Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains

Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains

Threat actors are increasingly targeting trusted business platforms such as Dropbox, SharePoint, and QuickBooks in their phishing email campaigns and leveraging legitimate domains to bypass security measures, a new report released today has found. By embedding sender addresses or payload links within legitimate domains, attackers evade traditional detection methods and deceive unsuspecting users. According to Darktrace’s Annual Threat Report 2024, the authors detected more than 30.4 million phishing emails, reinforcing phishing as the preferred attack…

Read More

Ransomware Payments Decreased by 35% in 2024

Ransomware Payments Decreased by 35% in 2024

Ransomware payments took an unexpected plunge in 2024, dropping 35% to approximately $813.55 million — despite payouts surpassing $1 billion for the first time in 2023. The decline was largely driven by a series of successful law enforcement takedowns and improved cyber hygiene, which enabled more victims to refuse payment, according to blockchain platform Chainalysis. The drop came as a surprise, considering the upward trend seen earlier in the year. In fact, ransomware actors extorted…

Read More

Healthcare can — and must — learn from 2024’s devastating cyberattacks

Healthcare can — and must — learn from 2024’s devastating cyberattacks

It was a rough year for cybersecurity in the healthcare industry. Providers remain opportune targets because of relatively limited security budgets, a vulnerability to downtime, valuable patient data, and insufficient monitoring of fast-scaling Internet of Medical Things (IoMT) devices and other network-connected equipment. Ideally, absorbing the lessons of these attacks enables healthcare delivery organizations to move faster: faster to implement sufficient protections that deter attacks with harder targets, and faster to respond when attacks do…

Read More

UK Considers Banning Ransomware Payments

UK Considers Banning Ransomware Payments

The U.K. government is considering banning ransomware payments to make critical industries “unattractive targets for criminals.” It would apply to all public sector bodies and critical national infrastructure, which includes NHS trusts, schools, local councils, and data centres. Currently, all government departments nationwide are banned from paying cyber criminals to decrypt their data or prevent it from being leaked. This rule intends to protect the services and infrastructure the British public relies on from financial…

Read More

Protect 3 Devices With This Maximum Security Software

Protect 3 Devices With This Maximum Security Software

TL;DR: Protect your privacy on three devices with a 1-year subscription to Trend Micro Maximum Security for $19.99 (reg. $49.99). Cyber threats have become more sophisticated, and even cautious users can find themselves vulnerable to ransomware attacks, phishing schemes, and identity theft. A single click on the wrong link or a cleverly disguised email can lead to encrypted files, stolen credentials, or compromised accounts. Tech-savvy users know how to spot the signs of a scam…

Read More

US Sanctions Chinese Cybersecurity Firm for Ransomware Attack

US Sanctions Chinese Cybersecurity Firm for Ransomware Attack

The U.S. has sanctioned Sichuan Silence, a Chinese cybersecurity firm involved in ransomware attacks targeting critical infrastructure in 2020. One of its employees, Guan Tianfeng, has also been charged individually. Guan, a security researcher, discovered a zero-day vulnerability in a firewall product developed by U.K.-based security firm Sophos. He exploited the vulnerability, designated CVE 2020-12271, using a SQL injection attack that retrieved and remotely executed a script from a malicious server. Guan and his co-conspirators…

Read More

Cybersecurity News Round-Up 2024: Top 10 Biggest Stories

Cybersecurity News Round-Up 2024: Top 10 Biggest Stories

This year has not been quiet for the cybersecurity field. We have seen record-breaking data breaches, huge ransomware payouts, and illuminating studies about the impact of the increasingly complex and ever-evolving threat landscape. As we approach the new year, TechRepublic revisits the biggest cybersecurity stories of 2024. 1.  Midnight Blizzard’s attack on Microsoft In January, Microsoft disclosed that it had been a victim of a nation-state-backed attack beginning in November 2023. The Russian threat actor…

Read More

Starbucks, Supermarkets Targeted in Ransomware Attack

Starbucks, Supermarkets Targeted in Ransomware Attack

Starbucks and several major U.K. supermarkets experienced disruption due to a ransomware attack on the prominent supply chain software provider Blue Yonder. The company disclosed the incident on Thursday, Nov. 21, and it was still working to restore services the following Monday. The disruption to the Blue Yonder platform prevented Starbucks from paying its baristas and managing their schedules, according to the Wall Street Journal. As a result, cafe managers had to manually calculate their…

Read More

The evolving rate of patch management and eISSU for financials

The evolving rate of patch management and eISSU for financials

The ransomware threat has never been greater than it is today. Financial institutions process more digital transactions for more customers today than at any point in human history. The wealth that can be exploited through disruption in any large financial market is significant. Ransomware and malware have been areas of key concern by regulators in the past 24 months and updates to the Federal Financial Institutions Examination Council (FFIEC) and PCI DSS 4.0 now both…

Read More

The evolving rate of patch management and eISSU for financials

The evolving rate of patch management and eISSU for financials

The ransomware threat has never been greater than it is today. Financial institutions process more digital transactions for more customers today than at any point in human history. The wealth that can be exploited through disruption in any large financial market is significant. Ransomware and malware have been areas of key concern by regulators in the past 24 months and updates to the Federal Financial Institutions Examination Council (FFIEC) and PCI DSS 4.0 now both…

Read More
1 2 3 42