SecureList

FEBRUARY 20, 2025

Security incident statistics for 2024 In 2024, the MDR infrastructure received and processed on average 15,000 telemetry events per host every day, generating security alerts as a result. This report answers key questions, including: Who are the potential attackers? What methods are they using today? in IT, 18.3% in government, 17.8%

Social Engineering 100

Social Engineering Phishing Government Threat Detection 100

Security Affairs

AUGUST 18, 2024

The Mad Liberator ransomware group has been active since July 2024, it focuses on data exfiltration instead of data encryption. Mad Liberator employs social engineering techniques to gain access to the victim’s environment, specifically targeting organizations using remote access tools like Anydesk.

Social Engineering 144

Social Engineering Engineering Ransomware Cybercrime 144

SecureList

NOVEMBER 28, 2024

This is our latest roundup, covering activity we observed during Q3 2024. Earlier in 2024, a secure USB drive was found to be compromised and malicious code was injected into the access management software installed on the USB drive. After that, we did not observe any new activity related to this actor until mid-July 2024.

Malware 117

Malware Government Software Spyware 117

SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Amazon Online Shopping was mimicked by 33.19% of all phishing and scam pages targeting online store users in 2024. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7

Phishing 81

Phishing Banking Scams Mobile 81

SecureList

NOVEMBER 29, 2024

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations.

Energy and Utilities 105

Energy and Utilities Ransomware Malware Government 105

Digital Shadows

OCTOBER 25, 2024

In October 2024, ReliaQuest responded to an alert for Impacket activity. During the investigation, we discovered a wider trend: a campaign of escalated social engineering tactics originally associated with the ransomware group “Black Basta.” What Happened?

Social Engineering 128

Social Engineering Engineering Phishing Accountability 128

Krebs on Security

NOVEMBER 21, 2024

In January 2024, KrebsOnSecurity broke the news that Urban had been arrested in Florida in connection with multiple SIM-swapping attacks. In September 2024, KrebsOnSecurity reported that a 17-year-old from the United Kingdom was arrested last year by U.K. police as part of an FBI investigation into the MGM hack.

Identity Theft 267

Identity Theft Phishing Cryptocurrency Accountability 267

The Last Watchdog

DECEMBER 12, 2023

What should I be most concerned about – and focus on – in 2024? In 2024, we will see more targeted, sophisticated business email compromise (BEC) attacks, including VIP impersonation, vendor email compromise (VEC), and autonomous agents used for malicious purposes. The comments we received were uniformly insightful and helpful.

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Software 258

Responsible Cyber

NOVEMBER 23, 2024

Overview of Vendor Breaches in 2024 In 2024, the cybersecurity landscape has faced an alarming rise in vendor-related breaches, underscoring the vulnerabilities associated with third-party service providers. A common characteristic among the vendor breaches reported in 2024 is the exploitation of weak security protocols.

Risk 81

Risk Healthcare Education Cybersecurity 81

Penetration Testing

OCTOBER 19, 2024

A new and dangerous social engineering tactic, dubbed ClickFix, has emerged as a significant cybersecurity threat in 2024, according to a recent report from the Sekoia Threat Detection & Research... The post Beware of Fake Google Meet Invites: ClickFix Campaign Spreading Infostealers appeared first on Cybersecurity News.

Social Engineering 87

Social Engineering Threat Detection Engineering Cybersecurity 87

BH Consulting

OCTOBER 24, 2024

The malevolent seven: ENISA report identifies prime cybersecurity threats Ransomware; malware; social engineering; threats against data; threats against availability (denial of service); information manipulation and interference; and supply chain attacks. Information Security Buzz has a good summary of the main points.

Social Engineering 69

Social Engineering Passwords Cybersecurity Ransomware 69

Security Affairs

DECEMBER 25, 2024

dollars from the Japan-based cryptocurrency company DMM by North Korean cyber actors in May 2024.” dollars from the Japan-based cryptocurrency company DMM by North Korean cyber actors in May 2024.” ” reads the press release published by FBI. ” reads the press release published by FBI. BTC ($308M). .”

