Josh Breaker Rolfe

The average time it takes for an attacker to move laterally after gaining initial access – known as breakout time – has plummeted to just 48 minutes, new research from ReliaQuest has revealed. These results represent a 2% increase in speed from the previous year, with some of the fastest recorded attacks taking as little as 27 minutes. According to ReliaQuest, “this quicker infiltration leaves organizations with even less time to respond, making automated defenses crucial in matching – and surpassing – the speed of adversaries.” Cybercriminals Pick Up the Pace The ReliaQuest report, titled Racing the Clock: Outpacing Accelerating…

In the cybersecurity industry, we tend to look forward. And for good reason: cybersecurity is one of the fastest-moving, most dynamic fields out there. Staying in the fight against cybercriminals relies utterly on not just keeping up with the latest trends, but also anticipating them. However, sometimes, predicting the future relies on looking to the past. As the adage goes, to know your future, you must know your past. With this in mind, VIPRE Security Group recently released their latest annual email threat landscape report, titled “Email Security in 2025: What to Expect from the Evolving Threat Landscape.” Drawing insights…

Age verification laws for adult websites have led to a dramatic surge in VPN usage across the United States, research from vpnMentor’s Cybersecurity and Research Lab has revealed. The research brings into question the efficacy of these laws as users find ways to circumvent age verification mechanisms and blocked IP addresses. Users Circumvent Age Verification In early 2024, 19 US states enacted age verification laws. However, Pornhub, one of the world’s largest pornography websites, only enforced age verification in Louisiana. For the other states, the site merely implemented IP-blocking, meaning that, in effect, the site is inaccessible for users in…

Critical infrastructure organization enrollment in CISA’s Cyber Hygiene (CyHy) service surged 201% between 1 August 2022, and 31 August 2024, a new report released by the US cybersecurity agency has revealed. The CISA CyHy service is a suite of free tools and services designed to help critical infrastructure organizations improve their security posture. Key features include vulnerability scanning, threat intelligence, and guidance and best practices. According to Emily Phelps, Director at Cyware, the service’s growth “reflects the critical sectors’ increasing focus on cybersecurity.” Critical Infrastructure Enrollment by Sector According to CISA’s Cybersecurity Performance Goals (CPG) Adoption Report, the following industries…

Research from the Halcyon RISE Team has revealed that a ransomware actor dubbed “Codefinger” has launched a new campaign on Amazon S3 buckets, leveraging WS’s Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data and render victims powerless to recover data without paying the ransom. New Technique a Systemic Threat Halcyon says this tactic “represents a significant evolution in ransomware capabilities” and that its widespread use could “pose a systemic threat to organizations using Amazon S3 for critical data storage.” Unlike traditional ransomware that encrypts files locally or in transit, this attack integrates directly with AWS’s secure encryption infrastructure,…

Although 2025 is now well underway, it’s not too late to ponder what the year will bring. The coming year is set to witness huge changes in the data privacy landscape, and there’s no harm in trying to stay ahead of the curve. With this in mind, Information Security Buzz spoke to Roderick Rosenburg, founder and CEO of Roseman Labs, to get his privacy predictions for 2025. Increased Risk of Racial Profiling For Rodenburg, governments that have pledged to enforce stricter policies toward minorities are likely to identify and police target groups in 2025: a trend that poses significant privacy…

New research from Palo Alto Networks has revealed that cybercriminals are taking advantage of high-profile sporting events to conduct scams, phishing, and malware attacks through suspicious domain registrations and other malicious activities. Domain Abuse Surges During Paris Olympics For example, researchers uncovered significant spikes in newly registered domains (NRDs), DNS anomalies, and URL traffic during the Paris Olympics. During the event, Olympic-related domain registrations tripled compared to normal periods. 16% of these domains were suspicious, 13 times higher than the general rate for NRDs. Attackers used these spoof domains to sell fake tickets, trick users into participating in cryptocurrency scams,…

Cybercriminals are using phish kits developed by authoring group SpartanWarriorz to target over 300 global brands, new research from Fortra has revealed. Attackers using the kits tend to target financial institutions in North America and Europe, retail, delivery services, and social media platforms. Distribution Techniques Like many cybercriminal groups, SpartanWarriorz primarily markets and distributes phishing kits through Telegram, a popular encrypted messaging service. The group’s channel boasts over 5300 subscribers and is managed by two moderators. On November 21, the SpartanWarriorz Telegram channel was shut down, but the group quickly resumed operations by launching a new channel on the same…

Phishing scams impersonating major holiday brands like Walmart, Target, and BestBuy increased by more than 2000% during Black Friday week, new research from Darktrace has revealed. These findings come as part of a wider increase in phishing activity during the early holiday shopping season. From November 25th to November 29th, 2024, attempted Christmas-themed phishing attacks leaped 327% worldwide, while Black Friday-themed phishing attacks jumped 692% compared to the 4th to the 9th of November. According to Nathaniel Jones, VP of Threat Research at Darktrace, we can attribute these surges to the rise of AI, which, combined with automation and growing cybercrime-as-a-service marketplaces,…

More than half of M&A security incidents in 2024 were non-malicious, resulting instead from integration-induced investigation delays, policy and compliance challenges, and issues baselining internal tools, a report from ReliaQuest has revealed. These findings suggest that inherited assets present a significant risk during M&A activities. However, discussions on cybercriminal forums suggest that threat actors deliberately target companies engaged in M&A processes, abusing perceived security weaknesses while staff are preoccupied with merger logistics. Forum discussions reveal that cybercriminals believe they can monetize M&A information for profit and use it for insider trading or blackmail. M&A Security Incidents by Sector The manufacturing sector faced…