A quick Saturday digest of cybersecurity news articles from other sources.
73% of Organizations Affected by Ransomware Attacks Globally in 2023, According to Statista
According to statistics company Statista, the annual share of organizations affected by ransomware attacks is nearly three-quarters (72.7%). That’s up only slightly from last year’s 71%, but is a significant 31% increase when compared to just five years earlier.
What’s also interesting is comparing the percentage of organizations impacted against the number of annual ransomware attempts globally. In 2022, there was a material drop in the overall number of attacks, and yet, referring back to the graph in the blog post, the percentage of organizations affected actually rose. More…
With Expected Increases of Holiday Sales Comes Similar Expectations of More Cyber Scams
If increases in cyber attacks this year are any indication of what to expect in the next six weeks of holiday shopping, we should expect a massive uptick in holiday-related scams.
The expectation by the National Retail Foundation for this year’s holiday shopping is that we will see 4% more spending than last year. This is a slight year over year decrease (as last year saw a 5.4% increase over 2021), but still indicates increases in spending.
And all that spending means lots of time spent online, checking emails, looking for packages that haven’t arrived yet, and charitable opportunities for those in the giving spirit — just what cyber scammers are planning on taking advantage of.
Whether we’re talking about specific notable holiday dates like Black Friday, Cyber Monday and Giving Tuesday or are simply realizing that these days more reflect the general spending and giving mood this time of year, the opportunities for cyber scams will once again abound.
Some of the general themes to warn your users against:
- Holiday specials (that are too good to be true)
- Shipping issues with one of “your” packages
- Fake invoices or notifications for purchases you actually never made
- Heavily discounted gift cards (see “Holiday Specials” above)
- Fake charity websites and emails seeking your donations
In all these scams, the first step is to check to see if the brand claimed within the email or website (e.g., Amazon, UPS, Apple, etc.) is legitimate by looking at the sender address in emails and the URL of any involved websites.
Second, you can further put a potential scam to the test by going to the known-good domain for the claimed brand and validating the claim made in the scam (e.g., visiting Amazon’s official website and looking at your orders to see if that invoice for a $3500 105″ TV is really a purchase on your account).
There will no doubt be plenty of other scam themes I haven’t listed above; the important thing is to remain vigilant and err on the side of caution, believing any exceptional good or bad news related to the holiday season is assumed to be a scam first until proven to be legitimate.
Blog post with links:
https://blog.knowbe4.com/holiday-sales-cyber-scams-increase
CISA urges water facilities to secure their Unitronics PLCs
News that Iran-affiliated attackers have taken over a programmable logic controller (PLC) at a water system facility in Pennsylvania has been followed by a public alert urging other water authorities to immediately secure their own PLCs.
DEC
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com