Analysis
Categories
- AI
- Analysis
- China
- Expert Opinions
- Featured
- Gambling
- Latest News
- LockBit
- News
- Aerospace
- Apple
- Arrest
- Automotive
- Big Tech
- Breaking News
- Business Email Compromise
- China
- Chip Technology
- Climate
- Cryptocurrency
- Cyber Budget
- Cyber Espionage
- Cyber M&A
- cybercrime
- Cybersecurity Events
- Data Leak
- deepfake
- Energy Sector
- Ethiopia
- European Union
- Finance
- France
- Geopolitics
- Government
- Hacktivism
- Healthcare
- Human Error
- India
- Investment Scam
- Iran
- Israel Conflict
- Malicious Bots
- Malware
- North Korea
- Norton
- One Minute Roundup
- Personal Services
- Phishing
- ransomware
- Retail
- Russia
- SEC
- SMB
- Social Media
- Spyware
- Sri Lanka
- Supply Chain
- Surveillance
- Taiwan
- Telecommunications
- VPN
- Vulnerability
- Wire Fraud
- Workforce Cyber
- One Minute Roundup
- sextortion
- Space
- Spyware
- Threat Intelligence
- Trends
- Uncategorized
Companies must identify the value of their data
Most organizations have no clear idea of the value of the data they hold on themselves and their customers. According to technology research and consulting firm Gartner, 30 percent of chief data and analytics officers (CDAOs) say that their top challenge is the inability to measure data, analytics, and AI's impact on business outcomes. Gartner also reports that only 22 percent of organizations surveyed have defined, tracked, and communicated business impact metrics for the bulk of their data and analytics (D&A) use cases. “There is a massive value vibe around data, where many organizations talk about the value of data, desire to be data-driven, etc., but there are few who can substantiate it,” said Michael Gabbard, senior director analyst at Gartner.
Darcula can suck the blood out of any brand
Cybercrime just got easier. A new artificial intelligence off-the-shelf phishing kit named darcula now enables even inexperienced cyber criminals to impersonate any corporate brand with a complex, customizable campaign. Phishing generally refers to a form of online fraud where attackers attempt to steal sensitive information such as passwords, credit card numbers, or bank account details. “The criminals at darcula are back for more blood, and they mean business with one of the more impactful innovations in phishing in recent years. The new version of their “Phishing-as-a-Service” (PhaaS) platform, darcula-suite adds first-of-its-kind personalization capabilities …to allow criminals to build advanced phishing kits that can now target any brand with the click of a button,” says Cybersecurity company, Netcraft.
2025 forecast to be boom year for cybersecurity
California-based cybersecurity goliath Palo Alto Networks has issued a bullish revenue forecast based on a perceived rising global demand for artificial intelligence (AI)-driven security products. “In Q2 [2025], our strong business performance was fuelled by customers adopting technology driven by the imperative of AI, including cloud investment and infrastructure modernization," said CEO Nikesh Arora. “Our growth across regions and demand for our platforms demonstrates our customers' confidence in our approach. It reaffirms our faith in our 2030 plans and our $15 billion next-generation technology annual recurring revenue goal.”
Ransomware gangs target law and accountancy firms
In what is bad news for law and accounting firms, the professional and technical services sector has now overtaken the manufacturing sector as the prime target for ransomware attacks of Q3 2024. According to cybersecurity company Nuspire: “These firms handle highly sensitive client data, such as financial records, legal documents, and business strategies, making them prime targets for ransomware operators.” Nuspire predicts that, with ransom demands averaging around $2.5 million a hit for law firms, ransomware operators will continue to target this sector as long as the potential rewards outweigh the effort. The situation is particularly dire for smaller practices, which may lack the resources to protect against today’s increasingly ruthless and sophisticated cyber-attacks.
US Healthcare companies on high cyber-alert
While the assassination of health insurance CEO Brian Thompson on the streets of central New York last week has been grabbing headlines this month, life-endangering cyber-attacks on the US healthcare industry are escalating at an alarming rate. Once again, the pressing need for both IT and physical security could not be more clear. According to John Riggi, national advisor for healthcare security and risk at the American Hospital Association, healthcare security must now be seen as far more than just an IT issue. This year has seen what amounts to a sea change in the way healthcare executives must view not only their own personal security but also the impact of cyber-attacks not only on their bottom line but also on the lives and well-being of patients.
The data currency time bomb
Corporations are not only amassing huge amounts of personal data on their customers as never before but also trading that data, frequently without the customer’s knowledge. As yet, the general public is largely unaware of the uses to which their personal information is being put or whose hands it ends up in. At the same time, companies holding the data must tread an increasingly complex regulatory minefield. According to Chris Diebler, Security VP at cybersecurity company DataGrail: “Companies are all terrified of not having enough data as data is the new currency. However, companies need to think seriously about reducing these vast mountains of data. The value of data must be balanced against the cost and security risk of maintaining it." Companies that fail to secure personal data effectively or trade customer data with third parties face considerable potential brand damage when the details are obtained by bad actors and they suffer identity theft or financial fraud as a consequence.
Copyright infringement scam goes global
Since July of this year, cybersecurity firm Check Point has been tracking an ingenious form of online fraud that is rapidly spreading across the US, Europe, East Asia and South America. The attackers impersonate dozens of legitimate companies, claiming the victim’s organization has infringed their copyright. Weaponized emails, which appear to come from the legal representatives of the impersonated companies, accuse the recipient of misusing their brand on the target’s social media page and requesting the removal of specific images and videos. The phishing emails are typically sent from Gmail accounts and prompt recipients to download an archive file. which then installs the latest version of the Rhadamanthys infostealer stealer (version 0.7) in order to steal critical information from the victim’s organization.
Big Tech’s rapidly-shrinking green credentials
Big Tech is currently performing a rather awkward fan dance, trying to cover up its rape and pillage of the earth’s more finite resources with its rapidly shrinking green credentials. Silicon Valley’s green credentials may, however, soon vanish altogether under the vast amount of e-waste the rapid rollout of generative artificial intelligence (AI) has already started to generate. Measures such as the installation of waterless urinals and charging points for e-vehicles for Big Tech staff are merely Silicon Valley window dressing for what has always been an incredibly dirty and polluting industry. Named after the material used to manufacture semiconductors in Intel’s chip fabrication plants, Silicon Valley began with an ugly reputation for allowing vast amounts of toxic chemicals to seep into the local environment, allegedly making their way into the bodies of workers and children. Californian locals ruefully commented that the area should be renamed “Cyanide Valley”, as the notorious poison, which is used in the manufacture of semi-conductors, was claimed to have seeped into local soil and water sources.
Russian secret service steps up cyber-attacks on the West
Software giant Microsoft has made an urgent public announcement that the Russian secret service is currently sending thousands of weaponized spear-phishing emails to key individuals in over 100 organizations in countries including the US and the UK. According to Microsoft: “The emails were highly targeted, using social engineering lures relating to Microsoft, Amazon Web Services (AWS)… In some of the lures, the actor attempted to add credibility to their malicious messages by impersonating Microsoft employees.”