouble] 78% of Ransomware Victims Face Multiple Extortions in Scary Trend
New data sheds light on how likely your organization will succumb to a ransomware attack, whether you can recover your data, and what\'s inhibiting a proper security posture.
You have a solid grasp on what your organization\'s cybersecurity stance does and does not include. But is it enough to stop today\'s ransomware attacks? CyberEdge\'s 2023 Cyberthreat Defense Report provides some insight into just how prominent ransomware attacks are and what\'s keeping orgs from stopping them.
According to the report, in 2023:
7% of organizations were victims of a ransomware attack
7% of those paid a ransom
73% were able to recover data
Only 21.6% experienced solely the encryption of data and no other form of extortion
It\'s this last data point that interests me. Nearly 78% of victim organizations experienced one or more additional forms of extortion. CyberEdge mentions threatening to publicly release data, notifying customers or media, and committing a DDoS attack as examples of additional threats mentioned by respondents.
IT decision makers were asked to rate on a scale of 1-5 (5 being the highest) what were the top inhibitors of establishing and maintaining an adequate defense. The top inhibitor (with an average rank of 3.66) was a lack of skilled personnel – we\'ve long known the cybersecurity industry is lacking a proper pool of qualified talent.
In second place, with an average ranking of 3.63, is low security awareness among employees – something only addressed by creating a strong security culture with new-school security awareness training at the center of it all.
Blog post with links:https://blog.knowbe4.com/ransomware-victim-threats
[Free Tool] Who Will Fall Victim to QR Code Phishing Attacks?
Bad actors have a new way to launch phishing attacks to your users: weaponized QR codes. QR code phishing is especially dangerous because there is no URL to check and messages bypass traditional email filters.
With the increased popularity of QR codes, users are more at |
Ransomware Hack Tool Vulnerability Threat Prediction | ChatGPT | ★★ |
|
2023-05-16 13:00:00 | CyberheistNews Vol 13 # 20 [pied dans la porte] Les escroqueries de phishing du Q1 2023 \\ |Infographie CyberheistNews Vol 13 #20 [Foot in the Door] The Q1 2023\\'s Top-Clicked Phishing Scams | INFOGRAPHIC (lien direct) |
CyberheistNews Vol 13 #20 | May 16th, 2023
[Foot in the Door] The Q1 2023\'s Top-Clicked Phishing Scams | INFOGRAPHIC
KnowBe4\'s latest reports on top-clicked phishing email subjects have been released for Q1 2023. We analyze "in the wild" attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, top attack vector types, and holiday email phishing subjects.
IT and Online Services Emails Drive Dangerous Attack Trend
This last quarter\'s results reflect the shift to IT and online service notifications such as laptop refresh or account suspension notifications that can affect your end users\' daily work.
Cybercriminals are constantly increasing the damage they cause to organizations by luring unsuspecting employees into clicking on malicious links or downloading fake attachments that seem realistic. Emails that are disguised as coming from an internal source, such as the IT department, are especially dangerous because they appear to come from a trusted place where an employee would not necessarily question it or be as skeptical.
Building up your organization\'s human firewall by fostering a strong security culture is essential to outsmart bad actors. The report covers the following:
Common "In-The-Wild" Emails for Q1 2023
Top Phishing Email Subjects Globally
Top 5 Attack Vector Types
Top 10 Holiday Phishing Email Subjects in Q1 2023
This post has a full PDF infographic you can download and share with your users:https://blog.knowbe4.com/q1-2023-top-clicked-phishing
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there\'s a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leaving the PhishER console.
Join us TOMORROW, Wednesday, May 17, @ 2:00 PM (ET) for a l |
Ransomware Spam Malware Hack Tool Threat | ★★ | |
|
2023-05-15 12:09:55 | Ransomware Gangs are “Big Game Hunting” as Victim Org Sizes and Ransom Payments Continue to Rise (lien direct) |
|
Ransomware | ★★ | |
|
2023-05-09 13:00:00 | Cyberheistnews Vol 13 # 19 [Watch Your Back] Nouvelle fausse erreur de mise à jour Chrome Attaque cible vos utilisateurs CyberheistNews Vol 13 #19 [Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users (lien direct) |
CyberheistNews Vol 13 #19 | May 9th, 2023
[Watch Your Back] New Fake Chrome Update Error Attack Targets Your Users
Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages.
"Google Chrome users who use the browser regularly should be wary of a new attack campaign that distributes malware by posing as a Google Chrome update error message," Trend Micro warns. "The attack campaign has been operational since February 2023 and has a large impact area."
