By Ashwani Mishra, Editor-Technology, 63SATS
The cybersecurity landscape in 2024 has seen alarming developments, with phishing attacks surging by 202%, as highlighted by SlashNext. Credential phishing has risen by 703%, with users facing weekly threats across multichannel platforms, signaling a shift beyond email-based tactics. Meanwhile, U.S. government officials are urged to adopt stricter mobile usage practices following telecom breaches linked to Chinese hackers, emphasizing the vulnerabilities of communication channels.
Notable incidents include Netflix being fined $5 million by Dutch regulators for inadequate data transparency, and the discovery of MiyaRAT, a new malware used by the Bitter cyberespionage group targeting Turkish defense. Additionally, an app masquerading as a BMI calculator was exposed as an infostealer on the Amazon Appstore. In another breach, Brighton Jones revealed an email phishing attack that compromised sensitive consumer data.
These incidents underscore the urgent need for robust cybersecurity measures across industries and platforms.
Phishing Attacks Soar: 202% Increase in 2024
Cybersecurity experts report a 202% rise in phishing messages in the latter half of 2024. SlashNext’s report highlights a staggering 703% surge in credential phishing attacks, with users facing an average of one phishing attack per mailbox weekly.
Mobile users are hit with up to 600 threats annually, signaling a shift to multichannel phishing. Alarmingly, 80% of malicious links are zero-day threats, evading traditional detection methods.
U.S. Urges Officials to Drop Calls After Telecom Breach
Following breaches at major U.S. telecom firms linked to Chinese hackers, the Cybersecurity and Infrastructure Security Agency (CISA) has advised senior government officials to review mobile usage practices.
CISA’s guidance includes adopting best practices to secure mobile communications amidst rising cyber threats.
Netflix Fined $5M by Dutch Regulator Over Privacy Failures
The Dutch Data Protection Authority fined Netflix €4.75 million ($5 million) for failing to adequately inform users about data practices from 2018-2020.
Stemming from a complaint by the privacy nonprofit NOYB, the fine highlights deficiencies in Netflix’s transparency, despite recent updates to its privacy policies.
Bitter Cyberespionage Group Deploys New Malware
The ‘Bitter’ threat group, active since 2013, is targeting Turkish defense organizations with MiyaRAT, a new malware family. MiyaRAT, used alongside WmRAT, indicates a selective approach, aimed at high-value targets.
Proofpoint reports this South Asian group has consistently focused on governments and critical sectors across Asia.
BMI App Turns Out to Be Data-Stealing Malware
A seemingly harmless BMI calculator app, “BMI CalculationVsn,” was found to be malware capable of screen recording, text theft, and app monitoring.
Spotted on Amazon Appstore by McAfee, the app masqueraded as a BMI tool but evolved into an infostealer. Although removed from the store, evidence suggests ongoing development.
Brighton Jones Data Breach Exposes Sensitive Data
Wealth management firm Brighton Jones has revealed a data breach caused by an email phishing attack. The breach exposed names, Social Security numbers, and driver’s license information.
The company is notifying affected individuals and investigating the incident further. Founded in 1999, Brighton Jones offers financial planning and investment services.