Learn about current spear phishing attacks, specific examples, and techniques the bad guys are currently using so your users don't fall for these attacks.
The US Cybersecurity and Infrastructure Security Agency (CISA) has found that compromise of valid accounts and spear phishing attacks were the two most common vectors of initial access in ...
This blog was co-written by KnowBe4's Data-Driven Defense Evangelist Roger A. Grimes and Chief Learning Officer John Just. Social engineering is involved in 70% to 90% of successful ...
The Iranian threat actor Charming Kitten is launching sophisticated spear phishing attacks to distribute a new version of its POWERSTAR malware, according to researchers at Volexity.
Russia’s APT28 (also known as “Fancy Bear” or “BlueDelta”) is using spear phishing to compromise Ukrainian government and military entities, according to researchers at Recorded Future. ...
Cybercriminals still know that the easiest way to successfully infiltrate an organization is through its people.
New data makes it crystal clear that spear phishing is a real problem… and organizations may not properly be prepared to detect and address it.
For years, KnowBe4 has been a long-time proponent of everyone using PHISHING-RESISTANT multi-factor authentication (MFA) whenever possible.
The U.S. and South Korean governments have issued a joint advisory outlining a North Korean phishing campaign, The Register reports. The threat actor, known as “Kimsuky,” is targeting ...
Fighting spear phishing attacks is the single best thing you can do to prevent breaches.
50% of organizations surveyed were victims of spear phishing attacks in the last twelve months, according to a new report from Barracuda. The report also found that, on average, ...
Google’s Threat Analysis Group (TAG) has published a report describing the activities of “ARCHIPELAGO,” a subset of the North Korean state-sponsored threat actor APT43. ARCHIPELAGO’s ...
The Russian-based hacking group Seaborgium is at it again with increased spear phishing attacks targeting US and European countries in the last year.
There is a lot to learn from Reddit's recent data breach, which was the result of an employee falling for a “sophisticated and highly-targeted” spear phishing attack.
Impersonation of users, domains, and brands is on the rise, as is the use of malicious links, in response to security vendors improving their ability to detect malicious attachments.
The UK’s National Cyber Security Centre (NCSC) has described two separate spear phishing campaigns launched by Russia’s SEABORGIUM threat actor and Iran’s TA453 (also known as Charming ...
Researchers at Group-IB are tracking a previously unknown threat actor dubbed “Dark Pink” that’s using spear phishing attacks to target government, military, and religious organizations. ...
Researchers at Check Point have shown that Large Language Models (LLMs) like OpenAI’s ChatGPT can be used to generate entire infection chains, beginning with a spear phishing email. The ...
By Roger A. Grimes. KnowBe4 recommends that everyone use a password manager to create and use strong passwords as a part of their password policy ...
Researchers at ESET warn that a Chinese-speaking threat actor dubbed “MirrorFace” targeted Japanese political organizations with spear phishing emails in the run-up to the Japanese House ...
Security Magazine wrote this week about the recent eye opening SlashNext State of Phishing report. "SlashNext analyzed billions of link-based URLs, attachments and natural language ...
