phishing – CIO.works

Ransomware and Phishing Still Drive Data-Security Incidents, But AI’s Shadow Looms

By CIO / Blog / threats, ransomware, phishing, AI

The 12th annual Data Security Incident Response Report by law firm BakerHostetler reveals that ransomware demands averaged $4.24 million last year, rising 70%, while phishing caused 30% of data-security incidents. The report highlights AI's growing role in cyberattacks, evolving beyond phishing enhancement to sophisticated social engineering and automated hacking, signaling a significant shift in the cybersecurity landscape.

https://www.digitaltransactions.net/ransomware-and-phishing-still-drive-data-security-incidents-but-ais-shadow-looms/

The Biggest Catch: How Whaling Attacks Target Top Executives

By CIO / Blog / social engineering, phishing

Whaling attacks target senior executives for high-value cybercrime, often using phishing tactics. Executives are vulnerable due to their busy schedules, online visibility, and access to sensitive information. Attackers typically gather personal information to craft convincing scams, potentially leading to significant financial loss and reputational damage. AI amplifies these threats by enabling easier impersonation and data harvesting. Organizations can mitigate risks through tailored training and robust security protocols, including stricter fund transfer approvals and implementing a Zero Trust approach.

https://www.welivesecurity.com/en/business-security/big-catch-how-whaling-attacks-target-top-executives/

Phishing, Privileges and Passwords: Why Identity Is Critical to Improving Cybersecurity Posture

By CIO / Blog / cybersecurity, password, authentication, phishing

TLDR: Identity is crucial in cybersecurity; breaches at M&S and Co-op highlight vulnerabilities. Modern attacks exploit cloud and remote work. Protect identity through least privilege access, strong passwords, MFA, and active account management. Embrace Zero Trust and managed detection response for security.

https://www.welivesecurity.com/en/business-security/phishing-privileges-passwords-identity-cybersecurity-posture/

Dangerous Invitations: Russian Threat Actor Spoofs European Security Events in Targeted Phishing Attacks

By CIO / Blog / phishing, cybersecurity

Summary: Russian threat actors are targeting organizations via phishing attacks that impersonate legitimate European security events, using Microsoft 365 OAuth and Device Code workflows to steal credentials. Techniques include rapport-building conversations, fake professional websites, and communication through messaging apps. Notable campaigns include the Belgrade Security Conference and Brussels Indo-Pacific Dialogue, with attackers expanding their target lists through responses. Indicators and investigative assistance are offered for potential victims.

https://www.volexity.com/blog/2025/12/04/dangerous-invitations-russian-threat-actor-spoofs-european-security-events-in-targeted-phishing-attacks/

Microsoft Teams Phishing Attack Alerts Coming to Everyone Next Month

By CIO / Blog / phishing, Microsoft

Microsoft Teams phishing alerts will be available for all Microsoft 365 customers by mid-February 2025. This feature, designed to protect against brand impersonation attacks from external senders, will automatically detect phishing attempts and prompt users with warnings. Admins do not need to configure this, and they can also monitor detected attacks via audit logs. Until then, users are advised to disable external access if unnecessary, or allow specific domains to reduce risk.

https://www.bleepingcomputer.com/news/security/microsoft-teams-phishing-attack-alerts-coming-to-everyone-next-month/

Business Email Compromise (BEC)

By CIO / B / social engineering, phishing, email

Cybercrime targeting organizations; attackers exploit email to impersonate executives, suppliers, or partners, deceiving victims into transferring funds or sharing sensitive data. Methods include phishing, social engineering, and account compromise. Preventive measures: strong authentication, employee training, and email filtering.