This Week - UK businesses faced over 750,000 cyber attacks each last year

Welcome to Infosec K2K’s Weekly News Update! As technology continues to advance, so do the risks associated with it. At Infosec K2K, we’re committed to protecting the keys to your kingdom and keeping you informed. Every week, we gather the latest news and insights on cyber threats, data breaches, and other essential topics in the world of cyber security.

In The News This Week

Fake CAPTCHA pages spiked towards the end of 2024

The number of fake CAPTCHA attacks surged towards the end of last year, with cases nearly doubling from October to December. Research by ReliaQuest has found that cyber criminals are increasingly using fake CAPTCHA pages that appear to be from sites like 谷歌 , but are tricking users into running malicious scripts. Victims are then prompted to paste hidden commands, and install malware on their devices such as Lumma Stealer. High-profile groups like APT28 have already targeted governments using this tactic.?

Find out more on ITPro : https://www.itpro.com/security/cyber-crime/fake-captcha-attacks-surged-in-late-2024-heres-what-to-look-out-for?

German research institute reveals it was hit by ransomware attack

The Fraunhofer IAO , a research institution based in Stuttgart, Germany, has revealed it was hit by a ransomware attack on the 27th December. Although the institute mainly deals with anonymised research data, some people’s personal information may have been exposed. Fraunhofer has contacted IT experts and authorities, and assured that any affected individuals will be notified. The incident follows past attacks on the institute, and highlights the growing threat to research institutions around the world.?

Find out more on Tech Monitor : https://www.techmonitor.ai/technology/cybersecurity/germany-fraunhofer-iao-ransomware-attack-investigation?

Data breach exposes locations of 800,000 VW EVs across Europe

A data breach exposed the locations and personal details of 800,000 大众 EV owners across Europe. Unprotected data from vehicles, including the VW ID.3 and ID.4 models, was accessible in an 亚马逊 cloud for several months last year. The breach, which was caused by a security lapse at a VW subsidiary, impacted several countries, and Germany was the hardest hit. The issue was quickly resolved following a tip from a whistleblower, but has raised concerns surrounding vehicle data security across the EU.

Find out more on Fleet Europe : https://www.fleeteurope.com/en/connected/europe/features/huge-data-leak-reveals-location-800000-vw-evs-across-europe?

Critical infrastructure has been hit by over 2,000 ransomware attacks since 2013

Temple University ’s Critical Infrastructure Ransomware Attacks (CIRA) database now documents over 2,000 ransomware attacks on critical infrastructure organisations since 2013 - and this includes nearly 300 incidents just last year. The database is maintained by Professor Aunshul Rege and Rachel Bleiman, and tracks sectors like government, healthcare, and education as top targets. The nuclear and water sectors, however, remain least affected. Ransom demands have also increased significantly, with criminals frequently demanding over $5 million.?

Find out more on SecurityWeek : https://www.securityweek.com/universitys-critical-infrastructure-ransomware-attack-tracker-reaches-2000-incidents?

The Stats This Week

8,500 Casio customers had their data exposed

CASIO International has revealed that a ransomware attack in October last year exposed the data of 8,500 individuals, including employees, business partners, and customers. The Underground ransomware gang has claimed responsibility, and is threatening to release stolen files. The exposed data includes employees’ personal details, partner business information, and limited customer data, although no credit card information was affected. Casio has declined the ransom demands, and is working with law enforcement and security experts. Most services have now been restored.

Find out more on BleepingComputer : https://www.bleepingcomputer.com/news/security/casio-says-data-of-8-500-people-exposed-in-october-ransomware-attack/?

UK businesses faced an average of 753,341 cyber attacks each last year

In 2024, UK businesses encountered an average of 753,341 attempted cyber-attacks each. This figure is a 4% increase from 2023, marking 2024 the worst year on record for cyber threats, according to Beaming Ltd . IoT devices, including security cameras and industrial systems, were the prime targets, and faced over 161 attacks each day. Web applications, remote desktops, and databases also faced significant threats. Analysts traced a quarter of the attacks to China, as well as India and the USA. Despite the rising number of threats, improved defences have limited the amount of major disruptions.

Find out more on DIGIT.FYI: https://www.digit.fyi/uk-cyber-attack-statistics-2024/?

Phishing click rates increased by 190% in 2024

Phishing click rates rose sharply last year according to research by Netskope , with 8 in 1000 users clicking malicious links each month. Cloud apps were the top targets (27%), particularly 微软 (42%), as attackers aimed to sell compromised accounts for business email compromise and data theft. Web-based phishing sources like search engines and shopping sites also surpassed email as the primary entry points for cyber criminals. Meanwhile, the workplace adoption of generative AI apps has reached 94% - security controls are improving, which is reducing the risks of using GenAI.

Find out more on Infosecurity Magazine :

https://www.infosecurity-magazine.com/news/phishing-click-rates-triple/?

Thoughts from Infosec K2K

Last year saw a surge in cyber attacks, with UK businesses encountering a staggering 753,341 malicious attempts each. IoT devices were a primary target, facing over 161 attacks daily, as hackers exploited vulnerabilities in security cameras, industrial automation systems, and printers. These attacks emphasise the importance of securing endpoints and using IAM solutions to give your organisation more control over who can access your network and your data. IAM and zero-trust principles can help to deal with these kinds of threats and protect your business.

Research by Beaming found that cyber attacks are now occurring every 42 seconds. The rise of both automated and AI-driven threats means that modern businesses need to take a more proactive approach to security. At Infosec K2K, we advise using IAM solutions to limit who has access to your sensitive systems based on user roles, device trust levels, and real-time threat detection. Remote IoT devices should be integrated into your IAM frameworks in order to make sure that only approved users and devices are able to interact with critical infrastructure.

As hackers are increasingly turning AI to automate their attacks, businesses need to evolve to meet this challenge. We recommend using AI-enhanced IAM tools that can detect anomalous user behavior, helping you to stop unauthorised access attempts. Regular auditing and real-time monitoring of your network can also ensure that you comply with regulations and find any hidden vulnerabilities. By adopting these strategies, you can help protect your business from the rising number of cyber threats.

Read more on Beaming Health : https://www.beaming.co.uk/cyber-reports/2024-was-worst-year-on-record-for-cyberattacks-on-uk-businesses/?

—

Got questions about this week’s news? We’re here to help! Learn how best to bolster your cyber security defences by getting in touch with our expert team at Infosec K2K.?

Stay updated on all things #CyberSecurityNews when you subscribe to our weekly newsletter by clicking 'Subscribe' at the top of this page!