In the rapidly evolving digital landscape, no entity is immune to the pervasive threat of cyberattacks. The security breach at MGM Resorts highlights the vulnerability of even massive organizations. As we reflect on this incident, several key lessons emerge. These lessons urge us to reassess our approach to cybersecurity as we navigate the complexities of the year 2024. The MGM Breach: A Closer Look  MGM Resorts, a prominent casino chain with a global footprint, fell victim to a cyberattack that disrupted its operations for several days. The attackers employed sophisticated social e ..read more

SMiShing Attacks in the News In February 2024, 19.2 billion spam texts bombarded U.S citizens according to a recent report. As annoying as spam texts are, they are not always malicious. Some spam texts are from legitimate businesses, albeit unauthorized, looking for new ways to connect with their customers. However, lurking within those daily spam texts is a more sinister threat; SMiShing texts. SMiShing texts have the specific purpose of tricking recipients into revealing personal/financial information and/or downloading malware to their phone. Bad actors are taking full advantage of our r ..read more

Discover Your Vulnerabilities Before Hackers Do! In this fast-paced world, staying ahead of hackers and attackers is vital. Our personal and company’s security are more important than ever. For this blog, let’s look at the latter. Company security encompasses various things. Because of that, let’s narrow our focus to social engineering for this discussion. Malicious social engineers utilize human vulnerabilities to take advantage of your company and its data. Social engineering was behind many of the major breaches in 2023, and we continue to see this through to today. How can you discover ..read more

Cyber security isn’t just about computer systems and networks, the people who use these technologies also play an important role. Most ransomware attacks begin with the human factor – social engineering. A recent threat monitor assessment indicates that nearly one-third of employees fall victim to social engineering attacks. Malicious actors exploit human emotions to lure the unsuspecting victim into sharing sensitive personal or professional data. These scams are usually all over the news and most people are familiar with these attacks. So, why are they still effective? Let’s explore some of ..read more

Two trends are currently making waves in the cybersecurity landscape: Vishing attacks and AI. Vishing (or voice phishing) is on the rise, becoming increasingly sophisticated and harder to detect. One of the reasons for the increasing level of sophistication is the large amount of information available for cybercriminals to gather. Social media sites such as LinkedIn often provide attackers with the target company’s full organizational structure, including employee names, positions, work histories, and social connections. Information they then use to create credible and compelling pretexts. AI ..read more

In today’s complex digital landscape, where corporations are constantly navigating the ever-expanding realm of cyber threats, one danger often underestimated is that which comes from within—the insider threat. Despite the prevailing notion that external hackers are the primary perpetrators of security breaches, insiders, or employees within an organization, can pose a significant risk. In this article, we will delve deeper into the realities of insider threats, exploring how they exploit companies, their employees, and the profound effects they can have on a corporation, both financially and o ..read more

In 2023, generative Artificial Intelligence (AI), such as ChatGPT, took center stage in the technology world. While it has many useful applications within the security community, it also raises serious concerns. Specifically, how the rapid development of ChatGPT jailbreaking and malicious generative AI like WormGPT and FraudGPT could enable cybercriminals to create sophisticated phishing attacks at greater speed and scale. This concern is well founded, as phishing attacks continue to be one of the biggest cybersecurity threats facing organizations today. Consider two recent reports. The Anti ..read more

Cyber attacks became the top-rated risk since 2020 and have become a prevalent threat across public and private sectors. Attackers continue to find new ways to breach security defenses, steal valuable data, and disrupt operations. According to the FBI there are over 4,000 cyber attacks per day. For the constraints of this blog, we’ll take a look at some of the most notable cyber attacks of 2023. January: Twitter The criminal hacker who goes by the name ‘Ryushi,’ initially demanded $200,000 to hand over or delete the stolen information. A week later – after presumably being rebuffed by Twitter ..read more

It’s 7:30pm and you’re finally leaving the office. On your way out, you notice an unknown person, in one of your company’s conference rooms with three laptops open. This is not a scenario that any CEO would wish to have. However, it’s exactly what happened to Dr. Samuel Straface, the CEO for Medrobotics. There is no record of the intruder, Dong Liu, in the Medrobotics visitor log. He apparently tailgated his way through the front door and blended in with the rest of the staff. It illustrates a point we often make, “looking the part,” whether it’s posing as an employee, vendor, or delivery serv ..read more

Vishing attacks were prominent in Q4 2022, increasing 142% from Q3 2022 according to the February 2023 Trellix Threat report. Vishing or “voice phishing” is the act of making fraudulent phone calls to manipulate a person. Attackers will target sensitive information that can lead to a data, network, or financial breach. When malicious actors call, they often employ social engineering tactics to trick their targets. They may pose as an authority figure, technician, or fellow employee. Such was the case for Twitter in the summer of 2020. Impersonating as internal Twitter employees, attackers made ..read more