British Intelligence has come up with a potentially very effective means to disrupt ransomware attacks, but there seems to still be a few kinks in the system. The phone rings at your U.K. office and it’s the U.K. government’s National Cyber Security Centre (NCSC) letting you know they’ve detected a potential cyberattack.
New data shows a massive uptick in attacks across all industries, but a particularly worrisome growth in interest in targeting the public sector – and the indicators of who’s responsible may surprise you.
Customers of the bankrupt cryptocurrency exchange FTX are already receiving phishing emails following a breach of personal data held by several crypto companies, CoinDesk reports. The customer data was leaked after a T-Mobile employee fell for a SIM swapping attack and granted a threat actor access to an account belonging to an employee of financial advisory firm Kroll.
A recent survey by Lookout, Inc. warns for a specific attack vector as Labor Day approaches. The study shows that 85% of enterprise employees capable of remote work plan to do so on Friday, September 1, primarily using mobile devices. This creates an ideal environment for hackers to launch targeted phishing attacks. The risk is exacerbated by the fact that 80% of respondents admit to being more relaxed and distracted when working remotely on Fridays during the summer.
Researchers at Trustwave are tracking an increase in the use of QR codes to spread phishing links. “Being open-source, QR code generators have become accessible to anyone with access to the internet,” the researchers write.
No surprise: phishing attacks are on the rise, and a new technique is becoming increasingly popular: open redirect flaws. These flaws allow attackers to redirect victims to malicious websites, even if the link in the phishing email appears to be legitimate.
Researchers at Trustwave have published a report outlining trends in business email compromise (BEC) attacks, finding that these attacks spiked in February of 2023. “For the first quarter of the year, we saw a 25% increase in unique attacks compared to the last quarter of 2022,” the researchers write. “February accounted for the highest volume of BEC emails in the first half of the year. January is the second most active month for BEC.
Callback phishing isn't your typical email scam. Instead of the usual suspects with bad grammar and obvious malicious links, these attacks play mind games. They set up a multi-layered trap using some smooth-talking tactics to get you to dial a fake number and spill your sensitive info.
Users of the language learning app Duolingo should be wary of targeted phishing attacks following a recent data leak, according to Anthony Spadafora at Tom’s Guide. Criminals scraped the names and email addresses of 2.6 million Duolingo users earlier this year, and are now selling the entire dataset on underground forums for approximately $2.13.
Monitoring of traffic to phishing pages hosted on the free hosting service Cloudflare R2 show an unheard of spike of 6100%, many going undetected by many security solutions due to the evasive techniques used. I can’t remember a time when I’ve covered a story and the reported increases were as large as the recent spike in malicious network traffic observed by Netskope.
