Fraud in Your Inbox: Email Is Still the Weakest Link

Financial fraud remains the leading driver of cyber insurance claims. 83% of cases are traced back to email-based attacks. While most of the common tactics used to deceive employees have remained the same, including wiring funds to fraudulent accounts, executive and vendor impersonation and business email compromise scams, generative AI-crafted emails are on the rise as a threat. These findings reflect broad fraud trends. According to the...

Read More

IT Security Trends that Accelerated in 2024

There are a number of trends that impact IT security that accelerated through 2024 and are promising to grow as threats in 2025. Some of these trends are enabled or accelerated by emerging technologies like widespread AI and others are so old that their recent uptick is surprising.   AI-enabled Scams/Social Engineering The rise of AI-enabled scams and fraud is predictable, in many cases just creating a more believable layer to classic...

Read More

Iranian Hackers Threaten Critical Sectors Using Brute Force

Advisory Warns of Iranian Threat Actors Iranian cyber actors are using brute force techniques like password spraying and multifactor authentication “push bombing” to attack global critical infrastructure sectors, according to a recent joint advisory. The U.S. Cybersecurity and Infrastructure Security Agency published a cybersecurity advisory with the FBI, NSA and cyber authorities in Canada and Australia warning of an increasing threat...

Read More

CDK and Crowdstrike: Are your vendors putting you at risk?

What do you do when a service or platform that your organization relies on goes down? The recent chaos caused by problems with CDK and Crowdstrike highlights the need to be mindful of risks caused by 3rd party vendors. It’s also a reminder as to why having a contingency plan in place before an outage or attack occurs is key to any organization’s response. Both issues stemmed from different root causes. In CDK’s case, a ransomware attack left...

Read More

Windows 10 Is Nearing End of Support. Is Your Organization Prepared?

Microsoft announced in December that Windows 10 will reach end of support in October 2025. Those who rely on the operating system will no longer receive essential security updates, bug fixes or technical support unless they migrate to Windows 11 and they sign up for escalating maintenance fees. The Extended Security Update program for devices running Windows 10 enables enterprises to continue receiving monthly security updates by paying $61 per...

Read More

Russian Sandworm Hacking Team Expands Reach

Russian Cyber Sabotage Unit Sandworm Adopting Advanced Techniques Mandiant newly designated the Russian military intelligence hacking team known as Sandworm as APT44. Russia’s preeminent cyber sabotage unit presents “one of the widest and high severity cyber threats globally” due to its advanced capabilities and successes in disrupting global critical infrastructure sectors, a new report warns. Sandworm is the cyberwarfare...

Read More

Banking Trojan Harvests Facial Biometrics for AI Deepfakes

GoldPickaxe Malware Can Record User’s Face, Gather Video Used in Deepfake Crimes A Chinese-speaking cybercrime group, identified as GoldFactory, is expanding the functionality and reach of its advanced banking Trojans. These Trojans are now collecting and stealing biometric data. Cybersecurity firm Group-IB recently released a report saying that GoldFactory has developed a new Trojan, dubbed GoldPickaxe, that comes in Android and iOS variants...

Read More

2023 Saw a Number of High-Profile Breaches

We hope that you had a successful 2023. Looking back, 2023 saw a number of high-profile breaches as criminals and nation-state-supported hackers both created new methods of attacking and took advantage of existing vulnerabilities. Looking to 2024, here are a few things that we think are worth keeping an eye on moving forward. Phishing NOW WITH AI Phishing continues to be a persistent and lucrative attack vector for criminals and state-...

Read More

Okta Says Hacker Stole Every Customer Support User’s Details

Beware of Phishing and Social Engineering Attacks Targeting Passwords, Vendor Warns Okta, the identity and authentication giant, said the attacker behind its September data breach stole more information than it first discovered. That includes details for all users of its primary customer support system. They first publicly confirmed the breach on Nov. 3, warning that attackers had gained access to its customer support management system and...

Read More

Phishing Accounts for More than Half of Cybercrime

Cybercrime is an ever-evolving field. Technology evolves to allow new tactics or new scales for criminals, as well as giving firms new tools to combat fraud and theft. Due to the fact that it’s ever-evolving, sometimes it can be difficult to see vast changes that occur over time. Over the last 5 years, there have been significant changes to the landscape of cybercrime. Not just in the increases in scale but also significant changes in the types...

Read More