Incoming Cyber Threats: What To Watch Out For
Thanks to the ever-evolving nature of our industry, it can be incredibly difficult to stay on top of the latest cyber security trends and avoid falling victim to an attack. The last 12 months in particular carried a great deal of change for the world of cyber security and the pace of change isn’t set to slow anytime soon. We are likely to see an uptick in cybercrime as malicious actors come up with new ways to attack businesses both large and small. To help our fellow cyber security professionals with their strategies for the year ahead, we’ve highlighted some of the key threats we believe you should be keeping an eye on over the next 12 months…
Phishing
The number of phishing attacks is growing, and the methods that criminals use are becoming increasingly sophisticated. Thanks to the accessibility of artificial intelligence, these attacks are also becoming easier to launch on a much wider scale, making phishing scams more accessible to even the least educated cyber criminal. Last year, the cyber security company SlashNext revealed they’d been tracking phishing attacks for six months and had found more than 255 million attacks – a 61% increase when compared to the same six months in 2021. What’s more, phishing attacks no longer solely rely on targeting emails – they’ve also been carried out over SMS messages, WhatsApp, and even platforms like Slack and Microsoft Teams. A report by Acronis found that phishing attacks accounted for 76% of all cyber attacks in 2022 – and they estimated that the average cost of a data breach could reach $5 million (£4.1 million) this year.
At Infosec K2K, we can work with you and your business and help you to adopt cyber security best practices that can actively prevent phishing attacks. We take a proactive approach, and offer assessment services, identifying any gaps in our customers’ defences and offering them recommendations. From policy development and incident response, all the way to implementing a tailored cyber security management framework, our consultants can help you. They’re trained to meet the varying needs of our global customers, so no matter what industry you’re in, or the size of your business, we’ll do everything we can to keep you and your organisation secure.
Malware-as-a-Service (MaaS)
Despite the decline in malware attacks we saw back in 2020, this classic method of cyber attack is on the rise once again. The cyber security company Acronis expects global ransomware damages to exceed $30 billion this year (that’s around £24.9 billion). This rise in popularity is largely down to the success of the MaaS industry, which makes it easier than ever for malicious actors to get their hands on these kinds of tools.
Leasing out MaaS has become a lucrative source of income for many cybercrime organisations, allowing practically anyone to launch a malware-based attack. In fact, it was revealed by the Atlas VPN research team that some of the most damaging ransomware tools can be bought on the dark web for as little as $66 (£54). Plus, with AI tools becoming more and more popular, ransomware attacks can now be entirely automated, taking out all of the legwork and making MaaS far more attractive to anyone looking to make a quick buck.
With our managed cyber security services, we can keep your network safe from even the most sophisticated malware-based threats. The experts at our Security Operations Centre (SOC) can monitor your network 24/7, and identify and eliminate any threats before they can do any damage. Running and managing a SOC alongside your business can be challenging, but by outsourcing your managed cyber security services to us, we can save you time and money – and ensure no cyber threat goes unnoticed by alerting you of any incidents.
Business Email Compromise Attacks (BEC)
Business email compromise (BEC) attacks are on the rise – and they are expensive. These attacks alone resulted in over $43 billion (£35 billion) in losses between June 2016 and December 2021. They’re targeting businesses of all sizes, too – one of the biggest BEC scams targeted Facebook and Google between 2013 and 2015, in which they lost over $121 million (£98 million). BEC attacks target companies by using fake domains or impersonating trusted email addresses, and while in the past these scams typically targeted high-level executives, they’re increasingly being sent to mid-level employees instead.
One of the best ways to avoid these kinds of attacks is by always checking the email address if an email seems suspicious. Criminals will do everything they can to make their email seem as legitimate as possible, such as using a ‘1’ or a lowercase ‘L’ in an email instead of an ‘I’. By enabling multi-factor Authentication (MFA), you can also ensure criminals can’t access your email. With our Identity and Access Management services, we can give you the tools and technologies you need to control access to your network, and track users’ activity. Once each user has a digital identity, we can make it easier for you and your IT team to change their role, grant or deny them access privileges, and enforce new security policies, giving you complete control of your network.
Zero-day Attacks
As one of the few attacks that can be carried out entirely undetected right up until the damage is done, the number of zero-day attacks has risen in recent years. Last year it was revealed 40% of the zero-day attacks from the last decade took place in 2021 alone. The most frequently targeted companies are Microsoft, Google, and Apple, but that doesn’t mean the rest of us are safe. One of the most famous – and most damaging – zero-day attacks is the Stuxnet worm, which has since been dubbed ‘the world’s first digital weapon.’ First uncovered in 2010, it was designed to target a vulnerability in Windows computers. It was so impactful that it completely disabled Iran’s nuclear program, infecting roughly 200,000 computers around the world. In recent cases, threat actors have auctioned discovered vulnerabilities, selling them for millions of dollars.
At Infosec K2K, we can help you stay one step ahead of zero-day threats by monitoring your network for potential vulnerabilities. We’ll identify any weaknesses or areas of concern before they become an issue, and with our penetration testing, we’ll ensure your system is watertight. By conducting an internal assessment of your network, we’ll identify any weaknesses that a hacker could potentially breach. As well as identifying any issues, our team will recommend how to address them, so your network isn’t left exposed in the future.
With the cyber security landscape constantly shifting, it can be hard to keep up, but we can help you stay cyber-safe and bolster your cyber defences.
Whether you’re looking for help assessing your organisation’s vulnerabilities, or developing and implementing a full-blown cyber security strategy (with all the support you need to keep it going), we’ve got it all.
Get in touch with us to find out more or get started.