You are here

Home » Cybersecurity

Cybersecurity

Security Awareness – Phishing Scams Targeting Smartphones Impacting Energy Sector

Researchers at the cybersecurity firm Lookout have observed a notable uptick in mobile phishing attacks over the past year, specifically in the energy sector. Since the second half of last year, “there’s been a 161 [percent] increase in mobile phishing attacks targeting the energy sector,” and the energy sector accounts for around 17 percent of all mobile phishing attacks globally. The possibility of energy providers being compromised, and services rendered non-operational represents a risk across the critical infrastructure community because of cross-sector reliance on power.

Beyond Policies and Procedures – The Cybersecurity Audit Program

There is a juncture where a maturing cybersecurity program will experience an audit, where policies and procedures will be evaluated for accuracy and adherence. While it’s important to compose effective governance documents, Dale Peterson suggests that concurrently developing your cybersecurity audit program has equal benefits. Incorporating audit testing criteria during development should help identify the “must” policies versus the “shall” guidance often found confusingly intertwined in governance documents.

Security Awareness – The Growing Scourge of Brand Impersonation Attacks

Phishing is one of the most widely used cyber attack techniques and has grown more sophisticated in the form of brand impersonation attacks. While many phishing scams are easy to spot, brand impersonation – through its use of impersonating the likeness of trusted brands – is typically more difficult to detect. Indeed, “brand impersonation emails increased 44% in 2020 vs. 2019. However, it’s not only a significant increase in frequency as much as an increasing level of sophistication,” according to Dirk Jan Koekkoek, VP DMARC at Mimecast.

New Squirrelwaffle Malware Mimics Emotet Tactics

Security researchers at Cisco Talos recently uncovered a new malware threat, called Squirrelwaffle, that spreads via spam campaigns, providing threat actors with an initial entry into a compromised device or network and allowing them to deploy additional malware, such as Qakbot or Cobalt Strike. Squirrelwaffle, which was first identified last month, leverages stolen reply-chain emails to propagate across devices and networks.

Microsoft Warns of Increase in Password Spraying Attacks

Microsoft’s Detection and Response Team (DART) has detected an increase in password spray attacks over the past year. With increasing intelligence of security software and cybersecurity awareness, breaking into a network undetected has become more difficult. Therefore, threat actors are increasingly focused on stealing a victim’s credentials so they can access a network and carry out malicious activity that appears as normal network traffic. To gain these credentials, adversaries are employing password spraying.

Nearly Three-Quarters of Organizations Experienced a DNS Attack in the Last Year

Although ransomware and phishing attempts are often perceived as the most frequent and persistent cyber threats by many, a new survey by the Neustar International Security Council (NISC), however, shows that domain name system (DNS) attacks are impacting businesses at an increasing rate. According to the survey, which was conducted in September 2021, 72 percent of respondents experienced a DNS attack within the last year. Among the targeted respondents, 58 percent experienced business disruptions that lasted more than an hour and 14 percent took several hours to recover.

Pages

Subscribe to Cybersecurity