Cryptocurrency 120

Cryptocurrency Social Engineering Hacking Cybercrime 120

Security Affairs

OCTOBER 29, 2024

” The Telegram channel was created on September 10, 2024 and at this time has 189 subscribers. that was registered in April 2024. On September 18, 2024, a missile alert channel with over 80,000 subscribers promoted the “Civil Defense” Telegram channel.

Malware 117

Malware Social Engineering Software Mobile 117

Tech Republic Security

JUNE 4, 2024

Organisations providing services related to the Paris Olympics 2024 have an increased risk of cyber attack, a new study has found.

Cyber Attacks 201

Cyber Attacks Risk Social Engineering Engineering 201

Security Affairs

NOVEMBER 30, 2024

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss. Some of the malicious apps were promoted through deceptive advertising on social media. Some apps were suspended by Google from Google Play while others were updated by the developers.

Social Engineering 126

Social Engineering Media Mobile Scams 126

Tech Republic Security

NOVEMBER 9, 2023

A November report from Google Cloud details possible nation-state malware tactics in 2024 and new angles of cyberattacks.

Cybersecurity 214

Cybersecurity Malware Big data Social Engineering 214

Digital Shadows

JANUARY 22, 2025

In this blog, well preview the reports highlights and give insights into social engineering campaigns leveraging impersonating domains and our predictions for the threats shaping 2025. Organizations should implement domain monitoring, enforce DMARC policies, and train employees to recognize social engineering methods.

Insurance 65

Insurance Phishing Social Engineering Engineering 65

Duo's Security Blog

MAY 28, 2025

Sixty percent of all Cisco Talos IR cases in 2024 saw identity as a key component of reported attacks. AI significantly exacerbates the situation by amplifying the scale, speed and sophistication of account takeover attacks, enabling automated and highly adaptive social engineering techniques. Identity is under siege.

Social Engineering 124

Social Engineering Engineering Phishing Marketing 124

Krebs on Security

APRIL 9, 2024

Most of the flaws that Microsoft deems “more likely to be exploited” this month are marked as “important,” which usually involve bugs that require a bit more user interaction (social engineering) but which nevertheless can result in system security bypass, compromise, and the theft of critical assets.

DNS 315

DNS Social Engineering Malware Media 315

eSecurity Planet

MARCH 3, 2025

The report details how threat actors harness automation, artificial intelligence, and advanced social engineering to scale their operations. A dramatic 442% surge in vishing attacks during the latter half of 2024 further illustrates the lengths to which adversaries will go to exploit vulnerabilities.

Threat Reports 111

Threat Reports Cybercrime Artificial Intelligence Social Engineering 111

BH Consulting

NOVEMBER 14, 2024

There was no doubting the one topic on almost everyone’s minds at IRISSCON 2024: AI. Widely considered one of the industry’s leading sources of security research, the 2024 edition found that ransomware and extortion made up 32% of incidents. Many of these attacks are preventable, he added.

Artificial Intelligence 64

Artificial Intelligence Ransomware Social Engineering Cybersecurity 64

Security Affairs

APRIL 17, 2025

increasingly used in malware campaigns since October 2024, including an ongoing crypto-themed malvertising attack as of April 2025. In a documented instance, attackers used a ClickFix social engineering tactic to trick users into running a PowerShell command that downloads and installs Node.js Microsoft has observed Node.js

Social Engineering 111

Social Engineering Malware Cryptocurrency Engineering 111

We Live Security

DECEMBER 12, 2024

Attackers could use seemingly innocuous prompts to manipulate an AI system and even make it their unwitting ally in carrying out malicious activities

Social Engineering 92

Social Engineering Engineering 92

SecureWorld News

MAY 9, 2025

The method, known as "ClickFix," leverages social engineering to bypass traditional email-based defenses. The LOSTKEYS malware shows how attackers are getting smarter at tricking people and sneaking past basic security tools, especially by using fake websites and social engineering to get users to run harmful scripts," said J.

Malware 86

Malware Social Engineering Engineering Government 86

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Privacy Compliance: By 2024, 40% of privacy tools will rely on AI, highlighting its expanding role in ensuring data privacy and meeting regulations. RaaS usage is expected to increase by 25% in 2024.

