Security News > 2022 > April

Phishing, a longstanding cyberattack technique through which attackers impersonate others to gain access to confidential information, has become immensely popular as of late, hitting an all-time high in December 2021, with attacks tripling since the previous year. Attacks continue to become more and more sophisticated, with hackers using complex code and complicated processes to successfully breach organizations and stay under the radar.

An Indian bank that did not have a valid firewall license, had not employed phishing protection, lacked an intrusion detection system and eschewed use of any intrusion prevention system has, shockingly, been compromised by criminals who made off with millions of rupees. It certainly thinks small about security - at least according to Hyderabad City Police, which last week detailed an attack on the Bank that started with over 200 phishing emails being sent across three days in November 2021.

The next generation of enterprise cyber threats will see external and internal threats and threat actors colliding into a hybrid threat model. The hybrid threat actors have even taken the threat matrix one step further and have launched physical attacks.

A study shows that traditional identity fraud losses, caused by criminals illegally using victims' information to steal money, exploded in 2021 to $24 billion - an alarming 79% increase over 2020. Further, the number of adults in the United States impacted by traditional identity fraud grew more than 50%, reaching more than 15 million victims, a Javelin identity fraud study reveals.

Findings reveal that 22% of small practices and 45% of large practices have experienced a ransomware attack at some point, with numbers rising in the past three years. According to the survey, the majority of both small and large practices said between 81% and 100% of all their data is stored digitally.

Hundreds of enterprise ML practitioners were asked about their experiences and the factors that affected their teams' ability to deliver the level of business value their organizations expected from ML initiatives. By contrast, 47% of ML teams require four to six months to deploy a single ML project, while another 43% take up to three months.

With the growth in digital transformation, the API management market is set to grow by more than 30% by the year 2025 as more businesses build web APIs and consumers grow to rely on them for everything from mobile apps to customized digital services. Cybercriminals are targeting APIs more aggressively than ever before, and businesses must take a proactive approach to API security to combat this new aggression.

A Chinese state-backed advanced persistent threat group known for singling out Japanese entities has been attributed to a new long-running espionage campaign targeting new geographies, suggesting a "Widening" of the threat actor's targeting. "Victims in this Cicada campaign include government, legal, religious, and non-governmental organizations in multiple countries around the world, including in Europe, Asia, and North America," researchers from the Symantec Threat Hunter Team, part of Broadcom Software, said in a report shared with The Hacker News.

Amid the COVID-19 crisis, the global market for cloud identity access and management estimated at $5.3 billion in the year 2022, is projected to reach a revised size of $13.6 billion by 2026, growing at a CAGR of 26.7% over the analysis period, according to Global Industry Analysts. This segment currently accounts for a 16.2% share of the global cloud identity access and management market.

A new WhatsApp phishing campaign impersonating WhatsApp's voice message feature has been discovered, attempting to spread information-stealing malware to at least 27,655 email addresses. Information-stealing malware is aggressively distributed today via various means, with phishing remaining a primary channel for threat actors.