2020, Security Awareness and Social Engineering

Managed Detection and Response in Q4 2020

SecureList

JULY 21, 2021

As cyberattacks become more sophisticated, and security solutions require more resources to analyze the huge amount of data gathered every day, many organizations feel the need for advanced security services that can deal with this growing complexity in real time, 24/7. Data processing pipeline and security operations.

Social Engineering

Social Engineering Engineering Technology Adware

How to Build Successful Security Awareness Training Programs in 2021 and Beyond

Webroot

DECEMBER 22, 2020

Security awareness training is one of the most straightforward ways to improve a business’ overall resilience against cyberattacks. To help you get started, here are our top 5 recommendations for starting your security awareness program so you can maximize the impact of your efforts. That is, when you get it just right.

Security Awareness

Security Awareness Social Engineering Phishing Engineering

Hopeful employees targeted as phishers identify new windows of opportunity

CyberSecurity Insiders

APRIL 16, 2021

The emails pose as company updates and are often socially engineered to look like they have been personally tailored to the recipient. The kind that could throw off even your most security-aware employees. Carefully crafted emails like these containing a malicious link can fool even the most security-aware of employees.

Phishing

Phishing Security Awareness Social Engineering Scams

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The epidemic went truly mainstream with the release of CryptoLocker back in 2013, and it has since transformed into a major dark web economy spawning the likes of Sodinokibi, Ryuk, and Maze lineages that are targeting the enterprise on a huge scale in 2020. In early 2020, several cybercriminals groups followed suit.

Ransomware

Ransomware Hacking Encryption Penetration Testing

Phishing Benchmark Report Delivers Data, Tools to Mitigate End-User Risk

SecureWorld News

FEBRUARY 25, 2022

This year's report highlights: Trends and issues that influenced the security landscape in 2021. Volumes and impacts organizations dealt with related to socially engineered attacks in 2021. End-user awareness gaps and cybersecurity behaviors that could be introducing preventable risk within your organization.

Phishing

Phishing Risk Security Awareness Social Engineering

Phishing Awareness Training: Best Providers 2020

Spinone

SEPTEMBER 8, 2020

Perhaps, KnowBe4’s best-known course is Kevin Mitnick’s security awareness training , which helps your colleagues to learn about spam, phishing, ransomware, and ways to protect your data against these threats. Increasing awareness around phishing helps to reduce the probability of becoming a victim of a phishing attack.

Phishing

Phishing InfoSec Social Engineering Backups

AI-Fueled Deep Fakes Signal New Era of Cybercrime

Security Boulevard

AUGUST 23, 2021

Events like the 2020 U.S. Information manipulation has been around since Chinese general Sun Tzu wrote “The Art of War” in 550 BC. The Russians routinely use disinformation tactics to destabilize democracies.

Cybercrime

Cybercrime Government Social Engineering Engineering

The Power of Depth of Defense for Cybersecurity

SecureWorld News

JULY 13, 2023

User Awareness Training: Educating employees about cybersecurity best practices and raising awareness about common threats like phishing emails and social engineering attacks can significantly reduce the risk of successful breaches.

Cybersecurity

Cybersecurity Data breaches Social Engineering Encryption

Tracking ShinyHunters’ Actions Can Help Thwart Attacks

Security Boulevard

AUGUST 26, 2021

As the COVID-19 pandemic swept the world in 2020 and upended the way businesses operated, another threat was also emerging: The ShinyHunters group has been both bothersome and threatening to security teams as the cybercriminal group tries to amass legitimate credentials, primarily for organizations’ cloud services.

Social Engineering

Social Engineering Engineering Security Awareness Ransomware

Hybrid phishing and vishing attacks hunt for credit card info

SC Magazine

JUNE 24, 2021

A new blog post report has shone a light on the malicious practice known as voice phishing or vishing – a social engineering tactic that some cyber experts say has only grown in prominence since COVID-19 forced employees to work from home. (Ser Amantio di Nicolao, CC BY-SA 3.0 , via Wikimedia Commons).

Phishing

Phishing Social Engineering Scams Engineering

Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’

SC Magazine

JANUARY 26, 2021

In a blog post on Monday, researchers from Trend Micro reported that they uncovered 70 email addresses that have been targeted with the so-called “Office 365 V4 phishing kit” since May 2020, 40 of which belong to “CEOs, directors, owners and founders, among other enterprise employee[s].”.

