Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The dynamism of Artificial Intelligence (AI) is transforming not only the tech landscape but also various sectors of human activity at breakneck speeds. Unfortunately, with any progress in technology, these advances aren’t only being applied in beneficial ways.

Our inaugural 2022 threat roundup report started by observing that “the year 2022 was eventful for cybersecurity.” As you can imagine, 2023 was no less eventful. Some of the key events included ongoing conflicts and the appearance of new ones, the emergence of critical vulnerabilities being mass exploited and the ever-increasing threat of cybercrime.

Based in Irvine, California, LoanDepot is a nationwide mortgage lender. Their solutions assist homeowners in purchasing land and obtaining reasonable equity costs. They are licensed in 50 states and, in 14 years, have become the most significant nonbanking lender in the US. In the second week of January, we featured a piece on LoanDepot; at the time, they were in the throes of a cyber skirmish, fighting for control of their discombobulated systems.

US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). The Cybersecurity and Infrastructure Security Agency (CISA), United States Environmental Protection Agency (EPA), and Federal Bureau of Investigation (FBI) have published the guide in an attempt to promote cybersecurity resilience and improve incident response in the WWS sector.

For years, the BFSI industry has been a top target for cyberattackers. Yet, despite long-standing awareness of financial cyber risks, the problem is only getting worse as banks, insurance companies, FinTech businesses and other organizations that operate in the finance sector face a growing array of threats and risks. For example, threat actors are increasingly using financial organizations’ customers as a vector for attack.

Update: Meta appears to be coming online again. Breaking news: 3 threat actor groups (Skynet, Godzilla, and Anonymous Sudan) have claimed to attack and shut down Facebook, Threads and Instagram. Users are being automatically logged out of Meta and being shown session expired messages. Then they are unable to log back in. Instagram is showing feed errors.

Cybercrime is a growing problem for higher education. Between 2020 and 2021, cyberattacks targeting the education sector increased by 75%. In line with other industries, the education sector is also experiencing a dramatic increase in ransomware attacks. According to the 2022 Verizon Data Breach Investigations Report, 30% of data breaches in the industry were attributed to ransomware attacks.

Companies grow through mergers and acquisitions. Marketing teams promote new products. New products spawn new web domains. As brand names, URLs, and cloud IT infrastructure proliferate, so do enterprises’ vulnerability to online attacks. At the same time, security professionals working with limited resources find it increasingly challenging to maintain oversight of their online assets.

Social engineering is a technique commonly used by adversaries to manipulate individuals or groups of people into divulging confidential information, performing certain actions, or giving up access to valuable resources. These attacks can take many forms and are typically carried out through electronic communication channels or in-person interactions.

Some of the most common types of password attacks include password cracking, password spraying, dictionary attacks, credential stuffing, brute force and rainbow table attacks. The better your password habits are, the less susceptible you are to password attacks. Keeper’s Password Management Report found that only 25% of respondents use strong, unique passwords for every account – meaning that 75% of respondents place their accounts at risk of being compromised due to weak passwords.