This week, we’ve seen some big headlines in terms of cyber news, including ransomware skyrocketing and some concerning healthcare-related cyber trends. Check out our top stories from this week:
Ransomware and BEC Make Up 60% of Cyber Incidents
Infosecurity Magazine has reported that ransomware and BEC attacks accounted for 60% of all incidents in the second quarter of 2024, according to a Cisco Talos report. Technology is the most heavily targeted industry in this period where attackers view technology firms as “a gateway into other industries and organizations”, reports James Coker, Duputy Editor at Infosecurity Magazine.
The most common initial access method was the use of compromised credentials on valid accounts, which represents a 25% rise on the previous quarter. Coker reports that BEC attacks made up 30% of incidents Cisco Talos engaged with from April to June 2024.
See what Bolster Research uncovered about the state of phishing and trends from the first half of 2024.
Proofpoint Settings Exploited Results in Millions of Phishing Emails Sent Daily
On July 29th, a massive phishing campaign dubbed “EchoSpoofing” was identified to be exploiting a security gap in Proofpoint’s email protection service to dispatch millions of spoofed emails impersonating big entities like Disney, Nike, IBM and Coca-Cola, to target Fortune 100 Companies.
The campaign started in Jan 2024, disseminating an average of 3 million spoofed emails daily and reaching a peak of 14 million emails in early June. The emails were designed to steal sensitive information and incur unauthorized charges. In a report by the Proofpoint Threat Research Team, the company says that they have been monitoring this campaign since March and have reached out to customers with permissive settings to help them secure the configuration of their accounts.
Pharma Giant Cencora Alerts Millions about its Data Breach
Cencora has notified over a million people in the U.S that their personal and protected health information was compromised in a data breach earlier this year, reports Zach Whittaker from TechCrunch.
The pharma giant has made no comment regarding what led to the data breach nor any confirmation as to the number of individuals harmed by the breach. Although the number of affected individuals has yet to be revealed, the February ransomware attack on UnitedHealth’s health tech subsidiary, Change Healthcare, likely stands as one of the largest health-related data breaches in U.S. history, likely at least 100 million U.S. residents.
Cencora, for its part, has said that its data breach had “no connection” to the ransomware attack and data breach at Change Healthcare.
Apple Intelligence is Marking Phishing Scams as Priority Emails
Apple Intelligence is falling for one of the oldest scams in the book, phishing emails. The tech giant’s AI software meant to help users of the Mail provider more easily filter through priority emails, has reportably been flagging phishing emails as “primary”, sending them to user’s most important inbox.
In Tom’s Guide, Josh Render reports that if AI is pushing scam emails, it could increase the number of people who fall for them, leading to losing access to accounts or considerable amounts of money.
Generally, it is relatively easy to spot scams, but “the AI pushing them adds a new layer of legitimacy that could trick many people,” Render writes. Given that Apple Intelligence is still in beta, issues like these can still be resolved. Given that AI is designed to make technology accessible, Apple will need to solve this issue before the official release of Apple Intelligence.
Stay up to Date to Protect Your Online Security
Tune into our Bolster news round ups every few weeks to get the latest security news insight and attack details. With better knowledge comes better planning, so be sure to catch the latest global cyber happenings to help arm your business against new and evolving threats.
Check out CheckPhish, our free URL scanner and community hub, for more cyber security conversation and resources.
