Digital Shadows

FEBRUARY 24, 2025

Editors note: This report was authored by Kimberley Bromley, Hayden Evans, and Joseph Keyes. Today, were proud to present the ReliaQuest Annual Cyber-Threat Report: 2025. Now in its third year, this report offers a close look at the top cyber threats our customers faced throughout 2024.

Threat Reports 59

Threat Reports Cyber threats Phishing Social Engineering 59

Thales Cloud Protection & Licensing

NOVEMBER 26, 2024

Phishing and Fraud Bad actors can defraud customers out of their money, financial details, and other sensitive data by using deception and social engineering. By using AI to compose phishing messages, bad actors can avoid many of the telltale signs that indicate a scam, such as spelling and grammar errors and awkward phrasing.

Retail 71

Retail Cyber Risk Risk DDOS 71

Webroot

NOVEMBER 23, 2021

According to our 2021 Webroot BrightCloud Threat Report , on average, 18.8% Antivirus software offers threat protection by securing all of your music files, photo galleries and important documents from being destroyed by malicious programs. Our real-time anti-phishing also blocks bad sites. Do I really need antivirus?

Antivirus 134

Antivirus Identity Theft Adware Internet 134

SecureList

FEBRUARY 23, 2022

This report aims to offer thorough insights into the financial cyberthreat landscape in 2021. The research in this report is a continuation of our previous annual financial threat reports ( 2018 , 2019 and 2020 ), providing an overview of the latest trends and key events across the threat landscape. Key findings.

Banking 140

Banking Phishing Cryptocurrency Malware 140

Thales Cloud Protection & Licensing

OCTOBER 16, 2024

A host of threats continue to put enterprise data at risk. In fact, according to the 2024 Thales Data Threat Report , more than 80% of organizations reported at least one breach in the last year, while ransomware attacks grew more frequent, with 28% of organizations reported experiencing an attack in 2024, compared to 22% in 2023.

DDOS 62

DDOS Encryption Data breaches Identity Theft 62

Security Affairs

JANUARY 18, 2020

29% of breaches involved use of stolen credentials , 32% of them were the result of phishing attacks. According to the Symantec 2019 Internet Security Threat Report , The number of attack groups using destructive malware increased by +25, the number of ransomware attack increased for 12%, very concerning it +33% increase in mobile malware.

Cybercrime 143

Cybercrime Small Business Data breaches Mobile 143

Cisco Security

MARCH 11, 2021

The fact is that different threat types require varying amounts of internet connectivity in order to carry out their malicious activities. Then we’ll drill further into the data, looking at trends for particular threats that are known to work together. So, while one threat corrals more endpoints, the other is much busier.

DNS 144

DNS Phishing Ransomware Internet 144

Webroot

JANUARY 7, 2022

In 2021, we witnessed so many competing shifts, many of which we detailed early on in our 2021 BrightCloud® Threat Report. In particular, we witnessed an increase in distributed denial of service (DDoS) attacks and a surge in the usage of the internet of things (IoT).

Cybercrime 116

Cybercrime Ransomware Phishing Cryptocurrency 116

SecureList

MARCH 29, 2023

However, traditional financial threats – such as banking malware and financial phishing, continue to take up a significant share of such financially-motivated cyberattacks. We previously reported on the Lazarus group, which developed VHD ransomware for the purpose of monetary gain. of all phishing attacks in 2022.

Banking 112

Banking Phishing Cryptocurrency Mobile 112

CyberSecurity Insiders

NOVEMBER 29, 2022

According to the SonicWall Cyber Threat Report, the global volume of ransomware is increasing by 98%. From internet providers to manufacturers, this continues to be an issue. Meanwhile, bad actors are finding ways to exploit devices connected to the internet at a record pace. Phishing Targeted Attacks.

Phishing 134

Phishing Mobile Ransomware Technology 134

Security Affairs

AUGUST 16, 2020

gun exchange site on hacking forum Threat Report Portugal: Q2 2020 Emotet malware employed in fresh COVID19-themed spam campaign PoC exploit code for two Apache Struts 2 flaws available online XCSSET Mac spyware spreads via Xcode Projects. Every week the best security articles from Security Affairs free for you in your email box.

Hacking 85

Hacking Spyware Advertising Passwords 85

Thales Cloud Protection & Licensing

MAY 23, 2022

The threat landscape. According to Interpol's Internet Organised Crime Threat Assessment report , critical infrastructure is highly targeted by ransomware gangs that are after what is called the Big Game Hunting. Transportation sector. Access management is an essential mitigation strategy.

Healthcare 126

Healthcare Ransomware Authentication Threat Reports 126

Thales Cloud Protection & Licensing

NOVEMBER 6, 2019

Avast explains that one of the biggest IoT security threats is the use of vulnerable devices to access organizations’ network and thus may gain access to sensitive information. Vulnerable devices could be used to spread malware within the enterprise, used for corporate espionage, surveillance of personnel, or plan whaling phishing campaigns.