Phishing

Phishing Passwords Security Awareness Social Engineering

Hacker Personas Explained: Know Your Enemy and Protect Your Business

Webroot

FEBRUARY 11, 2021

As we mentioned in a previous blog , hackers come in many forms, but their methods can generally be classified into three distinct types of cybercriminals: The Impersonator – Hackers that pretend to be others, often using social engineering and human psychology to trick users. Let’s look at a few primary examples.

Scams

Scams Phishing Firewall Social Engineering

Understand Your Staff: How Insiders Shape Defenses

Security Boulevard

FEBRUARY 26, 2021

Enterprises and their staff dealt with a lot of change in 2020. This vastly increased mobility, cloud computing and social networking usage; in some cases, this transition occurred before companies and staff were fully prepared. The pandemic and resulting lockdowns forced organizations to allow staff to work from home.

Mobile

Mobile Social Engineering CISO Engineering

Phishing Awareness: Tools to Keep Your Users Safe

SecureWorld News

JANUARY 28, 2022

Phishing attacks have steadily been on the rise, and according to Proofpoint's 2021 State of the Phish Report , over half of all participants reported receiving a successful phishing attack in 2020. Use the Proofpoint Phishing Awareness Kit to raise phishing awareness and educate your users.

Phishing

Phishing Education Social Engineering Security Awareness

Fact or Fiction? The Truth About Cybersecurity for Small and Mid-Sized Businesses

Security Boulevard

JUNE 1, 2022

In fact, nearly one-third (28%) of data breaches in 2020 involved small businesses, according to the Verizon 2020 Data Breach Investigations Report (DBIR) – 70% of which were perpetrated by external actors. FACT: Phishing and social engineering are the number one attack vector for SMBs. Don’t believe everything you hear.

Cybersecurity

Cybersecurity Small Business Firewall Data breaches

Threat Report Portugal: Q4 2021

Security Affairs

FEBRUARY 20, 2022

This report provides intelligence and indicators of compromise (IOCs) that organizations can use to fight current attacks, anticipate emerging threats, and manage security awareness in a better way. In addition, the report highlights the threats, trends, and key takeaways of threats observed and reported into 0xSI_f33d. in Q3 2021.

Threat Reports

Threat Reports Phishing Malware Banking

Stop deepfakes with employee awareness training and better personal data management

SC Magazine

JULY 9, 2021

According to Sensity , the number of deepfake videos online has nearly doubled every six months since 2018, and more than 85,000 deepfake videos have been detected as of December 2020. Considering that there’s been a significant rise in global searches for “deepfake” since the beginning of 2021, this number has likely grown even higher now.

Social Engineering

Social Engineering Scams Technology Phishing

10 Top Ways: Building an Effective Cybersecurity Awareness Campaign

SecureWorld News

OCTOBER 27, 2021

If these things are true, how do we share information with others in a way that is proven to work and create a culture of security? Security awareness and how you talk about cybersecurity. I can go into my [saved] folders, and find our folder on social engineering. billion of losses were reported.". Ransomware.

Cybersecurity

Cybersecurity Cybercrime Security Awareness Education

Burnout in the Cybersecurity Community

Security Through Education

DECEMBER 8, 2021

According to the Chartered Institute of Information Security (CIIS) 2020/21 State of the Profession report, job stress keeps 51% of cybersecurity professionals up at night. Of the hundreds of security professionals surveyed, the majority mentioned that stress and burnout have become a major issue during the COVID-19 pandemic.

Cybersecurity

Cybersecurity Social Engineering Data breaches Cybercrime

Security Roundup August 2023

BH Consulting

AUGUST 16, 2023

This could include malware that antivirus and security solutions can’t detect; a secure internet connection to prevent tracing; initial access to victim companies’ networks or mailboxes (which is also key to many ransomware infections); effective social engineering content; fraudulent content hosting, and more.

Social Engineering

Social Engineering Cybercrime Data privacy Engineering

Colorado’s new law ups need for privacy awareness training

SC Magazine

JULY 12, 2021

We often hear about security awareness training’s role in maintaining proper cyber hygiene, but what about privacy awareness programs? In some cases, privacy training can be packaged alongside security awareness training, as they often do go hand in hand.

Education

Education Security Awareness Data privacy Social Engineering

CISA updates ransomware guidance

Malwarebytes

MAY 23, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its #StopRansomware guide to account for the fact that ransomware actors have accelerated their tactics and techniques since the original guide was released in September of 2020. Drive-by-downloads. Malvertising.

