Cybercrime has never been more prevalent than in 2019, and cybercriminals aren’t going anywhere.
In the past year, cybersecurity breaches have increased by more than 11%. Large companies, governments, financial institutions, and individuals alike find themselves in danger of cyber attacks. The U.S. government alone plans to spend more than $15 billion on cyber security this year. It seems no one is safe.
Being aware of potential cyber security threats is the first step to protect yourself and your customers. Here, we introduce readers to some of the most important types of cyberattacks to prepare for through 2020: mobile attacks, advanced phishing, the Internet of Things, AI-aided attacks, remote access and extortion.
Protect your data and that of your customers from these six types of cyberattacks:
More than 60% of online fraud is accomplished through mobile platforms, and as consumers become more comfortable making larger purchases on smartphones, this statistic is likely to increase.
Smartphone users keep all kinds of information on their phones, ranging from bank information and online passwords to personal data and photos, all of which may be leaked.
Two-factor authentication can give consumers a stronger sense of security, but these methods of verifying a user’s identity simply make a lost or stolen phone that much more dangerous. The misplaced phone can be used to verify the identity of someone without that person’s consent or knowledge. These attacks can be even more serious when the individual is using a company phone with access to proprietary or sensitive data.
The ubiquity and convenience of mobile sources makes them an appealing target for cybercriminals, and mobile cyber security all the more important for consumers and businesses.
Thanks to phishing kits available on the dark web, executing advanced phishing scams is now easy for even amateur cybercriminals.
What’s more, only 17% of phishing attacks are reported, so phishing is a relatively low risk activity for cybercriminals. These scams have also become more sophisticated. While in the past phishing primarily targeted naive users who wouldn’t have a frame of reference for what kind of messages were normal, now even tech-savvy users can get caught up in professional-looking scams that are hard to distinguish from official communication.
With such low risk and high reward, we can expect that new advanced phishing techniques will be used against employees of all levels within organizations as well as individuals. A key way to protect yourself and your company against such scams is to familiarize yourself and your employees with the signs of phishing, and make reporting suspicious emails as simple as possible.
Your investigation tools matter too. When it comes to cyber investigations and phishing threats to your organization, link analysis tools make your investigations more efficient, accurate and defensible by visualizing and exposing otherwise hidden connections in your data.
In investigating cybercrime and insider threats, link analysis tools like Visallo help you uncover crucial hidden connections between entities.
IoT functions can make life easier for consumers. When you can preheat the oven while commuting home from work, remotely switch off lights you left on in your rush to get out the door, and trust that your coffee maker will order more coffee when you’re running low, it’s easy to forget how much can be controlled by others if they were to get access to your devices.
One of the greatest vulnerabilities of the IoT is the ability of many devices to make payments. Records of such payments often are not examined closely and may not be flagged when charges are small and for regular household items.
Twenty dollars for laundry detergent one day and $15 for new lightbulbs a few days later sounds fine when you know you’ll be receiving detergent and lightbulbs, but it’s problematic if the charges are actually unauthorized payments. Imagine this problem expanding to a manufacturing environment with hundreds of IoT-connected machines with the authority to order (and pay for) parts or raw materials.
The use of AI for cybercrime is only expected to accelerate as AI systems become more widespread.
AI has several different cybercrime uses. One is in the creation of phishing emails. These AI-created messages can bypass normal phishing filters and the suspicions of recipients. AI can also be used to collect data for and contact victims of social engineering scams. This takes out many of the most time-consuming parts of the process, making the payoff even greater when compared to the amount of work necessary.
AI-based cyberattacks also allow for the crime to be perpetrated remotely, lowering risk for the cybercriminal.
Extortion is an old technique, but the methods that extortionists employ have continued to evolve over time.
Take, for example, the technological siege of the city of Atlanta, Georgia in 2018. Cyber extortionists gained access to several important programs that keep the city running — some police databases, judicial system records programs, and others — and blocked them from use, demanding $51,000 in bitcoin if the government wanted the systems back online.
Not all extortion happens on so grand a scale, but it can be equally serious at an individual level if criminals gain access to thermostats, ovens, cars or baby monitors.
Remote attacks are also growing in popularity as well as sophistication. They take a variety of forms, but most recently have manifested as cryptojacking and attacks targeting perimeter devices, as well as attacks targeted at devices with open ports forwarded to external networks or the Internet.
This type of attack gives the fraudster access to all of the information from these devices, further weakening the security of other devices on the same network.
Clearly, cybercrime is an ongoing challenge that will continue to face both individuals and organizations. The best way to protect ourselves from these threats, whether financial, reputational, or otherwise, is to increase our awareness and decrease our vulnerabilities.
Of course, there are other safeguards that we can put in place to decrease our chances of falling prey to cybercrime. Firewalls, anti-virus software, and spam filters continue to be easy ways to cut down on vulnerabilities. Investigative link analysis tools (such as Visallo) can also play a key part in recognizing patterns that signify potential threats.
Monitoring advances in mobile cyber attacks, advanced phishing schemes, attacks on the internet of things, attacks on or aided by artificial intelligence, and sophisticated extortion schemes remains critical.
For more on Visallo and how it can help your organization in the fight against cybercrime, set up a time to talk with us or visit our videos page for an in-depth look at how investigations with Visallo work.