Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As cyber attacks continue to grow in sophistication, frequency, cyber insurers are expecting their market to double in the next two years. I’ve spent a lot of time here on this blog educating you on attack specifics, industry trends, and the impacts felt by attacks. I’ve also talked quite a bit about cyber insurance and the trends therein. But seldom have we been able to combine the two and present the state of cyber attacks from an insurer’s perspective.

A phishing (by email) and smishing (by SMS text) operation in Madrid, Seville and Guadalajara has been taken down by the National Police of Spain.

New data from the U.K.’s Office of National Statistics shows that this often overlooked scam has grown significantly in interest – likely because it pays off. If you’re not familiar with this kind of scam, it’s pretty simple: the scammer presents the victim with an opportunity for a grant, a prize – something of value – but requires a small payment up front (often called a processing fee, etc.).

We are proud to announce that TrustRadius has recognized KnowBe4 with a 2023 Top Rated Award. With a trScore of 9.0 out of 10 and over 800 verified reviews and ratings, KnowBe4 is recognized by the TrustRadius community as a valuable player in the Security Awareness Training category. Reviewers on TrustRadius gave high marks for KnowBe4’s overall ease of use, the variety of training and phishing content available, and great customer support.

A newly identified criminal organization has been observed running a large number of business email compromise (BEC) scams. Since February 2021, Abnormal Security reports the gang has been responsible for some 350 BEC campaigns against a range of companies. No particular sector is favored, but the scammers favor larger organizations, with more than 100 of the targets being multinational corporations with offices in several countries.

New data shows a resurgence in successful ransomware attacks with organizations in specific industries, countries and revenue bands being the target. While every organization should always operate under the premise that they may be a ransomware target on any given day, it’s always good to see industry trends to paint a picture of where cybercriminals are currently focusing their efforts.

The InterPlanetary File System (IPFS), a distributed file-sharing system that represents an alternative to the more familiar location-based hypermedia server protocols (like HTTPS), is seeing more use in file-storage, web-hosting, and cloud services. As might be expected, more use is accompanied by more abuse via phishing attacks.

Unfortunately ransomware attacks have taken another victim. The City of Dallas recently confirmed that their police department suffered a ransomware attack. This attack shutdown essential services along with some 911 dispatch systems. This was announced in a statement by the city in a press release. "Wednesday morning, the City’s security monitoring tools notified our Security Operations Center (SOC) that a likely ransomware attack had been launched within our environment.

The U.S. government created a new office to block disinformation. The new Foreign Malign Influence Center (FMIC) oversees efforts that span U.S. military, law enforcement, intelligence, and diplomatic agencies. The FMIC was established on September 23 of last year after Congress approved funding, and is situated within the Office of the Director of National Intelligence. The FMIC has the unique authority to marshal support from all elements of the U.S.

The evidence is clear – there is nothing most people and organizations can do to vastly lower cybersecurity risk than to mitigate social engineering attacks. Social engineering is involved in 70%-90% of all successful attacks. No other root cause of initial breach comes close (unpatched software is involved in 20% to 40% of attacks and everything else is in the single digits). Every person and organization should create their best possible defense-in-depth plan to fight social engineering.