Ransomware

Ransomware Backups Social Engineering Accountability

Scammers impersonate execs to target big payout of investor dollars

SC Magazine

MARCH 4, 2021

Researchers have spotted a new business email compromise (BEC) trend that, if perfected, could represent a significant social engineering threat to the financial investment and private equity community. The report partially attributes this sudden spike to the newly identified scheme.

Scams

Scams Security Awareness Social Engineering Banking

Machine Identities, Human Identities, and the Risks They Pose

Security Boulevard

MAY 10, 2022

Broaden the view out to 2015-2020, and that figure rises to 700%. They can do that by leveraging security awareness training to augment their familiarity with phishing attacks and other social engineering techniques. Hence why machine identity attacks are so prevalent.

Risk

Risk Phishing Digital transformation Security Awareness

North Korea Cyber Threat Group ‘Lazarus’ Targets M1 Mac with Signed Executables

Security Boulevard

AUGUST 23, 2022

To get to their targets, the attackers used social engineering via LinkedIn “hiding behind the ruse of attractive, but bogus, job offers,” ESET said, adding that it was likely part of the Lazarus campaign for Mac and is similar to research done by ESET in May. As a result, Macs with macOS Catalina v10.15 Long History.

Cyber threats

Cyber threats Social Engineering Malware Banking

7 Insights About Managing Cyber Risk You Can’t Afford To Miss

Jane Frankland

AUGUST 18, 2020

That could be through common hacking techniques like phishing, bait and switch, cookie theft, deep fake , password cracking , social engineering , and so on. Finally, in the spirit of full disclosure, please be aware that I’ve received compensation for promoting this #ad for Nowcomm.

Cyber Risk

Cyber Risk Risk Cybersecurity Technology

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

2 – It demonstrates the importance of security awareness training for your employees! 2020 – Sina Weibo – 538 million users’ information is stolen from Sina Weibo, the Chinese equivalent of Twitter, and circulated on the dark web. I love it for a few reasons. #1 It is thought to be the first computer virus. .

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

Reducing Human Error Security Threats with a Remote Workforce

Security Boulevard

MARCH 24, 2021

In the shift to remote work, these risks can be even more damaging, as they have the potential to take down entire networks, increase downtime, and result in massive security costs. With an estimated 900% increase in ransomware attacks during the first half of 2020 alone, hackers are stepping up their game to infiltrate vulnerable systems.

Education

Education Risk VPN Social Engineering

Mapping CVEs and ATT&CK Framework TTPs: An Empirical Approach

NopSec

OCTOBER 11, 2022

The US Department of Homeland Security initially released it in 2007 to improve software assurance through security awareness at the development stage. Source: fnCyber, “CAPEC – Common Attack Patterns Enumeration and Classification” For example, let us look at CVE-2020-16875 found in 2020.

Software

Software IoT Cyber Attacks Social Engineering

Twitter's Cyber Attack and Takeover: It Was Spear Phishing

SecureWorld News

JULY 31, 2020

Since the attack occurred in early July, speculation about how hackers compromised Twitter's security have run rampant, especially on.Twitter. Even the title of SecureWorld's first story about the incident had questions: "Famous Twitter Accounts Hacked: Insider Threat or Social Engineering Attack?". How was Twitter hacked?

Phishing

Phishing Cyber Attacks Social Engineering Accountability

Doxing in the corporate sector

SecureList

MARCH 29, 2021

This was exactly the technique used for the Twitter hack in the summer of 2020. — Twitter Support (@TwitterSupport) July 31, 2020. Help your employees become more knowledgeable and aware of cybersecurity issues. To do so, you could use an online training platform such as Kaspersky Automated Security Awareness Platform.

Identity Theft

Identity Theft Phishing Accountability Banking

Prevention is Better Than Cure: The Ransomware Evolution

Security Boulevard

SEPTEMBER 13, 2021

Particularly during the peak of COVID-19, research by IBM found that ransomware incidents ‘exploded’ in June 2020, which saw twice as many ransomware attacks as the month prior, taking advantage of remote workers being away from the help of IT teams.

Ransomware

Ransomware Education Security Awareness Phishing

Five takeaways from the FBI 2020 Internet Crime Report

SC Magazine

MAY 5, 2021

Today’s columnist, Brian Johnson of Armorblox, offers five takeaways from the FBI’s 2020 Internet Crime Report. The FBI Internet Crime Complaint Center (IC3) in March released its 2020 Internet Crime Report with updated statistics on Business Email Compromise (BEC), Email Account Compromise (EAC), and COVID-19 scams. Credit: FBI.

