Organizations can't ignore the surge in malicious web links.
Cybercriminals turn to ready-made bots for quick attacks.
Bots and human fraud farms were responsible for billions of attacks in the H1 of 2023 and into Q3, according to Arkose Labs.
These attacks comprised 73% of all website and app traffic measured.
Rise in automated attacks troubles ecommerce industry.
Built on a vast network of API connections and third-party dependencies, online retailers are increasingly vulnerable to business logic abuse and client-side attacks.
Global organizations are facing an unprecedented level of cyber risk due to blind spots in their environment and that security teams are being overwhelmed with significant amounts of threat intelligence data lacking actionable insights.
Endpoint malware attacks decline as campaigns spread wider.
In Q2 2023, 95% of malware now arrives over encrypted connections, endpoint malware volumes are decreasing despite campaigns growing more widespread, ransomware detections are declining amid a rise in double-extortion attacks, and older software vulnerabilities persist as popular targets for exploitation among modern threat actors, among other trends, according to WatchGuard.
75% of education sector attacks linked to compromised accounts.
Phishing and user account compromise were the most common attack paths for these organizations, while phishing and malware topped the list for other verticals.
Cybercriminals are diversifying and expanding their skill sets to attack critical infrastructure, making the threat landscape even more complex and forcing organizations to reconsider their security needs.
Despite the decline in global ransomware attempts, a variety of other attacks have trended up globally, including cryptojacking, IoT malware and encrypted threats.
Not only did these solutions not prevent the attack, they also lack the automated ability to protect against any stolen data that can be used in the aftermath.
Aggregated honeypot data, over a six-month period, showed that more than 50% of the attacks focused on defense evasion, according to Aqua Security.
These attacks included masquerading techniques, such as files executed from /tmp, and obfuscated files or information, such as dynamic loading of code.
Widespread BEC attacks threaten European organizations.
European organizations experienced a greater volume and frequency of BEC attacks over the last year, as compared to organizations in the United States, according to Abnormal Security.
While total attacks in the United States grew by 5x between June 2022 and May 2023, Europe saw total attacks increase by 7x during the same period-to an average of 2,842 attacks per 1,000 mailboxes in May. Cyber extortion hits all-time high.
The geographical shift of cyber extortion attacks has continued, with a significant year on year increase in Southeast Asia, with Indonesia, Singapore, Thailand, Philippines, and Malaysia the most impacted.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Fri, 05 Jan 2024 05:13:07 +0000