IoT 122

IoT Risk Energy and Utilities Healthcare 122

Hot for Security

APRIL 5, 2021

In fact, most threats analyzed by Bitdefender in 2020 were more prevalent in H1 than in H2. Internet-connected smart devices, like surveillance cams, smart light bulbs, smart locks and doorbells and baby monitors, are notoriously fraught with vulnerabilities, posing grave security risks.

Cybercrime 116

Cybercrime Ransomware Cyber threats Malware 116

Duo's Security Blog

JUNE 14, 2021

Prisma Clouds’ 2021 Cloud Threat Report and Verizon’s 2021 DBIR Report show how companies have needed to adapt and expand cloud workloads and how this has affected their cybersecurity. Phishing, ransomware, credential theft and web app attacks increased, catching organizations in their vulnerable states.

Passwords 98

Passwords Authentication Phishing Threat Reports 98

Security Boulevard

SEPTEMBER 30, 2024

And considering how connected we all are to our devices, networks, and the internet at large, this can be a lot of us. With the average person having to keep track of roughly 100 distinct credentials, it’s no wonder that nearly one-third of the internet uses a password manager to wrangle (and “remember”) them all.

Cybersecurity 75

Cybersecurity Passwords Password Management Phishing 75

Security Boulevard

MARCH 3, 2025

This section will not contain every vulnerability/CVE or malware campaign reported, but will focus on those with the largest potential impact on a wide range of end users. Anyone with this default password could access these "locked" apartment complexes. The manufacturer (Hirsch) does not plan a security fix.

Surveillance 52

Surveillance Data breaches Firmware Encryption 52

Cisco Security

MARCH 11, 2021

The fact is that different threat types require varying amounts of internet connectivity in order to carry out their malicious activities. Then we’ll drill further into the data, looking at trends for particular threats that are known to work together. So, while one threat corrals more endpoints, the other is much busier.

DNS 93

DNS Phishing Ransomware Internet 93

Thales Cloud Protection & Licensing

OCTOBER 17, 2023

To this end, and in honour of Cyber Security Awareness Month, we decided to look at some of the most commonly asked cyber security questions on the internet and break down the answers as simply as possible. They are also phishing-resistant alternative to passwords. Data Sovereignty What is data sovereignty?

Security Awareness 129

Security Awareness Passwords Authentication Encryption 129

eSecurity Planet

MAY 2, 2024

Fortunately, vendor surveys identify five key cybersecurity threats to watch for in 2024: compromised credentials, attacks on infrastructure, organized and advanced adversaries, ransomware, and uncontrolled devices. Read on for more details on these threats or jump down to see the linked vendor reports.

Cybersecurity 121

Cybersecurity DDOS Penetration Testing Passwords 121

SecureList

SEPTEMBER 6, 2022

Additionally, we looked at the phishing activity around gaming, specifically that related to cybersports tournaments, bookmakers, gaming marketplaces, and gaming platforms, and found numerous examples of scams that target gamers and esports fans. Beware of phishing campaigns and unfamiliar gamers. Do not open files from strangers.

Mobile 134

Mobile Passwords Software Accountability 134

Digital Shadows

APRIL 8, 2025

Figure 1: Top MITRE ATT&CK initial access techniques in true-positive incidents (% of total) during reporting period During the reporting period, initial access attempts targeting external remote services like VPNs 1 , RDP, and virtual desktop infrastructure (VDI) surged by 21.3% Initial Access via VPN Brute-Forcing Up 21.3%

Cyber Attacks 52

Cyber Attacks Phishing Ransomware Accountability 52

Thales Cloud Protection & Licensing

SEPTEMBER 30, 2024

And considering how connected we all are to our devices, networks, and the internet at large, this can be a lot of us. With the average person having to keep track of roughly 100 distinct credentials, it’s no wonder that nearly one-third of the internet uses a password manager to wrangle (and “remember”) them all.

Cybersecurity 62

Cybersecurity Passwords Password Management Phishing 62

Thales Cloud Protection & Licensing

OCTOBER 19, 2022

Long gone is the time when manufacturing systems and operations were siloed from the Internet and, therefore, were not a cybersecurity target. Almost 3 out of 4 participants observed an upward trend in ransomware attacks, while half mentioned an increase in malware, Denial of Service, and phishing/whaling. Survey’s key findings.

Manufacturing 71

Manufacturing Cyber threats Encryption IoT 71

Thales Cloud Protection & Licensing

JULY 21, 2022

With that in mind, Thales has launched the 2022 Thales Data Threat Report Critical Infrastructure Edition, which includes responses from 300 security leaders and practitioners within critical infrastructure organizations. Download the full Thales 2022 Data Threat Report for the Critical Infrastructure for more information.