Internet

Internet Internet Scams Cybercrime

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

The Last Watchdog

FEBRUARY 28, 2021

Cybercriminals often leverage social engineering tactics like phishing and spear-phishing to propagate sophisticated malware. This is one of the most widespread cyber threats, making up at least 27% of all malware incidents as per Verizon’s annual DBIR report (2020). Ransomware. The data is neither stolen nor manipulated.

Cyber threats

Cyber threats Computers and Electronics Adware Spyware

The Most Common Types of Malware in 2021

CyberSecurity Insiders

JANUARY 31, 2021

Cybercriminals often leverage social engineering tactics like phishing and spear-phishing to propagate sophisticated malware. Ransomware is one of the most widespread cyber threats, making up at least 27% of all malware incidents as per Verizon’s annual DBIR report (2020). Ransomware.

Malware

Malware Computers and Electronics Adware Spyware

3 Predictions on the 2023 Fraud Landscape

CyberSecurity Insiders

DECEMBER 12, 2022

In 2023, businesses and consumers alike should expect to see an increase in social engineering attacks where bad actors manipulate victims into sharing sensitive information such as login credentials or payment details. Financial organizations will see a rise in BIN attacks. million in losses, later recouped.

Scams

Scams Social Engineering Education Security Awareness

The Human Factor in Cybersecurity Breaches

CyberSecurity Insiders

JUNE 25, 2022

We repeatedly say that companies need to invest significantly in advanced protection tools and security awareness, including a Zero Trust approach. In March 2020, nation-state hackers believed to be from Russia compromised a DLL file linked to a software update for the Orion platform by SolarWinds. Social engineering.

Cybersecurity

Cybersecurity Social Engineering Phishing Engineering

Security Roundup November 2022

BH Consulting

NOVEMBER 9, 2022

In all, the agency grouped the main risks into eight categories: ransomware, malware, social engineering, threats against data, threats against availability, disinformation/misinformation, and supply chain targeting. The latter category made up 17 per cent of all reported intrusions in 2021, up from just 1 per cent in 2020.

Social Engineering

Social Engineering Ransomware Password Management Engineering

Managed Detection and Response in Q4 2020

How to Build Successful Security Awareness Training Programs in 2021 and Beyond

Webinars

Trending Sources

Hopeful employees targeted as phishers identify new windows of opportunity

Webinars

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

Phishing Benchmark Report Delivers Data, Tools to Mitigate End-User Risk

Phishing Awareness Training: Best Providers 2020

AI-Fueled Deep Fakes Signal New Era of Cybercrime

The Power of Depth of Defense for Cybersecurity

Tracking ShinyHunters’ Actions Can Help Thwart Attacks

Hybrid phishing and vishing attacks hunt for credit card info

Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’

Hacker Personas Explained: Know Your Enemy and Protect Your Business

Understand Your Staff: How Insiders Shape Defenses

Phishing Awareness: Tools to Keep Your Users Safe

Fact or Fiction? The Truth About Cybersecurity for Small and Mid-Sized Businesses

Threat Report Portugal: Q4 2021

Stop deepfakes with employee awareness training and better personal data management

10 Top Ways: Building an Effective Cybersecurity Awareness Campaign

Burnout in the Cybersecurity Community

Security Roundup August 2023

Colorado’s new law ups need for privacy awareness training

CISA updates ransomware guidance

Scammers impersonate execs to target big payout of investor dollars

Machine Identities, Human Identities, and the Risks They Pose

North Korea Cyber Threat Group ‘Lazarus’ Targets M1 Mac with Signed Executables

7 Insights About Managing Cyber Risk You Can’t Afford To Miss

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Reducing Human Error Security Threats with a Remote Workforce

Mapping CVEs and ATT&CK Framework TTPs: An Empirical Approach

Twitter's Cyber Attack and Takeover: It Was Spear Phishing

Doxing in the corporate sector

Prevention is Better Than Cure: The Ransomware Evolution

Five takeaways from the FBI 2020 Internet Crime Report

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

The Most Common Types of Malware in 2021

3 Predictions on the 2023 Fraud Landscape

The Human Factor in Cybersecurity Breaches

Top 10 Stories from SecureWorld in 2021

Security Roundup November 2022

Stay Connected