Ransomware-wielding attackers continue to pummel organizations. But labeling these as being just ransomware attacks often misses how much these incidents involve serious network intrusions, exfiltration of extensive amounts of data, data leaks and, as a result, reportable data breaches.
Ransomware-wielding attackers are typically breaking into victims' networks using remote desktop protocol access, phishing emails or malware that's sometimes used in drive-by attacks against browsers, experts warn, advising organizations to make sure they have the right defenses in place.
The latest edition of the ISMG Security Report analyzes why cyberattacks against banks have surged in recent weeks. Plus: The increasingly ruthless tactics of ransomware gangs; cybersecurity strategies for small businesses.
Ransomware-wielding criminals are growing increasingly ruthless, based on the size of their extortion demands, their increasing propensity to leak data in an attempt to force victims to pay and their greater focus on taking down big targets. These tactics, unfortunately, appear to be working.
A recent ransomware attack that targeted a law firm that serves celebrities may have been facilitated by a Pulse Secure VPN server that was not properly patched and mitigated against a well-known vulnerability, some security experts say.
Access and analyze suspicious or malicious content without exposing your resources or your identity.
Reinforce your Open Source Intelligence (OSINT) skills with a combination of real-world research tips and techniques:
Leverage cross-functional open and dark web research techniques outlined by our military, law...
Cyber Threat Intelligence (CTI) isn't the exclusive domain of specialized organizations anymore. Yet many CTI practitioners - the analysts, researchers and threathunters who collect and manage Open Source Intelligence (OSINT) gleaned from the open, deep and Dark Web - report a lack of training, tools and internal...
To facilitate investigations across the vast expanses of the open, deep, and dark web, Authentic8 engineers built a guide to 21 easily accessible Open Source Intelligence (OSINT) research tools. The report provides a brief overview of each tool, where and how to get it, a supporting visual, and use case.
A quarter of financial institutions experienced at least one spear-phishing or business email compromise attack in 2019 where user credentials were compromised and/or fraud was committed. These attacks also often resulted in intellectual property and physical damage.
Yet, nearly half of institutions surveyed state...
Three recently disclosed health data security incidents - including the discovery of a large email hack that happened nearly a year ago - serve as reminders of the ongoing incident response challenges facing healthcare organizations. And these difficulties are likely to worsen during the COVID-19 crisis.
Cybercrime groups and nation-state hacking gangs are continuing to exploit the COVID-19 pandemic to further their aims, U.K. and U.S. security agencies warn in a joint alert. While overall attack levels haven't increased, they say, "the frequency and severity of COVID-19-related cyberattacks" looks set to surge.
Designing Security as a User Experience
The ongoing battle between attackers and defenders have left valid users caught in the middle. Protecting user accounts with aggressive security policies leads to false positives and needlessly locks valid users out of their account, while lenient security policies lead to...
As cybercriminals and nation-states take advantage of the COVID-19 pandemic to further their own aims, authorities are calling on victims to report online attacks as quickly as possible to help them better disrupt such activity.
Traditionally, security teams look to penetration tests and red teaming to test and build confidence in their security programs. These options are often costly, time-consuming, and limited in scope. There is a better way to gain confidence in security models: continuous attack simulations, which automate adversary...