Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Attackers are increasingly using images in phishing to evade text-based security filters, according to researchers at INKY.

Email-based social engineering attacks have risen by 464% this year compared to the first half of 2022, according to a report by Acronis. Business email compromise (BEC) attacks have also increased significantly. “One out of 76, or 1.3%, of the received emails were malicious,” the researchers write. “Phishing remains the number one threat, with these attacks making up 73% of the total.

Hey, did you get that sketchy email? You know, the one from that malicious hacker always trying to fool us into clicking on some malware? Boy, these criminals are relentless. Wait, what? You clicked on it? Uh-oh... A hypothetical scenario, but one that plays out every day in organizations across the globe. The truth is that it is a very real scenario that offers a good opportunity to dive deeper into the topic of email security.

Gmail accounts often contain vital, sensitive information including confidential documents and personal photos. They also often serve as a way to recover passwords for accounts like your banking login. That’s why email accounts are a common target for cybercriminals. Access to your Gmail account could be used to steal your money or your identity.

In the world of cybersecurity, there are a few constants, one of the big ones being the fact that news, innovation, and threats move fast and are constantly evolving. It is important for security professionals to stay in the loop about major developments in cybercriminal activity and the cybersecurity industry. Fortra’s PhishLabs offer resources to learn about a variety of cybersecurity-related topics, including a blog that regularly features cybersecurity news.

The Better Business Bureau (BBB) has warned of a scam in which attackers pose as process servers in order to steal information and commit identity theft. “You receive a call from an unknown or blocked number from a person claiming to be a process server,” the Bureau says. “They might say there is a lien on your home or someone is taking you to court over unpaid medical bills.

When KnowBe4 went public in April 2021, I got to know a select group of analysts that served as co-managers on our IPO. These professionals all know our industry very well and we spoke with them quarterly during our earnings conference call where we discussed the past 3 months and expectations for the future. One of these firms was Baird Equity Research and I am still on their mailing list, even though we went private this year as a Vista Equity Partners portfolio company.

In this blog post, we outline why phishing continues to present such a threat and outline 10 steps you can take to better defend your organisation against it.

Credential harvesting is a technique that hackers use to gain unauthorized access to legitimate credentials using a variety of strategies, tactics, and techniques such as phishing and DNS poisoning. Phishing is the most frequent type of cyber threat and can lead to more harmful attacks such as ransomware and credential harvesting. According to recent research, phishing assaults targeted credential harvesting in 71.5% of cases in 2020.

The Iranian threat actor Charming Kitten is launching sophisticated spear phishing attacks to distribute a new version of its POWERSTAR malware, according to researchers at Volexity. “In the last few years, Volexity has observed threat actors dramatically increase the level of effort they put into compromising credentials or systems of individual targets,” Volexity says.