Global businesses rely on the internet for everything -- websites, email, authentication, voice over IP (VoIP), and more. It's part of an organization's external attack surface and needs to be continuously monitored for cybercrime attacks and fraud.
As an age-old digital threat, phishing just continues to grow in sophistication over time, as DarkTortilla showed. Cyble Research and Intelligence Labs (CRIL) published a technical analysis of the threat specifically targeting Cisco and Grammarly. Are there other potential threat vectors, though?
Earlier this month, ReversingLabs published a report on the current state of software supply chain security. They stated that the volume of such attacks using npm and PyPI code have increased by a combined 289% in the past four years. The research also cited two npm attacks as evidence -- IconBurst and Material Tailwind.
For roughly US$100, threat actors can purchase RedLine Stealer, a malware-as-a-service (MaaS) program first detected in March 2020 that continues to wreak havoc to this day. The malware can steal information from infected devices, including autocomplete and saved information on browsers.
You may be wondering who Robin Banks is, but you should instead ask what Robin Banks is. Robin Banks is a phishing-as-a-service (PhaaS) platform that first surfaced in March this year. The name is a play on the phrase "robbing banks," coined by IronNet researchers who introduced the malicious platform to the world.
This year, the stock market is at its most volatile state due to several factors. Debates abound about whether 2022 will be as bad as 2008, but we'll leave that up to the experts.
It has become customary for cybercriminals to ride on famous brands to make their nefarious campaigns work. The release of the world's most-awaited tech gadgets is no different. And given the public attention and techies' innate desire to be first to own the latest gadgets, threat actors will always zoom in on prospective buyers via the most ingenious scams.
We have just released our third annual Domain Security Report that found three out of four Forbes Global 2000 companies have not adopted key domain security measures - exposing them to high risk of security threats. These companies have implemented less than half of all domain security measures.
Internet users are being tricked into installing browser extensions that can hijack their web searches. The end goal could be to insert affiliate links, but who knows what other malicious activities the threat actors behind them are capable of?
More sophisticated BazarCall campaigns have been circulating and delivering ransomware entry points to victims. While the bait still involves urgent notification emails about nonexistent purchases or subscriptions, the subsequent phase highlights the threat actors' manipulative skills.