Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

More than one in ten people who were targeted by job scams this year fell victim, according to a report from Resume.org. Younger people, particularly young men, are more likely to fall victim. “In total, 14% of those who received a job scam text fell victim,” the report says. “Younger workers are more likely to have fallen victim to the scam. “Twenty percent of Gen Zers fell for a job scam, followed by 16% of millennials, 10% of Gen Xers, and just 4% of boomers.

The US Federal Trade Commission (FTC) has issued an advisory warning of job scams that impersonate well-known companies with tempting employment opportunities. The scammers are trying to steal users’ personal and financial information in order to steal their money or launch further attacks.

Scammers are using over 17,000 phony news sites to push investment fraud, according to a new report from CTM360. These websites, which the researchers call “Baiting News Sites (BNS),” spread via legitimate ad platforms such as Google or Meta. The sites impersonate well-known news providers, including CNN, the BBC, CNBC, News24, and ABC News. If a user clicks on one of these sites, they’ll be shown a fake news article about a well-known figure promoting a phony investment opportunity.

We are working tirelessly on our AI First strategy to better protect both humans and their AI tools. KnowBe4 and its advocates spend a lot of time talking to audiences about AI-enabled threats, and rightly so, as recently covered in dozens of previous posts, including this recent one. This year and next promise to be an explosion of cyber threats better enabled by AI. After years of saying AI attacks would be coming, they are here and will be the way that most cybercrime is committed forevermore.

Digital connectivity is reshaping European manufacturing, driving both efficiency and innovation. However, this shift has also created a complex and vulnerable cyber threat landscape, making manufacturing the most targeted industry for cyberattacks for the past four years. Connected systems and legacy infrastructure are colliding, expanding the attack surface and exposing manufacturers to increased risks.

Getting through secure email gateways (SEGs) is simply the cost of doing business for a cybercriminal. Literally, detection at the perimeter by a SEG is the same as falling at the first hurdle. SEGs have been adopted broadly, especially in larger organizations (although this picture has started to change in recent years - more on that below). Even where organizations don’t use a SEG, many native controls in email platforms (like Microsoft Exchange) operate using the same principles.

Researchers at Netcraft warn that AI-generated search engine summaries are suggesting phishing sites when users ask them to find legitimate login pages. The researchers tested popular AI models, asking them for the login pages of fifty major brands, and found that the models provided the wrong sites 34% of the time. "In many cases, users see AI-generated content before (or instead of) traditional search results—and often without even needing to log in," the researchers explain.

AI is going to allow better, faster, and more pervasive attacks. For a few years, if you attended one of my presentations involving AI, I would tell you all about AI and AI threats…perhaps even scare you a bit…and then tell you this, “AI attacks are coming, but how you are likely to be attacked this year doesn’t involve AI. It will be the same old attacks that have worked for decades.” I always got lots of comforted smiles from those ending lines. But this year is different.

The US FBI and cybersecurity experts are warning that the Scattered Spider extortion gang has shifted its focus to the aviation and transportation sectors, BleepingComputer reports. The group spent the past several months targeting companies in the retail and insurance sectors, and has now hit several airlines. Scattered Spider uses social engineering attacks to gain initial access, then steals data and/or deploys ransomware to extort their victims.

Employees are expected to behave securely, and the definition of “securely” is often written down in a myriad of security policies. Yet, people do not always comply with security policies or make use of available tools. Gartner documents in their research that 69% of all employees intentionally bypass cybersecurity guidance, and 93% behave consciously and deliberately insecurely when they have to. Is Non-Compliance a Question of Motivation?