The message displayed reads, "UPDATE EXCEPTION. An error occurred in Chrome automatic update. Please install the update package manually later, or wait for the next automatic update." A link is provided at the bottom of the bogus error message that takes the user to what\'s misrepresented as a link that will support a Chrome manual update. In fact the link will download a ZIP file that contains an EXE file. The payload is a cryptojacking Monero miner.
A cryptojacker is bad enough since it will drain power and degrade device performance. This one also carries the potential for compromising sensitive information, particularly credentials, and serving as staging for further attacks.
This campaign may be more effective for its routine, innocent look. There are no spectacular threats, no promises of instant wealth, just a notice about a failed update. Users can become desensitized to the potential risks bogus messages concerning IT issues carry with them.
Informed users are the last line of defense against attacks like these. New school security awareness training can help any organization sustain that line of defense and create a strong security culture.
Blog post with links:https://blog.knowbe4.com/fake-chrome-update-error-messages
A Master Class on IT Security: Roger A. Grimes Teaches You Phishing Mitigation
Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Now they\'re more targeted, more cunning and more dangerous. And this enormous security gap leaves you open to business email compromise, session hijacking, ransomware and more.
Join Roger A. Grimes, KnowBe4\'s Data-Driven Defense Evangelist, |
Ransomware Data Breach Spam Malware Tool Threat Prediction | NotPetya NotPetya APT 28 ChatGPT ChatGPT | ★★ |
|
2023-05-09 12:00:00 | Le département de police de Dallas est la dernière victime d'une attaque de ransomware Dallas Police Department is the Latest Victim of a Ransomware Attack (lien direct) |
|
Ransomware | ★★ | |
|
2023-05-02 13:00:00 | Cyberheistnews Vol 13 # 18 [Eye on Ai] Chatgpt a-t-il la cybersécurité indique-t-elle? CyberheistNews Vol 13 #18 [Eye on AI] Does ChatGPT Have Cybersecurity Tells? (lien direct) |
CyberheistNews Vol 13 #18 | May 2nd, 2023
[Eye on AI] Does ChatGPT Have Cybersecurity Tells?
Poker players and other human lie detectors look for "tells," that is, a sign by which someone might unwittingly or involuntarily reveal what they know, or what they intend to do. A cardplayer yawns when they\'re about to bluff, for example, or someone\'s pupils dilate when they\'ve successfully drawn a winning card.
It seems that artificial intelligence (AI) has its tells as well, at least for now, and some of them have become so obvious and so well known that they\'ve become internet memes. "ChatGPT and GPT-4 are already flooding the internet with AI-generated content in places famous for hastily written inauthentic content: Amazon user reviews and Twitter," Vice\'s Motherboard observes, and there are some ways of interacting with the AI that lead it into betraying itself for what it is.
"When you ask ChatGPT to do something it\'s not supposed to do, it returns several common phrases. When I asked ChatGPT to tell me a dark joke, it apologized: \'As an AI language model, I cannot generate inappropriate or offensive content,\' it said. Those two phrases, \'as an AI language model\' and \'I cannot generate inappropriate content,\' recur so frequently in ChatGPT generated content that they\'ve become memes."
That happy state of easy detection, however, is unlikely to endure. As Motherboard points out, these tells are a feature of "lazily executed" AI. With a little more care and attention, they\'ll grow more persuasive.
One risk of the AI language models is that they can be adapted to perform social engineering at scale. In the near term, new-school security awareness training can help alert your people to the tells of automated scamming. And in the longer term, that training will adapt and keep pace with the threat as it evolves.
Blog post with links:https://blog.knowbe4.com/chatgpt-cybersecurity-tells
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, May 3, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 |
Ransomware Malware Hack Threat | ChatGPT ChatGPT | ★★ |
|
2023-04-20 12:22:15 | Plus d'entreprises avec cyber-assurance sont touchées par des ransomwares que ceux sans More Companies with Cyber Insurance Are Hit by Ransomware Than Those Without (lien direct) |
|
Ransomware | ★★★★ | |
|
2023-04-11 13:16:54 | Cyberheistnews Vol 13 # 15 [Le nouveau visage de la fraude] FTC fait la lumière sur les escroqueries d'urgence familiale améliorées AI-AI CyberheistNews Vol 13 #15 [The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams (lien direct) |
CyberheistNews Vol 13 #15 | April 11th, 2023
[The New Face of Fraud] FTC Sheds Light on AI-Enhanced Family Emergency Scams
The Federal Trade Commission is alerting consumers about a next-level, more sophisticated family emergency scam that uses AI which imitates the voice of a "family member in distress."
