Category Archives: Security Awareness
Hackers Pivoting Around Macro Blocking in Microsoft Office
Microsoft’s default blocking of macros in its Office suite is not stopping hackers. These hackers are now using alternative files to host malicious payloads, now that Microsoft’s primary method of threat delivery is being cut off.
The use of macros-enabled attachments by threat actors has decreased dramatically in the past year, according to new data by Proofpoint revealed in a blog post Thursday. The decrease began when Microsoft announced it would block XL4 macros by default for Excel users. This was followed up with the blocking of VBA macros by default across the Office suite this year.
As Microsoft continues to improve its Office suite security, hackers are increasingly resorting to other file types as vessels for malware, Trend Micro researchers said. Specifically, the company is seeing an increase in the use of “container files” such as ISO and RAR attachments as well as Windows Shortcut (LNK) files.
In the … Read the rest
Ransomware attacks on retail increase
Sophos surveyed more than 300 retailers in 2021, and it found that 300 of them had been hit with ransomware attacks.
A new study from Sophos found that retail businesses are increasingly being targeted by ransomware. Sophos, a leader in cybersecurity, interviewed IT workers at mid-sized organizations in the retail sector to find out about their experiences with ransomware.
77% of respondents who were hit with ransomware in the year 2021 represented a 75% increase compared to 2020. That number is pretty bad. The average ransom payment grew from $147,811 in 2020 to $226,044 in 2021.
Chester Wisniewski, a scientist who works for a company that makes anti-virus software, discovered that about half of businesses who are attacked with ransomware think the volume and complexity of ransomware has stayed the same. He said that what surprised him most was that 77% of businesses had been attacked by ransomware.
… Read the restChester stated:
What Is A USB Rubber Ducky?
USB Rubber Ducky is a USB device that looks like a flash drive. It can be used to hack into systems, steal data and inject malicious codes into computers. The most important thing to remember about this device is that it can’t be detected by any anti-virus or firewall because it’s an HID device.
What is a HID device?
Human Interface Devices (HID) is a device class definition to replace PS/2-style connectors with a generic USB driver to support HID devices such as keyboards, mice, game controllers, and so on. Prior to HID, devices could only utilize strictly-defined protocols for mice and keyboards. Hardware innovation required either overloading data in an existing protocol or creating non-standard hardware with its own specialized driver. HID provided support for these “boot mode” devices while adding support for hardware innovation through extensible, standardized and easily-programmable interfaces.
HID devices today include a broad range of
Tips on Cybersecurity Awareness and Training
Empower your employees and protect your organization with expert tips on cybersecurity awareness and training. Stay one step ahead of cyber threats.
Introduction
In today’s digital landscape, where cyber threats are becoming increasingly sophisticated, cybersecurity and information security have become critical concerns for individuals and organizations alike. No longer limited to big corporations, everyone is now a potential target for cyber attacks. It is essential to exercise caution with personal information and devices. To combat this growing threat, user training plays a pivotal role in information security. By ensuring that employees are well-informed and equipped with the necessary skills, they can actively contribute to protecting both themselves and the company.
The Importance of User Training and Awareness
Understanding the Difference: Training vs. Awareness
Training and awareness are two terms often used interchangeably in the context of information security. However, it is crucial to understand the distinction between them. Training aims … Read the rest
The most impersonated brand in phishing attacks: Microsoft
Discover why Microsoft is the most impersonated brand in phishing attacks. Learn about the rise and fall of phishing incidents, industries targeted, and how to protect yourself.
Introduction
Phishing attacks have become increasingly prevalent in today’s digital landscape, with cybercriminals constantly devising new ways to exploit unsuspecting individuals and organizations. In the realm of phishing attacks, Microsoft stands out as the most impersonated brand, making it a top target for cybercriminals. In this article, we delve into the world of phishing attacks, exploring the reasons behind Microsoft’s popularity among cybercriminals, the rise and fall of phishing attacks over time, the industries most affected, and the implications of these attacks on both individuals and businesses.
Why is Microsoft the Most Popular Brand for Phishing Attacks?
