October 22nd, 2021 by Admin
In March of last year, AI caught a sophisticated, highly targeted cyber-attack exploiting a zero-day vulnerability across multiple businesses. The attack was detected, investigated, and contained by the AI, and the system worked out that it was a completely novel threat. Two weeks later, this campaign was publicly attributed to a Chinese nation-state actor known as APT41. The organizations threatened by the attack included governments entities, critical infrastructure, large enterprises, but also, surprisingly, midsize businesses.
We have entered a new era of cyber threat. If it were measured as a country, cybercrime would be the world’s third-largest economy after the U.S. and China. Midsize businesses are often considered a soft underbelly for cybercriminals.
[ Source : hbr.org ]
October 22nd, 2021 by Admin
Two-factor authentication (2FA) has been widely adopted by online services over the past several years and turning it on is probably the best thing users can do for their online account security. Faced with this additional hurdle that prevents them from exploiting stolen passwords, cybercriminals have had to adapt, too, and come up with innovative ways to extract one-time use authentication codes from users.
According to a new report from cybercrime intelligence firm Intel 471, the latest development in 2FA bypassing involves the use of robocalls with interactive messages that are meant to trick users into handing over their one-time passwords (OTPs) in real-time as attackers are trying to access their accounts.
[ Source : csoonline ]
October 22nd, 2021 by Admin
Google’s Threat Analysis Group (TAG) has tracked more than 270 government-backed cybercriminal associations in over 50 countries. From the beginning of 2021, they have noted that the attack rate of phishing campaigns is increasing and that’s why they have clients with about 50,000 alerts regarding phishing attempts or malware installations.
Soon after detecting such attacks, Google has offset a number of malicious campaigns that have been ejected by the Iranian group APT35. And not only this but this attack also include a social engineering campaign known as Operation SpoofedScholars.
[ source : cybersecuritynews.com ]
October 22nd, 2021 by Admin
In early 2020, a bank manager in the United Arab Emirates received a call from a man whose voice he recognized—a director at a company with whom he’d spoken before. The director had good news: His company was about to make an acquisition, so he needed the bank to authorize some transfers to the tune of $35 million.
A lawyer named Martin Zelner had been hired to coordinate the procedures and the bank manager could see in his inbox emails from the director and Zelner, confirming what money needed to move where. The bank manager, believing everything appeared legitimate, began making the transfers.
[ Source : Forbes ]
October 22nd, 2021 by Admin
In a world of continuous change, challenge and chaos, it is critically important that every organization – from the smallest mom-and-pop business to medium-size nongovernmental organizations (NGO), government agencies and global multinationals – has concrete cyber-crisis readiness plans ready for deployment at any time. Not having this aspect of cyber-resilience in place before the “big” cyber event occurs can become a serious, material or even deadly financial and reputational hit to any entity and its leaders. That has become especially true in this era of multiple cyber and pandemic crises.
[ source : weforum.org ]