How Hackers Keep Businesses on Their Toes
Change and innovation in the cybersecurity industry seem to be moving faster than ever, driven by cybercriminals. They continue to develop new tactics and techniques to disrupt IT systems, steal data, and monetize their efforts.
Here are some of the more widespread and successful cyberattack campaigns businesses now face.
BEC with Deepfake Technologies
One of the top threats in cybersecurity remains email-borne phishing. However, phishing has diversified. Out of the 13 types of email threats identified by Barracuda, business email compromise (BEC) is the most lucrative.
The FBI estimates that cyber-offenders raked in nearly $1.9 billion from BEC in 2020 and $1.7 billion in 2019. That’s even more impressive than it sounds when you realize those figures represent about half of the losses from all forms of cybercrime in each of those years.
Virtual meeting platforms, combined with AI-powered deepfake technology, are the newest BEC conduits. Already, deepfake audio has successfully tricked victims into making millions of dollars in fraudulent transfers. In recent months, one of the more newsworthy successes was a bank manager in Dubai who was conned through a spoofed voice into transferring $35 million.
Deepfake technology is constantly improving, and the price is dropping. Already a viable tool for many cybercriminals, the threat deepfake video poses to organizations will grow steadily more severe.
Even deepfake technology can be mitigated, if not wholly thwarted, by savvy IT teams. Minimizing risk requires a blend of technology, process, and people.
Technology: Improve phishing defenses to block the BEC pathway. Invest in email security that uses AI to monitor internal email patterns to spot when suspicious activity occurs and flags telltale signs such as a ‘reply’ email address that’s different than the ‘from’ email address.
Process: No single employee should be able to authorize large fund transfers. Require secondary checks to stop any possible BEC attempts.
People: Make it a routine to train all staff on BEC awareness, including simulation exercises with phishing awareness tools.
Big Game Hunting
In 2021, there were 2,686 ransomware cyberattacks in the U.S., according to the 2022 CrowdStrike Global Threat report. That’s an 82% increase over 2021.
The most significant growth in ransomware attacks involved an activity known as “Big Game Hunting (BGH),” in which broad, high-visibility attacks are visited across industries. CrowdStrike notes that BGH was felt in all business sectors worldwide.
Fortunately, the media and law enforcement attention brought on after two of the better-known BGH strikes in 2021 – those against JBS Foods and the Colonial Pipeline – helped reduce data leaks.
Living Off the Land
With increasing frequency, ransomware attackers are trying to avoid writing malware past the point of obtaining legitimate credentials. Known as “living off the land,” this effort helps evade detection by legacy antivirus apps.
Sixty-two percent of detections indexed by the CrowdStrike Security Cloud for the last quarter in 2021 involved no malware at all. Instead, the cyber attackers ran common sysadmin commands and manually installed ransomware.
Lock and Leak
Threat actors based in the Middle East used ransomware combined with “lock and leak” information disruption in 2021. The cyber attackers would encrypt a target’s data to collect the ransom. Nothing new about that. But then they stole the data also, forcing the target to pay more to get the data back or selling it on the dark web instead.
Lock and leak efforts are growing in popularity because cybercriminals can double-dip from a single successful infiltration effort.
Costs of Cyberattacks Continue to Grow
Over the past three years, cybercrime costs have impacted the global economy by nearly $1 trillion annually. That’s more than 1% of the total global GDP.
The average cost of a ransomware attack target in 2021 was $220,000. The average 2021 data breach ran $4.42 million. Even organizations with fully deployed security automation experienced an average data breach cost of $2.45 million in 2021. A data breach involving between 1 million and 10 million records costs the organization $50 million.
Risk Management Tailored for Your Needs
The question is no longer whether a cyberattack will happen but how prepared your organization is for the episode when it does. The first step is to obtain robust insurance protection against today’s threats and those that evolve in the future. Contact the risk management professionals at BNC Insurance to learn more.