SecureList

FEBRUARY 20, 2025

Security incident statistics for 2024 In 2024, the MDR infrastructure received and processed on average 15,000 telemetry events per host every day, generating security alerts as a result. User Execution and Phishing remain top threats. This report answers key questions, including: Who are the potential attackers? in IT, 18.3%

Social Engineering 100

Social Engineering Phishing Government Threat Detection 100

Digital Shadows

JANUARY 22, 2025

In this blog, well preview the reports highlights and give insights into social engineering campaigns leveraging impersonating domains and our predictions for the threats shaping 2025. Use early detection tools like honeypots or CanaryTokens to counter attackers using tools like Nmap and Angry IP Scanner.

Insurance 65

Insurance Phishing Social Engineering Engineering 65

Tech Republic Security

FEBRUARY 26, 2024

Identity-based and social engineering attacks still take center stage, according to the CrowdStrike 2024 Global Threat Report.

Threat Reports 200

Threat Reports Social Engineering Engineering Phishing 200

SecureList

NOVEMBER 28, 2024

This is our latest roundup, covering activity we observed during Q3 2024. Based on limited telemetry, we believe with medium to low confidence that some of the initial infections were spear-phishing emails. After that, we did not observe any new activity related to this actor until mid-July 2024.

Malware 117

Malware Government Software Spyware 117

Thales Cloud Protection & Licensing

MAY 7, 2025

Phishing-Resistant MFA: Why FIDO is Essential madhav Thu, 05/08/2025 - 04:47 Phishing attacks are one of the most pervasive and insidious threats, with businesses facing increasingly sophisticated and convincing attacks that exploit human error.

Phishing 71

Phishing Authentication Passwords Social Engineering 71

SecureList

NOVEMBER 29, 2024

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations.

Energy and Utilities 105

Energy and Utilities Ransomware Malware Government 105

Troy Hunt

FEBRUARY 23, 2024

I've been getting a lot of those "your parcel couldn't be delivered" phishing attacks lately and if you're a human with a phone, you probably have been too. And so, when I received the following SMS earlier this week I was expecting a parcel and I was expecting phishing attacks: So. Parcel or phish?

Phishing 363

Phishing Scams Banking Social Engineering 363

Digital Shadows

OCTOBER 25, 2024

In October 2024, ReliaQuest responded to an alert for Impacket activity. During the investigation, we discovered a wider trend: a campaign of escalated social engineering tactics originally associated with the ransomware group “Black Basta.” What Happened? com qr-s2[.]com com qr-s3[.]com com qr-s4[.]com

Social Engineering 128

Social Engineering Engineering Phishing Accountability 128

eSecurity Planet

MARCH 14, 2025

A recent phishing campaign has raised alarms among cybersecurity professionals after it impersonated Booking.com to deliver a suite of credential-stealing malware. First detected in December 2024 and persisting into early 2025, the threat targets hospitality organizations across North America, Oceania, Asia, and Europe.

Phishing 65

Phishing Malware Social Engineering Authentication 65

The Last Watchdog

DECEMBER 12, 2023

What should I be most concerned about – and focus on – in 2024? In 2024, we will see more targeted, sophisticated business email compromise (BEC) attacks, including VIP impersonation, vendor email compromise (VEC), and autonomous agents used for malicious purposes. Phishing attacks driven by ChatGPT will be harder than ever to detect.

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Software 258

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications.

Scams 123

Scams Malware Phishing Social Engineering 123

Duo's Security Blog

MAY 28, 2025

Sixty percent of all Cisco Talos IR cases in 2024 saw identity as a key component of reported attacks. The Duo difference: End-to-end phishing resistance For too long, defenders have focused solely on login protection with multi-factor authentication (MFA). Our robust user directory and identity routing engine make this possible.