Social Engineering 140

Social Engineering Cyber Attacks Cyber Insurance IoT 140

Webroot

MARCH 3, 2025

The growing risks to your data During the third quarter of 2024, data breaches exposed more than 422 million records worldwide. Millions of customers were put at risk when their social security numbers, phone numbers, and other sensitive personal information were leaked.

Consumer Protection 99

Consumer Protection Identity Theft Scams Social Engineering 99

eSecurity Planet

OCTOBER 22, 2024

ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications. Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues.

Scams 123

Scams Malware Phishing Social Engineering 123

Digital Shadows

JANUARY 14, 2025

Key Findings The last quarter of 2024 proved to be a pivotal period for ransomware activity, marked by emerging threats and unexpected shifts among established groups. In our Q3 2024 ransomware report , we predicted activity would reach its peak in the last quarter of the year.

Ransomware 126

Ransomware Social Engineering Phishing VPN 126

Security Affairs

SEPTEMBER 11, 2024

Microsoft Patch Tuesday security updates for September 2024 addressed 79 flaws, including four actively exploited zero-day flaws. ” The four actively exploited zero-day vulnerabilities are: CVE-2024-38014 – Windows Installer Elevation of Privilege Vulnerability. However, we at the ZDI think that number should be five.”

Social Engineering 126

Social Engineering IoT Engineering Authentication 126

Security Affairs

DECEMBER 10, 2024

This social engineering scheme has been amplified by targeted phishing, smishing, and vishing activities, with a noticeable increase around the winter holidays. The Ministry of Human Resources and Emiratisation (MoHRE) has announced that December 2 and 3, 2024, will be official paid holidays for all private sector employees in the UAE.

Social Engineering 109

Social Engineering Phishing Banking DNS 109

Security Affairs

NOVEMBER 15, 2024

Threat actors relies on social engineering tactics like ClickFix and FakeCaptcha to trick users into executing malicious scripts via PowerShell or Run prompts. The malware bypasses Chrome’s App-Bound Encryption by utilizing the IElevator service, a method that was disclosed in October 2024.

Encryption 114

Encryption Password Management Cryptocurrency Social Engineering 114

SecureList

DECEMBER 9, 2024

As part of Kaspersky Security Bulletin 2024, our “Story of the Year” centers on these pressing issues. We’ll begin by revisiting notable supply chain incidents from 2024, and then explore potential scenarios of more damaging cases and the ways we prepare for them. Let’s dive in! Why does it matter? The Polyfill.io

Internet 111

Internet Internet Risk Social Engineering 111

Mitnick Security

AUGUST 6, 2024

August 6th, 2024, marks the first annual National Social Engineering Day , an opportunity to raise awareness about social engineering threats and emphasize effective cybersecurity practices.

Social Engineering 52

Social Engineering Engineering Cybersecurity 52

Security Affairs

MAY 17, 2025

The financially motivated group UNC3944 (also known as Scattered Spider , 0ktapus ) is known for social engineering and extortion. After 2024 arrests [ 1 , 2 , 3 ], their activity dropped, but ties to other threat actors may aid a comeback. They exploit help desks and outsourced IT via social engineering for high-impact attacks.

Retail 64

Retail Social Engineering Cybercrime Financial Services 64

Security Affairs

NOVEMBER 30, 2024

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss. Some of the malicious apps were promoted through deceptive advertising on social media. Some apps were suspended by Google from Google Play while others were updated by the developers.

Social Engineering 98

Social Engineering Media Scams Advertising 98

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. Top Techniques: A Closer Look Phishing Techniques: The Evergreen Threat in Cybersecurity Initial access methods were the most common MITRE ATT&CK techniques between May and July 2024.

Cyber Attacks 59

Cyber Attacks Phishing Ransomware Cyber Insurance 59

eSecurity Planet

MAY 16, 2025

The stolen information was then used in social engineering scams that tricked users into giving away their crypto. Meanwhile, blockchain investigator ZachXBT estimated that social engineering scams cost Coinbase users $300M+ annually. He emphasized that security upgrades are already underway.

Social Engineering 70

Social Engineering Scams Accountability Retail 70