fbpx

Download free GDPR compliance checklist!

Tag Archives for " phishing "

Half of Organizations Experienced Security Incidents While Working Remotely

As businesses try to deliver a seamless hybrid experience of work from home and office, Tessian’s Securing the Future of Hybrid Working report reveals the security risks they must overcome and the pressures on IT teams.

The majority of IT decision makers (82%) think that employees are at greater risk of phishing attacks when working remotely. Their concerns are valid; over three-quarters (78%) of employees said they received a phishing email while working on their personal laptop between March and July 2020, and 68% admitted to clicking a link or downloading an attachment within that email.

In fact, nearly half of companies surveyed experienced a data breach or security incident between March and July 2020, with half being caused by phishing attacks – making it the leading cause of security incidents during this period of remote working.

Source: Half of Organizations Experienced Security Incidents While Working Remotely, Reveals New Data – socPub

Fake GDPR Compliance Reminders Being Shared by Phishers

A new phishing attack has been identified where cybercriminals are sharing a fake GDPR compliance reminder in a bid to try and fool those receiving the email into sharing their email log in details.

The phishing campaign involves hackers sending the warning to a list of company email that they have been able to previously get hold of.

The attacker lures targets under the pretense that their email security is not GDPR compliant and requires immediate action. For many who are not versed in GDPR regulations, this phish could be merely taken as more red tape to contend with rather than being identified as a malicious message.

Source: Fake GDPR Compliance Reminders Being Shared by Phishers – Compliance Junction

27% of employees fall prey to phishing attacks

According to a report from Positive Technologies, hackers continue to target the weak link in any company’s security posture: Humans.

The firm studied its 10 largest pen testing projects performed for clients in 2016 and 2017. These tests included 3,332 emails sent to employees with links to websites, password entry forms, and attachments, mimicking the work of hackers.

Source: Don’t skimp on IT security training: 27% of employees fall prey to phishing attacks – TechRepublic

Ransomware reigns supreme in 2018, as phishing attacks continue to trick employees

Ransomware was the cause of 39% of malware-related data breaches, more than double that of last year, according to Verizon’s annual Data Breach Investigations Report.

This is the report’s 11th edition, analyzing more than 53,000 security incidents and 2,216 breaches from 65 countries.

Source: Ransomware reigns supreme in 2018, as phishing attacks continue to trick employees – TechRepublic

Recent DDoS attacks include buried ransom demands for Monero

Security researchers with the internet services company Akamai have noticed something unusual as they’ve responded to a spate of recent DDoS attacks. Buried beneath the traffic deluge designed to grind a target’s web traffic to a halt are ransom notes.

“It’s actually like a DDoS attack with a phishing attack with an extortion attack all rolled into one,” said Chad Seaman, a senior engineer with Akamai’s security intelligence response team, in an interview with Fortune. “When we saw it we were like, huh, clever bastards.”

Source: Recent DDoS attacks include buried ransom demands for Monero

Web Hosting Services Could Leave Small Businesses at Risk of Phishing

The Federal Trade Commission today released a staff report that examines 11 web-hosting services that market themselves to small businesses and finds that many do not provide by default certain email authentication and anti-phishing technologies, potentially leaving many small firms at risk of facilitating phishing scams.

Source: FTC Report Finds Some Small Business Web Hosting Services Could Leave Small Businesses at Risk of Facilitating Phishing Scams | Federal Trade Commission

UK’s NCSC issues guidance on defence against against phishing

The National Cyber Security Centre (‘NCSC’) issued a guidance on protection against phishing for medium to large organisations. The Guidance contains advice on how organisations can defend themselves against malicious emails that use social engineering techniques. It outlines a multi-layered approach that can improve your resilience against phishing, whilst minimising disruption to user productivity. The mitigations suggested are also useful against other types of cyber attack, and will help your organisation become more resilient overall.

Source: Phishing attacks: defending your organisation – NCSC Site

>