Author: Josh Breaker Rolfe

Critical infrastructure organization enrollment in CISA’s Cyber Hygiene (CyHy) service surged 201% between 1 August 2022, and 31 August 2024, a new report released by the US cybersecurity agency has revealed. The CISA CyHy service is a suite of free tools and services designed to help critical infrastructure organizations improve their security posture. Key features include vulnerability scanning, threat intelligence, and guidance and best practices. According to Emily Phelps, Director at Cyware, the service’s growth “reflects the critical sectors’ increasing focus on cybersecurity.” Critical Infrastructure Enrollment by Sector According to CISA’s Cybersecurity Performance Goals (CPG) Adoption Report, the following industries…

Research from the Halcyon RISE Team has revealed that a ransomware actor dubbed “Codefinger” has launched a new campaign on Amazon S3 buckets, leveraging WS’s Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data and render victims powerless to recover data without paying the ransom. New Technique a Systemic Threat Halcyon says this tactic “represents a significant evolution in ransomware capabilities” and that its widespread use could “pose a systemic threat to organizations using Amazon S3 for critical data storage.” Unlike traditional ransomware that encrypts files locally or in transit, this attack integrates directly with AWS’s secure encryption infrastructure,…

Although 2025 is now well underway, it’s not too late to ponder what the year will bring. The coming year is set to witness huge changes in the data privacy landscape, and there’s no harm in trying to stay ahead of the curve. With this in mind, Information Security Buzz spoke to Roderick Rosenburg, founder and CEO of Roseman Labs, to get his privacy predictions for 2025. Increased Risk of Racial Profiling For Rodenburg, governments that have pledged to enforce stricter policies toward minorities are likely to identify and police target groups in 2025: a trend that poses significant privacy…

New research from Palo Alto Networks has revealed that cybercriminals are taking advantage of high-profile sporting events to conduct scams, phishing, and malware attacks through suspicious domain registrations and other malicious activities. Domain Abuse Surges During Paris Olympics For example, researchers uncovered significant spikes in newly registered domains (NRDs), DNS anomalies, and URL traffic during the Paris Olympics. During the event, Olympic-related domain registrations tripled compared to normal periods. 16% of these domains were suspicious, 13 times higher than the general rate for NRDs. Attackers used these spoof domains to sell fake tickets, trick users into participating in cryptocurrency scams,…

Cybercriminals are using phish kits developed by authoring group SpartanWarriorz to target over 300 global brands, new research from Fortra has revealed. Attackers using the kits tend to target financial institutions in North America and Europe, retail, delivery services, and social media platforms. Distribution Techniques Like many cybercriminal groups, SpartanWarriorz primarily markets and distributes phishing kits through Telegram, a popular encrypted messaging service. The group’s channel boasts over 5300 subscribers and is managed by two moderators. On November 21, the SpartanWarriorz Telegram channel was shut down, but the group quickly resumed operations by launching a new channel on the same…

Phishing scams impersonating major holiday brands like Walmart, Target, and BestBuy increased by more than 2000% during Black Friday week, new research from Darktrace has revealed. These findings come as part of a wider increase in phishing activity during the early holiday shopping season. From November 25th to November 29th, 2024, attempted Christmas-themed phishing attacks leaped 327% worldwide, while Black Friday-themed phishing attacks jumped 692% compared to the 4th to the 9th of November. According to Nathaniel Jones, VP of Threat Research at Darktrace, we can attribute these surges to the rise of AI, which, combined with automation and growing cybercrime-as-a-service marketplaces,…

More than half of M&A security incidents in 2024 were non-malicious, resulting instead from integration-induced investigation delays, policy and compliance challenges, and issues baselining internal tools, a report from ReliaQuest has revealed. These findings suggest that inherited assets present a significant risk during M&A activities. However, discussions on cybercriminal forums suggest that threat actors deliberately target companies engaged in M&A processes, abusing perceived security weaknesses while staff are preoccupied with merger logistics. Forum discussions reveal that cybercriminals believe they can monetize M&A information for profit and use it for insider trading or blackmail. M&A Security Incidents by Sector The manufacturing sector faced…

A sophisticated cyberattack using the SmokeLoader malware targeted multiple industries in Taiwan in September 2024, new research from FortiGuard Labs has revealed. SmokeLoader is notorious for its versatility, advanced evasion techniques, and modular design, which allow it to perform a wide range of attacks. Attackers have traditionally used SmokeLoader as a downloader to deliver other malware; in this case, it carries out the attack itself by downloading plugins from its C2 server. Impacted industries include manufacturing, healthcare, and information technology. Launching the Attack Attackers initiated the attack using phishing emails, which, despite containing convincing, localized language, were sent to multiple…

Spearphishing attacks with links and attachments increased in Q3 2024, accounting for 46% of security incidents, ReliaQuest’s Top Cyber Attacker Techniques report has revealed. Initial access methods like spear phishing were the most common MITRE ATT&CK techniques last quarter and have remained so in Q3 2024. According to ReliaQuest, high employee turnover and the accessibility of phishing kits on cybercriminal forums are driving the persistence of these attacks. “Even if employees are properly trained to recognize the signs of phishing, the constant influx of untrained new hires creates opportunities for cybercriminals,” the report said. “Despite the importance of employee training, sometimes…

Cloudflare’s Pages and Workers platforms have experienced a surge of malicious activity in the past year, research from Fortra’s Suspicious Email Analysis (SEA) team has revealed. Phishing incidents on Cloudflare Pages have surged nearly 200% over the past year, while abuse of Cloudflare Workers has increased by 104%. These findings indicate that cybercriminals are increasingly exploiting Cloudflare’s popular web hosting services to facilitate phishing schemes, data exfiltration, and other malicious attacks. Cloudflare Pages and Phishing Activity Cloudflare Pages is a platform for developers to deploy static websites, supported by Cloudflare’s global content delivery network (CDN). It provides features such as…