Unique Ways to Reduce Security Spend Without Compromising Security

You have a lot going on, so join the thousands of other leaders, let me do the work, and provide you with curated cybersecurity content. It would be my honor to do so.

NOTES: If you want to ensure you get this newsletter every week, please add my "from" address to your contact list. If you would like to Unsubscribe scroll to the bottom and select "unsubscribe". Thank you.

In this week's edition:

• Cyber Stats - Top 10 ransomware variants

• Early Warning - 5 Most Common Phishing Attacks

• Cyber Quote - Cybersecurity Quote by Gene Spafford

• Free Cybersecurity Resources - eBooks, tools, apps & services

• Trending Story - 7 Ways to Reduce Security Spend without Compromising Security

• Cybersecurity News Highlights

• Cyber Scam of the Week - Phishing with Image

• Social Posts of the Week

Cyber Stats

List of the top 10 ransomware variants by reported damage along with a brief description of each:

1. Sodinokibi (REvil): A ransomware-as-a-service (RaaS) operation that has been active since April 2019. It is known for its high ransom demands and has been used in several high-profile attacks.

2. Conti V2: A ransomware strain that is known for its use of double extortion tactics. It has been used in several high-profile attacks and is believed to be operated by a Russian-speaking group.

3. Lockbit: A ransomware strain that is known for its use of automation and self-propagation techniques. It has been used in several high-profile attacks and is believed to be operated by a Russian-speaking group.

4. Clop: A ransomware strain that is known for its use of double extortion tactics. It has been used in several high-profile attacks and is believed to be operated by a Russian-speaking group.

5. Egregor: A ransomware strain that is known for its use of double extortion tactics. It has been used in several high-profile attacks and is believed to be operated by a Russian-speaking group.

6. Avaddon: A ransomware-as-a-service (RaaS) operation that has been active since June 2020. It is known for its high ransom demands and has been used in several high-profile attacks.

7. Ryuk: A ransomware strain that is known for its use of automation and self-propagation techniques. It has been used in several high-profile attacks and is believed to be operated by a Russian-speaking group.

8. Darkside: A ransomware strain that gained notoriety after the Colonial Pipeline attack in May 2021. The group behind the attack claimed to have shut down the pipeline’s operations and demanded a $4.4 million ransom payment.

9. Suncrypt: A ransomware strain that was first discovered in May 2021. It is believed to be operated by a group called “Gold Winter” and has been used in several high-profile attacks.

10. Netwalker: A ransomware strain that was first discovered in August 2019. It is known for its use of double extortion tactics and has been used in several high-profile attacks.

Sources: cybertalk.org, getastra.com, csoonline.com, and fortninet.com.

Early Warning - 5 Most Common Types of Phishing Attacks

Phishing attacks are one of the most common types of cyberattacks. Here are some of the most common types of phishing attacks:

1. Spear phishing: This is a targeted attack that is directed at a specific individual or group.

2. Whaling: This is a type of spear phishing that targets high-level executives.

3. Clone phishing: This is when an attacker creates a fake copy of a legitimate email.

4. Pharming: This is when an attacker redirects traffic from a legitimate website to a fake one.

5. Vishing: This is when an attacker uses voice communication to trick victims into giving up sensitive information.

Sources: Panda Security

Cyber Quote

Free Resources

• eBook: "9 Things Leaders Should Know About Cyber Insurance"

• CSO Online: "The CSO guide to top security conferences"

• CISA Releases ESXiArgs Ransomware Recovery Script

• SANS Security Policy Templates

• Web Security Academy - Free, online web security training

• CISA - Free Cybersecurity Tools and Services

• At Bay - Free Cyber Risk Calculator

Trending Story

Other Bytes

Cyber Scam of the Week

Phishing with Images

Cybercriminals use images in phishing emails to impersonate real organizations. By using images like official logos and promotional materials, cybercriminals hope to trick you into thinking the email is legitimate.

In a recent scam, cybercriminals have been spoofing Delta Airlines to try to steal sensitive information. The body of the email consists of one large image. The image includes Delta's logo, a photograph of one of their planes, and an image of a gift card. The email has a message promising a gift card if you act fast and click the image. After clicking the image, you’ll be redirected to a malicious website with a login page. If you enter your login credentials, cybercriminals will have access to your sensitive information.

Follow the tips below to spot similar scams:

• Before you click a link, always hover your mouse over it. Make sure that the link leads to a legitimate, safe website that corresponds with the content in the email.

• If an offer sounds too good to be true, it probably is. Verify any offers of discounts or promotions by contacting the organization directly.

• Remember that this type of attack isn’t exclusive to Delta Airlines. Cybercriminals could use this technique to exploit any airline in any country.

This time of year, it is more important than ever to Think Before You Click!

This Cyber Scam is provided by our sponsors: Netsync & KnowBe4

Cybersecurity Social

Just a couple of interesting social posts