Phishing remains a significant and ever-evolving cybersecurity threat, with recent data showing a 28% rise in attacks between Q1 and Q2 of 2024. This trend highlights how persistent and evolving phishing tactics continue to be, impacting a staggering 94% of cybersecurity decision-makers in 2023. Attackers are increasingly using compromised internal accounts, shifting the platforms they use, and incorporating QR codes, which is becoming a new favorite way to deliver malicious content. This article describes some of the recently observed threat actor tactics as well as some tips for staying safe.
Read more…
Source: Water ISAC
Related:
- Irish Health Service ransomware attack happened after one staffer opened malware-ridden email
December 10, 2021
Ireland’s Health Service Executive (HSE) was almost paralysed by ransomware after a single user opened a malicious file attached to a phishing email, a consultancy’s damning report has revealed. Issued today, the report from PWC (formerly known as PriceWaterhouseCoopers) said that the hugely harmful Conti ransomware infection was caused because of the simplest attack vector known ...
- Israel leads 10-country simulation of major cyberattack on world markets
December 9, 2021
Israel led a 10-country, 10-day-long simulation of a major cyberattack on the world’s financial system by “sophisticated” players, with the goal of minimizing the damage to banks and financial markets, the Finance Ministry said on Thursday. The Finance Ministry led the scenario with help from the Foreign Ministry, and said the “war game” was the first ...
- DHS Announces New Cybersecurity Requirements for Surface Transportation Owners and Operators
December 2, 2021
WASHINGTON – DHS’s Transportation Security Administration (TSA) today announced two new Security Directives and additional guidance for voluntary measures to strengthen cybersecurity across the transportation sector in response to the ongoing cybersecurity threat to surface transportation systems and associated infrastructure. These actions are among several steps DHS is taking to increase the cybersecurity of U.S. ...
- Play Your Cards Right: Detecting Wildcard DNS Abuse
December 1, 2021
The domain name system (DNS) maps names to addresses so that computers can communicate. The directions within the DNS exist largely in records where a specific name (such as paloaltonetworks.com) is mapped to pieces of data, such as IP addresses (for example, 34.107.151202). As the name suggests, wildcard DNS records are an exception to this ...
- Railway Cybersecurity – Good Practices in Cyber Risk Management
November 27, 2021
This report aims to be a reference point for current good practices for cyber risk management approaches that are applicable to the railway sector. It offers a guide for railway undertakings and infrastructure managers to select, combine or adjust cyber risk management methods to the needs of their organisation. It builds upon the 2020 ENISA ...
- IT threat evolution Q3 2021
November 26, 2021
Last March, Kaspersky researchers reported a WildPressure campaign targeting industrial-related entities in the Middle East. While tracking this threat actor in spring 2021, they discovered a newer version. It contains the C++ Milum Trojan, a corresponding VBScript variant and a set of modules that include an orchestrator and three plugins. This confirms Kaspersky previous assumption ...