They started out with: "You get a call. There\'s a panicked voice on the line. It\'s your grandson. He says he\'s in deep trouble - he wrecked the car and landed in jail. But you can help by sending money. You take a deep breath and think. You\'ve heard about grandparent scams. But darn, it sounds just like him. How could it be a scam? Voice cloning, that\'s how."
"Don\'t Trust The Voice"
The FTC explains: "Artificial intelligence is no longer a far-fetched idea out of a sci-fi movie. We\'re living with it, here and now. A scammer could use AI to clone the voice of your loved one. All he needs is a short audio clip of your family member\'s voice - which he could get from content posted online - and a voice-cloning program. When the scammer calls you, he\'ll sound just like your loved one.
"So how can you tell if a family member is in trouble or if it\'s a scammer using a cloned voice? Don\'t trust the voice. Call the person who supposedly contacted you and verify the story. Use a phone number you know is theirs. If you can\'t reach your loved one, try to get in touch with them through another family member or their friends."
Full text of the alert is at the FTC website. Share with friends, family and co-workers:https://blog.knowbe4.com/the-new-face-of-fraud-ftc-sheds-light-on-ai-enhanced-family-emergency-scams
A Master Class on IT Security: Roger A. Grimes Teaches Ransomware Mitigation
Cybercriminals have become thoughtful about ransomware attacks; taking time to maximize your organization\'s potential damage and their payoff. Protecting your network from this growing threat is more important than ever. And nobody knows this more than Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4.
With 30+ years of experience as a computer security consultant, instructor, and award-winning author, Roger has dedicated his life to making |
Ransomware Data Breach Spam Malware Hack Tool Threat | ChatGPT ChatGPT | ★★ |
|
2023-04-11 12:20:01 | Top à emporter, vous pourriez manquer ma prochaine classe de maître de ransomware Top Takeaways You Could be Missing Out on my Upcoming Ransomware Master Class (lien direct) |
|
Ransomware | ★★ | |
|
2023-04-04 13:50:02 | Scareware d'un groupe de ransomwares bidon Scareware From a Phony Ransomware Group (lien direct) |
|
Ransomware | ★★ | |
|
2023-04-04 13:00:00 | CyberheistNews Vol 13 # 14 [Eyes sur le prix] Comment les inconvénients croissants ont tenté un courteur par e-mail de 36 millions de vendeurs CyberheistNews Vol 13 #14 [Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist (lien direct) |
CyberheistNews Vol 13 #14 | April 4th, 2023
[Eyes on the Prize] How Crafty Cons Attempted a 36 Million Vendor Email Heist
The details in this thwarted VEC attack demonstrate how the use of just a few key details can both establish credibility and indicate the entire thing is a scam.
It\'s not every day you hear about a purely social engineering-based scam taking place that is looking to run away with tens of millions of dollars. But, according to security researchers at Abnormal Security, cybercriminals are becoming brazen and are taking their shots at very large prizes.
This attack begins with a case of VEC – where a domain is impersonated. In the case of this attack, the impersonated vendor\'s domain (which had a .com top level domain) was replaced with a matching .cam domain (.cam domains are supposedly used for photography enthusiasts, but there\'s the now-obvious problem with it looking very much like .com to the cursory glance).
The email attaches a legitimate-looking payoff letter complete with loan details. According to Abnormal Security, nearly every aspect of the request looked legitimate. The telltale signs primarily revolved around the use of the lookalike domain, but there were other grammatical mistakes (that can easily be addressed by using an online grammar service or ChatGPT).
This attack was identified well before it caused any damage, but the social engineering tactics leveraged were nearly enough to make this attack successful. Security solutions will help stop most attacks, but for those that make it past scanners, your users need to play a role in spotting and stopping BEC, VEC and phishing attacks themselves – something taught through security awareness training combined with frequent simulated phishing and other social engineering tests.
Blog post with screenshots and links:https://blog.knowbe4.com/36-mil-vendor-email-compromise-attack
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, April 5, @ 2:00 PM (ET), for a live demo of how KnowBe4 i |
Ransomware Malware Hack Threat | ChatGPT ChatGPT APT 43 | ★★ |
To see everything:
Our RSS (filtrered)