Cyber threats 71

Cyber threats Energy and Utilities Ransomware IoT 71

Webroot

MARCH 31, 2021

According to the World Backup Day site, “This independent initiative to raise awareness about backups and data preservation started out — like most good things on the internet – on reddit by a couple of concerned users.” Sources: 1 SonicWall Capture Labs 2 VMware/Carbon Black Global Threat Report June 2020 3 Webroot RTAP.

Backups 83

Backups Data preservation Ransomware Encryption 83

Security Boulevard

OCTOBER 16, 2024

A host of threats continue to put enterprise data at risk. In fact, according to the 2024 Thales Data Threat Report , more than 80% of organizations reported at least one breach in the last year, while ransomware attacks grew more frequent, with 28% of organizations reported experiencing an attack in 2024, compared to 22% in 2023.

DDOS 69

DDOS Encryption Data breaches Identity Theft 69

Security Boulevard

AUGUST 6, 2024

Dynamic DNS services are widely used for legitimate purposes, including remote access to home networks, managing internet-connected devices, and enabling consistent access to websites or services hosted on networks with dynamic IP addresses. Want more threat intel on a weekly basis?

DNS 69

DNS Malware Social Engineering Engineering 69

BH Consulting

SEPTEMBER 14, 2023

Its 2023 phishing threats report combines findings from email security data with a survey of security decision makers. MORE Meet Window Snyder, whose pioneering work helped make the internet safer. The World Economic Forum has a useful blog with tips on safeguarding against BEC scams.

Scams 59

Scams Passwords Social Engineering Cybersecurity 59

eSecurity Planet

JANUARY 9, 2023

Along with traditional IT assets, find and assess your internet-connected attack surface for comprehensive, all-around protection. With over 450 pre-configured templates, speedily understand where you have threats. Key Differentiators. Dynamically compiled plugins improve scan efficiency and performance.

Risk 104

Risk Penetration Testing Small Business Software 104

Thales Cloud Protection & Licensing

JUNE 6, 2018

The Threat Level Is Rising. According to the 2018 Thales Data Threat Report : … Rates of successful breaches have reached an all-time high for both mid-sized and enterprise class organizations, with more than two-thirds (67%) of global organizations and nearly three fourths (71%) in the U.S. This hacking ring stole $3.4

Risk 48

Risk Digital transformation IoT Identity Theft 48

Security Boulevard

DECEMBER 6, 2024

Disconnect unneeded internet-facing infrastructure and monitor the infrastructure that does need to be exposed to the internet. However, The Wall Street Journal identified it as Salt Typhoon when, citing anonymous sources, it reported in September that the group had breached several U.S. telecoms, including Verizon and AT&T.

Cybersecurity 64

Cybersecurity VPN Ransomware Software 64

Security Boulevard

AUGUST 12, 2024

Compression: They can compress outbound data to reduce the amount of bandwidth used, which can be particularly beneficial for users with slow internet connections. Reverse Proxies in Malicious Activities While reverse proxies serve many legitimate purposes, they can also be exploited by threat actors to conceal malicious activities.

DNS 64

DNS Malware Accountability Network Security 64

SecureWorld News

DECEMBER 27, 2024

It will likely become necessary for defenders to deploy their own agentic AI bots, culminating in constant AI vs. AI warfare across the internet. Expect to see AI-enabled phishing campaigns, deepfake scams, and automated attacks grow in complexity. What the Practitioners Predict Jake Bernstein, Esq.,

Cybersecurity 121

Cybersecurity Education Risk CISO 121

Thales Cloud Protection & Licensing

OCTOBER 9, 2023

Protect your organisation from phishing with MFA and Passkeys madhav Tue, 10/10/2023 - 04:51 We all make misteaks. Yet, around the world, phishing attacks designed to create this scenario are launched every minute, of every hour, of every day. However, some mistakes are bigger than others. Well, that’s much a much bigger problem.

Phishing 71

Phishing Passwords Authentication Mobile 71

Security Boulevard

MARCH 31, 2021

Computer Weekly said it had learnt that FatFace paid a £1.5m ($2 million US dollar) ransom to the Conti Ransomware gang , disclosing the gang gained access to FatFace network and their IT systems via a phishing email on 10th January 2021. conduct employee phishing tests. conduct employee phishing tests.

Energy and Utilities 122

Energy and Utilities Ransomware Hacking Banking 122

Thales Cloud Protection & Licensing

OCTOBER 23, 2023

The 2023 Thales Data Threat Report Critical Infrastructure Edition , which includes responses from 365 security leaders and practitioners within critical infrastructure organizations, serves as a fine reminder of the requirement to embed security into the culture of every organization and individual.

Energy and Utilities 77

Energy and Utilities Cybersecurity Ransomware Technology 77