Social Engineering 124

Social Engineering Engineering Phishing Marketing 124

Responsible Cyber

NOVEMBER 23, 2024

Overview of Vendor Breaches in 2024 In 2024, the cybersecurity landscape has faced an alarming rise in vendor-related breaches, underscoring the vulnerabilities associated with third-party service providers. A common characteristic among the vendor breaches reported in 2024 is the exploitation of weak security protocols.

Risk 81

Risk Healthcare Education Cybersecurity 81

eSecurity Planet

MARCH 3, 2025

The report details how threat actors harness automation, artificial intelligence, and advanced social engineering to scale their operations. Their methods include using generative AI to create convincing phishing emails , fraudulent websites, and fictitious profiles designed to deceive and infiltrate organizational defenses.

Threat Reports 111

Threat Reports Cybercrime Artificial Intelligence Social Engineering 111

BH Consulting

OCTOBER 24, 2024

The malevolent seven: ENISA report identifies prime cybersecurity threats Ransomware; malware; social engineering; threats against data; threats against availability (denial of service); information manipulation and interference; and supply chain attacks. MORE Cofense looks at a recent phishing campaign that used HR-related themes.

Social Engineering 69

Social Engineering Passwords Cybersecurity Ransomware 69

Security Affairs

DECEMBER 10, 2024

This social engineering scheme has been amplified by targeted phishing, smishing, and vishing activities, with a noticeable increase around the winter holidays. Notably, some of them were registered between September and November 2024. billion (equal to USD 326 million) between 2021 and 2023.

Social Engineering 109

Social Engineering Phishing Banking DNS 109

Security Affairs

NOVEMBER 15, 2024

Threat actors relies on social engineering tactics like ClickFix and FakeCaptcha to trick users into executing malicious scripts via PowerShell or Run prompts. Gen Digital observed phishing campaigns distributing the Glove Stealer. The campaign observed by researchers used a phishing message with an HTML file attachment.

Encryption 114

Encryption Password Management Cryptocurrency Social Engineering 114

SecureWorld News

MAY 9, 2025

The development marks a significant escalation in COLDRIVER's cyber espionage activities, which have traditionally focused on credential phishing. The method, known as "ClickFix," leverages social engineering to bypass traditional email-based defenses. Cedric Leighton , CNN Military Analyst; U.S.

Malware 86

Malware Social Engineering Engineering Government 86

Security Affairs

NOVEMBER 21, 2024

Scattered Spider members are part of a broader cybercriminal community called “The Com,” where hackers brag about high-profile cyber thefts, typically initiated through social engineering tactics like phone, email, or SMS scams to gain access to corporate networks. In January 2024, U.S.

Cybercrime 108

Cybercrime Identity Theft Cryptocurrency Phishing 108

The Last Watchdog

DECEMBER 18, 2024

To wrap up our 2024 year-end roundtable, we turn our attention to new technologies and trends that are emerging to help bridge the gaps. Organizations face rising risks of AI-driven social engineering and personal device breaches. AI-powered cryptocurrency attacks will automate phishing and exploit vulnerabilities.

Risk 173

Risk Threat Detection Technology Phishing 173

SecureList

JUNE 10, 2024

Introduction Two-factor authentication (2FA) is a security feature we have come to expect as standard by 2024. An OTP bot is a piece of software programmed to intercept OTPs with the help of social engineering. Yet, social engineering can be used to talk the victim into giving away a code provided by any type of organization.

Phishing 144

Phishing Banking Social Engineering Accountability 144

Krebs on Security

JANUARY 30, 2024

9, 2024, U.S. 2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page.

Social Engineering 358

Social Engineering Mobile Passwords Cybercrime 358

Krebs on Security

APRIL 9, 2024

Most of the flaws that Microsoft deems “more likely to be exploited” this month are marked as “important,” which usually involve bugs that require a bit more user interaction (social engineering) but which nevertheless can result in system security bypass, compromise, and the theft of critical assets.

DNS 315

DNS Social Engineering Malware Media 315

Tech Republic Security

JUNE 4, 2024

Organisations providing services related to the Paris Olympics 2024 have an increased risk of cyber attack, a new study has found.

