A recent analysis reveals how Scattered Spider’s persistent help desk exploitation cost Clorox $400 million. The analysis reveals Clorox’s operational disruption, and critical steps organizations must take to protect against similar social engineering threats. The cleaning products giant Clorox has sued its IT services partner, Cognizant, alleging that a devastating August 2023 ransomware attack that crippled production and cost the company $380 million in lost revenue was due to the firm’s ne
social engineering (7)
Cyberattacks are escalating in speed, volume, and sophistication. As organizations work to strengthen their defenses, adversaries target their weaknesses: employees susceptible to social engineering and systems lacking modern security controls. Once inside, they act within seconds, stealthily moving across networks to execute attacks.
Crowd Strike has recently provided its 2025 Global Threat Report to cyber professionals. Red Sky Alliance would like to share this excellent report, as it provid
DEV#POPPER is a social engineering campaign that has been tracked recently by the Securonix Threat Research team. Social engineering is a topic we have covered many times, but ultimately what it boils down to is that social engineering attacks are generally geared towards tricking victims into compromising themselves. With that in mind, the primary target for the DEV#POPPER campaign appears to be software developers who are looking for work.
Job interviews can be an effective cover for socia
The Lazarus Group is North Korean state sponsored cybercrime group and they have been credited, in one way or another, with a recent social engineering campaign targeting developers on GitHub. They are said to have been created by the North Korean government as early as 2007 and they are a part of the RGB, which is North Korea’s primary foreign intelligence agency. “Lazarus Group” would appear to be the primary identity of the group, but they do have several aliases such as Appleworm, Group 77
After being in the law enforcement and security profession for over 30 years, I trust very few people. Maybe it’s just me, but I can be really rude on calls whom I don’t know calling my cell phone. I don’t subscribe to being like me, but the barrage of suspicious calls, text messages and emails I currently receive seems to have drastically escalated. All this harassment are social engineering tactics. A recent article in Forbes highlights the need to play as a team.
Social engineering attac
It has been reported that cyber criminals are sending out millions of phishing emails a day, using extortion and other schemes to steal Bitcoin and other cryptocurrencies from victims. The phishing attacks use a variety of techniques to trick people into transferring sums of Bitcoin, including phony requests for charity donations and Business Email Compromise BEC scams.
See: https://redskyalliance.org/xindustry/what-the-heck-is-bec
According to a report by cybersecurity researchers at Proofpoi
Our friends at the US Federal Bureau of Investigation, Office of Private Sector, has recently provided information to private sector partners regarding criminals posing as technology support representatives to obtain personal and financial information.
The culprits gain the trust from victims by impersonating a representative from a legitimate or an illegitimate technology company. They mislead the victims by offering computer services to resolve a range of computer security and operations issu