Phishing remains a significant and ever-evolving cybersecurity threat, with recent data showing a 28% rise in attacks between Q1 and Q2 of 2024. This trend highlights how persistent and evolving phishing tactics continue to be, impacting a staggering 94% of cybersecurity decision-makers in 2023. Attackers are increasingly using compromised internal accounts, shifting the platforms they use, and incorporating QR codes, which is becoming a new favorite way to deliver malicious content. This article describes some of the recently observed threat actor tactics as well as some tips for staying safe.
Read more…
Source: Water ISAC
Related:
- Even after Emotet takedown, Office docs deliver 43% of all malware downloads now
July 23, 2021
Malware delivered over the cloud increased by 68% in Q2, according to data from cybersecurity firm Netskope. The company released the fifth edition of its Cloud and Threat Report that covers the cloud data risks, threats and trends they see throughout the quarter. The report noted that cloud storage apps account for more than 66% of cloud ...
- Industrial Networks Exposed Through Cloud-Based Operational Tech
July 22, 2021
The benefits of using a cloud-based management platform to monitor and configure industrial control systems (ICS) devices are obvious — efficiency, cost-savings and better diagnostics just for starters. But new research found critical vulnerabilities in these platforms that could be used to paralyze operations if left unmitigated. An analysis by Claroty’s newly branded Team82 research team ...
- DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators
July 20, 2021
WASHINGTON – Today, in response to the ongoing cybersecurity threat to pipeline systems, DHS’s Transportation Security Administration (TSA) announced the issuance of a second Security Directive that requires owners and operators of TSA-designated critical pipelines that transport hazardous liquids and natural gas to implement a number of urgently needed protections against cyber intrusions. “The lives and ...
- TeamTNT Campaigns Emphasize Importance of Addressing Cloud Security Gaps
July 20, 2021
Having covered TeamTNT in several of our blog entries over the past couple of years, we embarked on a research that encompasses the malicious actor group’s campaigns, tools, and techniques in 2020 and early 2021. Although believed to have been active since 2011, TeamTNT stayed under the radar for many years before exploding onto the scene ...
- Bug bounty platform urges need for firms to have vulnerability disclosure policy
July 16, 2021
Organisations should provide a proper channel through which anyone can report vulnerabilities in their systems. This will ensure potential security holes can be identified and plugged before they are exploited. Establishing a vulnerability disclosure policy (VDP) also would provide assurance to anyone, such as security researchers, acting in good faith that they would not face prosecution ...
- DDoS attack registered on Russian Defense Ministry website
July 16, 2021
The official website of the Russian Defense Ministry is down due to a DDoS attack, a source in the law enforcement informed TASS on Friday. “Specialists from the defense ministry are repelling a DDoS attack on the official website of the Defense Ministry,” the source said. Read more… Source: TASS