Phishing remains a significant and ever-evolving cybersecurity threat, with recent data showing a 28% rise in attacks between Q1 and Q2 of 2024. This trend highlights how persistent and evolving phishing tactics continue to be, impacting a staggering 94% of cybersecurity decision-makers in 2023. Attackers are increasingly using compromised internal accounts, shifting the platforms they use, and incorporating QR codes, which is becoming a new favorite way to deliver malicious content. This article describes some of the recently observed threat actor tactics as well as some tips for staying safe.
Read more…
Source: Water ISAC
Related:
- CISA Issues Binding Operational Directive 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks
October 3, 2022
CISA has issued Binding Operational Directive (BOD) 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks, which seeks improve asset visibility and vulnerability enumeration across the federal enterprise. Although BOD 23-01 is only applicable to federal civilian executive branch (FCEB) agencies, CISA recommends all stakeholders review and incorporate the standards it sets forth. Doing so ...
- Control System Defense: Know the Opponent
September 22, 2022
Operational technology/industrial control system (OT/ICS) assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes continue to be an attractive target for malicious cyber actors. These cyber actors, including advanced persistent threat (APT) groups, target OT/ICS assets to achieve political gains, economic advantages, or destructive effects. Because OT/ICS systems physical operational processes, cyber ...
- Israel has foiled dozens of cyber attacks by Iran over last year, IDF says
September 21, 2022
The IDF’s network, said to be the largest in the Middle East, is constantly being threatened, and the military has identified an increase of 70% in hostile activity in recent years. Though the majority of attacks were identified and thwarted ahead of time, the significant increase in attempts worries the IDF. “In the past year, the ...
- CISA Releases Eight industrial Control Systems Advisories
September 19, 2022
CISA has released eight (8) Industrial Control Systems (ICS) advisories on September 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: • ICSA-22-263-01 Hitachi Energy PROMOD IV • ICSA-22-263-02 Hitachi Energy AFF660/665 Series • ICSMA-22-263-01 ...
- Eastern European org hit by second record-smashing DDoS attack
September 16, 2022
Akamai says it has absorbed the largest-ever publicly known distributed denial of service (DDoS) attack – an assault against an unfortunate Eastern European organization that went beyond 700 million packets per second. This latest tsunami of traffic hit on Monday, according to the web infrastructure biz, and we’re told the cybercriminals responsible for the earlier record-setting ...
- Zero-Day Exploit Detection Using Machine Learning
September 16, 2022
Code injection is an attack technique widely used by threat actors to launch arbitrary code execution on victim machines through vulnerable applications. In 2021, the Open Web Application Security Project (OWASP) ranked it as third in the top 10 web application security risks. Given the popularity of code injection in exploits, signatures with pattern matches are ...