Are We Doomed? Not If We Focus on Cyber Resilience
Here’s how to doom a cybersecurity program: Think of cybersecurity as a war against an attacker that must be fought to the finish, invest in threat tracking technology for threats your organization has no capabilities to defend against, and let the sunk cost effect determine how you spend your security budget. In reality, cybersecurity is…
Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyberattacks
Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group in particular has demonstrated just how quick, easy, and lucrative it really is. In a Feb. 1 blog post, Crane Hassold, director of threat intelligence at Abnormal Security, profiled “Firebrick Ostrich” a…
Poser Hackers Impersonate LockBit in SMB Cyberattacks
A recent spate of cyberattacks against small to midsize businesses (SMBs) across Northern Europe was initially believed to be the handiwork of LockBit, but following further investigation, it turns out that a copycat group is using leaked LockBit malware for campaigns of its own. According reports from Belgium’s Computerland publication, the “wannabes,” while not as…
BlueVoyant CEO on How to Remediate Supply Chain Defense Bugs
BlueVoyant has strengthened its ability to monitor the remediation of supply chain issues and integrate that with questionnaire activity, co-founder and CEO Jim Rosenthal says. Existing supply chain security tools tend to generate lots of risk information but then put the burden on the client to interact with their suppliers about remediating that risk, Rosenthal…
Cyberattacks against governments jumped 95% in last half of 2022, CloudSek says
The number of attacks targeting the government sector increased by 95% worldwide in the second half of 2022 compared to the same period in 2021, according to a new report by AI-based cybersecurity company CloudSek. The increase in attacks can be attributed to rapid digitization and the shift to remote work during the pandemic, which…
Ukraine Successfully Blocked Over 4,500 Cyberattacks in 2022
Ukraine’s domestic intelligence agency revealed earlier this week that it successfully blocked more than 4,500 cyberattacks in 2022. The Security Service of Ukraine, which protects Ukraine’s information and digital security in wartime conditions, says the number of cyberattacks has tripled since last year and increased fivefold since 2020, when only 800 cyberattacks were documented. The…
5 cybersecurity trends accelerating in 2023
Netwrix has released key cybersecurity trends that will affect organizations of all sizes in 2023. Here are five specific trends that you need to be aware of: The business of cybercrime will be further professionalized The return of malware strains like Emotet, Conti and Trickbot indicates an expansion of cybercrime for hire. In particular, the…
US Agencies Told to Assess IoT/OT Security Risks to Boost Critical Infrastructure Protection
The GAO pointed out that the DHS, CISA and NIST have issued guidance, alerts, advisories, and other resources in an effort to help federal and private entities manage the cybersecurity risks associated with internet-of-things (IoT) and operational technology (OT) systems. While steps have been taken to protect critical infrastructure against cyberattacks, GAO believes more should…
Where Advanced Cyberttackers Are Heading Next: Disruptive Hits, New Tech
In November, Ukraine’s president revealed that the country’s IT defenses fended off more than 1,300 Russian cyberattacks, including attacks on satellite communications infrastructure. The onslaught of cyberattacks highlights one of the shifts in advanced persistent threat (APT) attacks seen in the past year: In 2022, geopolitical tensions ratcheted up, and along with them, cyber operations…
The Metaverse Could Become a Top Avenue for Cyberattacks in 2023
A combination of maturing and emerging consumer-facing cyber threats could add to the many challenges that enterprise security teams will need to contend with in 2023. Researchers at Kaspersky, looking at how the cyber threat landscape will likely evolve over the next year, expect that threat actors will expand use of many of their current…