Microsoft’s dominance in the realm of phishing attacks can be attributed to several factors. Firstly, Microsoft 365 has gained significant traction among small and medium-sized businesses, … Read the rest
What Are Web App Based Attacks?
Web-based applications give us the ability to shop, email, bank, learn, and socialize. These applications can be used for shopping, communicating, and so much more. They’re a great way for businesses and consumers to connect.
With the rise in popularity of apps, businesses now have a much larger attack surface. The average large business has 946 custom apps deployed and another 193 that are in development. The internet is the platform of today. Web-based apps are everywhere: your phone, your computer, and even on smart devices. Unfortunately, we all know that most people don’t update their software often enough. Cyber attackers are targeting apps for sensitive data. Attackers can gain access to your personal information and sell it online for illicit gains. These apps contain sensitive records, such as financial information, medical data, and other personal information that could be sold online.
Most common web app based attacks
Attackers have … Read the rest
Are C-Suite Executives A Threat To Cyber Security?
A new study shows that executives are more vulnerable to security breaches than ever. BlackCloak, a cybersecurity company, surveyed 1,000 of its members—and discovered that 23% of executives have open ports on their home networks. And what’s worse, 20% of those with open ports have open security cameras.
To top it off, 27% of executives’ own devices contain malware, 76% of their own devices are actively leaking data, and 87% of executives’ own devices have no security installed.
For security professionals, this is the most disturbing finding of all: Only 8% of executives have multi-factor authentication enabled on the majority of their apps and devices. And 87% of them have passwords that are leaked on the dark web. Thats a damn shame.
The general population is very vulnerable to cyber threats, but executives are even more susceptible to them. According to John Hellickson, CISO at Coalfire, executives often put pressure … Read the rest
Increase Your Cyber Security Resilience
Increase Your Cyber Security Resilience because cyberattacks can come from any direction. They can paralyze an entire company.
Introduction
As cyberattacks become more sophisticated, security breaches have become a fact of corporate life. Cyberattacks are accelerating at an alarming rate as hackers and their use of technology, techniques, and procedures become more sophisticated and more cunning.
How can organizations stay ahead of cyber-criminals? Can they? Can they fight back or will they forever be playing catch-up? Is it enough to just use technology or must other approaches be taken?
As the world becomes more and more digital, people are becoming increasingly concerned about cyberattacks. The current security approach is to simply protect against external hacking. But it doesn’t work. To stand resilient against threats, companies must protect against cyberattacks continually and holistically, with enterprise-wide knowledge, skills and judgment.
Cyber Security Resilience
Cyber security resilience is about being prepared to protect … Read the rest
Bank Account Takeover Is Rising
Cybercriminals keep using account takeover to trick account holders into giving them access to their bank accounts. Bank account takeover is especially lucrative for hackers because of the potential to steal money from the accounts. As most researchers and financial executives can attest, cybercriminals have increasingly used account takeover, which is more popular than most types of fraud.
A recent study has found that account takeover is big business for cybercriminals. It is a growing problem that can be devastating to a bank and its customers. As per the study by Javelin Research, account takeover increased by 90% in the last year. The firm estimates that financial fraud will cost $11.4 billion in 2021, which is about one-quarter of all financial fraud losses in 2018.
Cyber thieves are betting on the fact that if they try to seize a large number of accounts, eventually they will get a payoff. … Read the rest
Cyber Security Steps To Protect Your Company
Ransomware attacks rose again. The number of ransomware families rose from 143 to 157 in just one year. This means that the frequency and severity of attacks is still increasing. Ransomware attacks are up over last quarter, over the previous year, and up over the last three years.
The cybersecurity report you just read found that these cybercriminal groups are continuing to target unpatched vulnerabilities and weaponize zero-day vulnerabilities in record time to instigate crippling attacks. At the same time, they are broadening their spheres of attack and finding newer ways to compromise organizational networks and fearlessly trigger high-impact assaults.
Ransomware attacks can be devastating. According to Coveware, an attack costs an average of $220,298 and 23 days of downtime. Given the scramble to shift to the digital landscape combined with unprecedented shortages of skilled IT labor, a cyber-attack could cripple even the strongest businesses.
Loading ...