At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    CyberheistNews Vol 15 #19 [Heads Up] Talos Report Shows Phishing Attacks Surged in Q1 2025

    alos Report Shows Phishing Attacks Surged in Q1 2025Stu Sjouwerman SACP

    Phishing was the initial access vector in 50% of attacks during the first quarter of 2025, according to a new report from Cisco Talos.

    “Threat actors used phishing to achieve initial access in 50 percent of engagements, a notable increase from less than 10 percent last quarter,” Talos writes.

    “Vishing was the most common type of phishing attack seen, accounting for over 60 percent of all phishing engagements, though we also observed malicious attachments, malicious links, and business email compromise (BEC) attacks.

    “Adversaries predominantly leveraged phishing to gain access to a valid account, pivot deeper into the targeted network, and expand their foothold, contrasting other phishing objectives we have seen in the past such as eliciting sensitive information or monetary transfers.”

    Additionally, ransomware surged by 20%, accounting for half of Talos’s engagements in Q1 2025. A single campaign using the BlackBasta and Cactus ransomware made up 60% of these ransomware incidents, targeting manufacturing and construction organizations. These attacks began with voice phishing (vishing) attempts that trick employees into granting access.

    “The attack chain we observed begins with the threat actors flooding users’ mailboxes at targeted organizations with a large volume of benign spam emails,” Talos explains. “After a few days, the actors call the victim, usually via Microsoft Teams, and direct them to initiate a Microsoft Quick Assist remote access session, helping them with the installation of the program if not already present on the user’s system.”

    Once the attacker gains access, they establish persistence, escalate privileges, and move laterally before deploying the ransomware.

    Talos recommends user awareness training as a layer of defense against these types of social engineering attacks.

    FAIK Everything: The Deepfake Playbook, Unleashed

    Brace yourself for a mind-bending journey into the world of digital deception! Generative AI is unleashing deepfakes so dangerously convincing they can manipulate even your most vigilant defenders. These aren’t just Hollywood special effects anymore — they’re the latest weapon in the cybercriminal’s arsenal, already targeting your organization’s vulnerabilities!

    Join us for this heart-stopping webinar where Perry Carpenter, KnowBe4’s Chief Evangelist and Strategy Officer, rips the mask off the alarming rise of AI-powered social engineering. Whether you’re a security leader, red teamer, risk manager or anyone responsible for keeping your organization safe in this brave new world, this session is your ticket to staying ahead of the curve.

    In this eye-opening webinar, you’ll witness:

    • Exclusive, jaw-dropping demos of deepfake tech in action — including video impersonations, voice cloning, and synthetic crisis scenarios
    • Analysis of recent high-profile cases where synthetic media has been weaponized
    • An insider look at the AI deception tools and techniques being deployed by sophisticated threat actors today
    • “Adversarial thinking” strategies to identify your most vulnerable attack surfaces
    • Organizational strategies to build resilience against narrative manipulation at scale

    Don’t let your organization become the next victim of a deepfake disaster! Attend this webinar and arm yourself with the knowledge to outsmart even the most convincing AI tricksters and earn CPE credit for attending!

    Date/Time: TOMORROW, Wednesday, May 14 @ 2:00 PM (ET)

    Can’t attend live? No worries — register now and you will receive a link to view the presentation on-demand afterward.

    Save My Spot:
    https://info.knowbe4.com/faik-everything?partnerref=CHN2

    Warning: Phishing Campaign Imp

    Sign Up to the TIO Intel Alerts!

    Back To Top