67% of all malware in Q1 2020 was delivered via encrypted HTTPS connections and 72% of encrypted malware was classified as zero day, so would have evaded signature-based antivirus protection, according to WatchGuard. These findings show that without HTTPS inspection of encrypted traffic and advanced behavior-based threat detection and response, organizations are missing up to…

Nearly 90 percent of global organizations were targeted with BEC and spear phishing attacks in 2019, reflecting cybercriminals’ continued focus on compromising individual end users, a Proofpoint survey reveals. Seventy-eight percent also reported that security awareness training activities resulted in measurable reductions in phishing susceptibility. The report examines global data from nearly 50 million simulated…

Emails coming from legitimate, compromised accounts are difficult to spot, both for existing email protection systems and the recipients themselves. Lateral phishing tactics Researchers from Barracuda, UC Berkeley and UC San Diego have studied 180 lateral phishing incidents and have identified the following patterns organizations and individuals should be aware of: One in 10 of…

The time it takes to detect the average cyberattack has shortened, but cyberattackers are now using more subtle techniques to avoid better defenses, a new study of real incident response engagements shows. Victim organizations detected attacks in 14 days on average last year, down from 26 days in 2017. Yet, attackers seem to be adapting…

Latest tactics used by cybercriminals to bypass traditional email security

Cybercriminals are continuously using new strategies to get past email security gateways, with brand impersonation being used in 83 percent of spear-phishing attacks, while 1 in 3 business email compromise attacks are launched from Gmail accounts. Sextortion scams, a form of blackmail that makes up 10 percent of all spear-phishing attacks, continue to increase. Employees…