Cyber Attacks 201

Cyber Attacks Risk Social Engineering Engineering 201

Krebs on Security

JUNE 15, 2024

In January 2024, U.S. 0KTAPUS In August 2022, KrebsOnSecurity wrote about peering inside the data harvested in a months-long cybercrime campaign by Scattered Spider involving countless SMS-based phishing attacks against employees at major corporations. A Scattered Spider phishing lure sent to Twilio employees.

Hacking 343

Hacking Cybercrime Phishing Passwords 343

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Phishing Attacks: Phishing is the top cyber attack, causing 90% of data breaches. RaaS usage is expected to increase by 25% in 2024. Shockingly, 96% of these attacks come through email.

Social Engineering 140

Social Engineering Cyber Attacks Cyber Insurance IoT 140

Tech Republic Security

NOVEMBER 9, 2023

A November report from Google Cloud details possible nation-state malware tactics in 2024 and new angles of cyberattacks.

Cybersecurity 214

Cybersecurity Malware Big data Social Engineering 214

Webroot

MARCH 3, 2025

The growing risks to your data During the third quarter of 2024, data breaches exposed more than 422 million records worldwide. Millions of customers were put at risk when their social security numbers, phone numbers, and other sensitive personal information were leaked.

Consumer Protection 99

Consumer Protection Identity Theft Scams Social Engineering 99

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. This increase is likely driven by high employee turnover and easy access to phishing kits. Our latest investigation revealed the same trend.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59

Malwarebytes

MAY 8, 2025

We discovered a new phishing kit targeting payroll and payment platforms that aims to not only steal victims’ credentials but also to commit wire fraud. Clicking on the ad sent employees and employers to a phishing website impersonating Deel. Phishing portal and 2FA The first phishing domain we saw was login-deel[.]app

Phishing 97

Phishing Authentication Engineering Social Engineering 97

Digital Shadows

JANUARY 14, 2025

Key Findings The last quarter of 2024 proved to be a pivotal period for ransomware activity, marked by emerging threats and unexpected shifts among established groups. In our Q3 2024 ransomware report , we predicted activity would reach its peak in the last quarter of the year.

Ransomware 126

Ransomware Social Engineering Phishing VPN 126

Security Boulevard

JANUARY 20, 2025

Successful exploitation requires social engineering users into manipulating a specially crafted file. Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344 welivesecurity (ESET) CVE-2024-7344. Approximately 70% of observed malware cases in 2024 derived from browser-based malware.

Surveillance 97

Surveillance Malware Data breaches Phishing 97

SecureWorld News

FEBRUARY 20, 2025

Stolen credentials remain the top breach factor, responsible for 24% of incidents in 2024. Strengthening identity security Enforce phishing-resistant MFA for all privileged accounts. Cybersecurity awareness and incident response Train employees to recognize phishing attempts and social engineering.

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

The Hacker News

MARCH 13, 2025

Microsoft has shed light on an ongoing phishing campaign that targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware.

Phishing 97

Phishing Social Engineering Engineering Malware 97

Security Affairs

JANUARY 22, 2025

Sophos researchers started investigating two distinct clusters of activity, tracked as STAC5143 and STAC5777, in response to customer ransomware attacks in November and December 2024. Sophos first observed a STAC5143 attack in November 2024, it began with spam emails followed by a Teams call from an account named “Help Desk Manager.”

Ransomware 98

Ransomware Malware Social Engineering Engineering 98

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. Victim losses range from $0.10

Scams 80

Scams Media Cryptocurrency Cybercrime 80

IT Security Guru

DECEMBER 20, 2023

They will use AI to spoof the login pages of legitimate applications, and create sophisticated phishing emails to trick employees into handing over corporate login credentials. To achieve this, investment in awareness programmes and phishing simulation exercises is essential. These shouldn’t be one-off initiatives.

Cybersecurity 142

Cybersecurity Phishing Scams Cloud Migration 142