Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Sixty-four percent of IT leaders have clicked on phishing links, a new survey by Arctic Wolf has found. Despite this, 80% of these same professionals are confident their organization won’t fall victim to a phishing attack. The survey found that 34% of organizations send simulated phishing emails to their employees at least once every two weeks, but only 15% of end users are aware of them. Likewise, the IT and security leaders surveyed said 83% of their employees fall for the phishing simulations.

Previously, Trustwave SpiderLabs covered a massive fake order spam scheme that impersonated a tech support company and propagated via Google Groups. Since then, we have observed more spam campaigns using this hybrid form of cyberattack with varying tactics, techniques, and procedures (TTP). Between July and September, we witnessed a 140% increase in these spam campaigns. In this blog, we will showcase the different spam techniques used in these phishing emails.

This is a burning issue that must be considered by all organizations striving to decrease their cybersecurity vulnerabilities. Keep reading to get familiar with the risks of GenAI utilized for email attacks and how advanced implementations can counterpose malicious activities.

Microsoft warns that threat actors are abusing legitimate file-hosting services to launch phishing attacks. These attacks are more likely to bypass security filters and appear more convincing to employees who frequently use these services. “Legitimate hosting services, such as SharePoint, OneDrive, and Dropbox, are widely used by organizations for storing, sharing, and collaborating on files,” Microsoft says.

This malicious tactic enables cybercriminals to sneak into an organization’s email network or other systems without the payloads typically associated with harmful software. The payloadless method leverages harder-to-detect malware delivery techniques and psychological manipulation to execute attacks. It reflects the ingenuity of threat actors and emphasizes the need for organizations to never stop revamping their security strategies.

New research shows that less malicious emails are getting past security scanners to the inbox, but also provides details about how phishing emails are becoming increasingly dangerous. So much of our training is centered around elevating the employee’s state of cyber awareness so that when they do come across that sketchy email or that too good to be true web page, they know better. But it’s only one part of a larger cybersecurity effort within an organization.

In the second quarter of 2024, 877,536 phishing attacks were reported, a marked decrease from the 963,994 attacks reported in the first quarter of the same year. However, this might not be a reason to celebrate just yet, as this reduction might be due to the fact that email providers have made it increasingly difficult for users to report phishing attempts.

A partnering of European and Latin American law enforcement agencies took down the group behind the mobile phone credential theft of 483,000 victims. Someone steals a physical mobile phone and they need to unlock it. But to do so, you need the Apple ID or Google account of the phone’s owner. So, where do you go? Well, it used to be iServer – an automated phishing-as-a-service platform that could harvest credentials to unlock the stolen phones.

Cloud-based email security solutions have been created in response to these challenges and business continuity risks. Let’s uncover what they are, the function of email gateways, and what you get when your security mechanisms are deployed in the cloud environment.