Macros have long been a favored attack vector for cybercriminals looking to infect devices. In a 2022 study of 35 million pieces of malware on the dark web, 87% used macros to infect devices. Microsoft recognized this risk, and in February, it changed the default behavior of Office to block macros on files originating from…
In information security, technologies change very quickly. Security has a fast cycle of innovation: product builders launch new products quickly, adapting to the needs of the market and cybersecurity defenders, with the expectation that these products and solutions will mature and become widely adopted across various industries over time. Gartner produces annual Hype Cycle reports…
Antivirus solutions and antivirus scanning is the status quo for preventing malware in files. Hackers realize this and have developed techniques for concealing viruses and other malware in complex compound files, such as zip files and archives. While zip files are not inherently dangerous, they have become a favorite format for cybercriminals running phishing campaigns,…
Financial organizations such as banks, credit unions, and insurance companies are the second most likely target for cybercriminals, only behind manufacturing. And, interesting but sobering factoid: when a breach occurs, bank costs are the highest, running 40% higher than all other industries. These costs come from a combination of the sensitivity of data stored by…
Cybercriminals do it for the money. Okay, maybe not all of them but most of them do. In fact, according to the Verizon DBIR, 71% are financially motivated. That was 2019. Fast forward to now, and we see that the 2022 Verizon DBIR notes that 95% of the attacks on Financial and Insurance related organizations…
In the age of rampant security threats, the ever-evolving cybersecurity landscape demands continuous adaptation and innovation. Attacks continue to rise, the associated costs are reaching an all-time high, and cybercriminals are developing increasingly sophisticated attacks. Zero-day threats have become increasingly prevalent, and signature-based detection methods no longer provide the level of protection needed to counter…
The collapse of Silicon Valley Bank (SVB) is one of the greatest collapses since the great depression, coming years to the day after Bear Sterns’ collapse in 2008. Despite the government stepping in to insure deposits, the fall of SVB bank will result in a rush of organizations moving to other banking institutions to preserve…
Hidden threats in files are a constant danger for companies doing business, which has again been highlighted with the announcement by Microsoft of a critical vulnerability. In the announced vulnerability CVE-2023-21716, researchers demonstrated via a proof of concept (PoC) the ability to escalate code embedded in an RTF file with the same privilege as the…
By John Masserini, Senior Research Analyst, TAG Cyber As more and more enterprises move towards modernizing their infrastructures and solidifying their new, post-pandemic business models, unexpected attack vectors have emerged. After decades of throwing network and endpoint-based controls at the problems, we have inadvertently opened brand new delivery mechanisms by which the ever-evolving threat…
