News & Press

New research from NCC Group and Abnormal Security shows clouds and a bit of silver to line them: Ransomware attacks declined last year, but business email compromises increased — massively for smaller businesses — and a third of toxic emails got through their human gateways.

The latest Abnormal research found that between July–December 2022, the median open rate for text-based business email compromise (BEC) attacks was nearly 28%.

Recorded business email compromise (BEC) attacks increased by more than 81% during 2022 and by 175% over the past two years, with open rates on malicious emails also surging, according to Abnormal Security.

Abnormal Security describes a business email compromise (BEC) gang it calls “Firebrick Ostrich” that performs third-party reconnaissance attacks in the service of subsequent business email compromise (BEC) attacks. The

The so-called Firebrick Ostrich threat group has become one of the leading perpetrators of business email compromise attacks, or BEC, where scammers try to trick employees into sending money or confidential information via email.

2023 Seceon Prediction One: The emergence of cloud-native security solutions to protect cloud-based systems and applications.

Business email compromise attacks date back a decade, and they are certainly not going away. But the methods of attack are definitely evolving. Where once threat actors would impersonate an executive to run their scams, now, they’re turning to financial supply chain compromise tactics.

The group's wanton attacks demonstrate that business email compromise is everything a hacker can want in one package: low risk, high reward, quick, easy, and low effort.

A new business email attack threat actor is using a stealth tactic to avoid giveaways of typical social engineering attacks. Learn the best defense for protecting your company.

Schools in Tucson, Arizona, and Nantucket, Massachusetts, are dealing with cyberattacks as U.S. schools continue to face a barrage of threats in the first weeks of 2023.

Security researchers have warned of a highly successful new business email compromise (BEC) group that has targeted hundreds of victims in the past two years using fairly unsophisticated techniques.

Abnormal Security describes a business email compromise (BEC) gang it calls “Firebrick Ostrich” that performs third-party reconnaissance attacks in the service of subsequent business email compromise (BEC) attacks.

Abnormal Security is revolutionizing cloud email security with its behavioral AI-based platform. Using machine learning, the platform detects and stops sophisticated inbound email attacks and dangerous email platform attacks that traditional solutions often miss. The anomaly detection engine analyzes the risk of every cloud email event, preventing inbound email attacks, detecting compromised accounts, and remediating emails in milliseconds, all while providing visibility into configuration drifts across your environment.

OpenAI’s ChatGPT conversational artificial intelligence tool is capable of doing many things, with users demonstrating how it can write essays for students and cover letters for job seekers. Cybersecurity researchers have now shown it can also be used to write malware.

The top-heavy nature of the ecosystem means that disruptive action like what was announced on Thursday has a significant impact overall, according to Abnormal Security’s Crane Hassold.

The US Department of Justice hacked into Hive's infrastructure, made off with hundreds of decryptors, and seized the gang's operations.

The US Department of Justice says that a joint US and European operation has taken down the notorious Hive ransomware gang.

Authorities in the United States and Europe have announced the results of a major law enforcement operation targeting the Hive ransomware.

Earlier today, the FBI seized the Hive ransomware gang’s dark web website as part of a “coordinated law enforcement action” alongside the Secret Service and other European enforcement agencies.

One of the most notorious ransomware groups that has wreaked havoc across the world has gone dark for now.

Abnormal Security released research Thursday morning on phishing attacks purporting to be from internal HR departments with policy updates in the new year.

Researchers on Thursday reported on multiple campaigns they have stopped in which threat actors used HR policy announcements and benefits updates to start off 2023 to lure victims and steal employees credentials.

Mobile carrier T-Mobile disclosed a data breach yesterday that affects around 37 million postpaid and prepaid customer accounts, SecurityWeek reports.

As the new year begins, companies and their employees should be aware of a new type of phishing attack that is targeting the human resources department.