The risks organizations face from cyber threats are at epidemic levels. The threats are sophisticated, attack your weakest links (your employees) and are continuing to evolve at an alarming rate. Here are some of the most effective cyber scams Corsica Technologies sees facing organizations today.
Email Account Compromise
Email account compromise is on the rise, primarily because of the ubiquitous nature of email communication and the volume of sensitive information that continues to be shared within. From new account credentials to money transfer information, email is an easy target for hackers. Account compromise typically happens when an employee is tricked into providing credentials through a malicious link, or an attachment that installs a keylogger (malware that steals your credentials).
Once the bad actors have your credentials, we are seeing them access your email account and set up rules to forward and/or delete your incoming email. They immediately start spamming your contacts with a similar malicious email to steal their credentials.
Not only are you compromising any confidential/private email in your inbox, but you are also jeopardizing your friends, family and business contacts… and made to look foolish at the same time.
In cases where the account compromised belongs to an administrator, the bad actors will attempt to hijack your network, email server and/or your cloud tenant. These extreme cases cause much more severe business interruption when the bad actors change all of your passwords, lock out your employees and use your resources for their own gain.
Lay in Wait
Closely following email account compromise are attacks where the bad actors realize you are a valuable target. In several cases, we have seen accounting, financial and legal organizations be the victim of financial fraud when a bad actor compromised an account, noticed the nature of the business, then simply wait for the right time to pounce.
As soon as an employee communicates financial transaction information (by email), the bad actor intercepts the email, substitutes their own financial information, and intercepts the transaction.
Several vulnerabilities exist that are associated with internet browsers involving unsafe plug-ins to saved passwords, allow malicious sites to cull information and/or inject malware onto your systems. These vulnerabilities, when paired with loose (to nonexistent) web browsing restrictions in your office, allow bad actors to take advantage of your weakest link, your employees.
Unsafe Mobile Practices
Given the ubiquitous nature of mobile devices and the wealth of information stored on them, it should be no surprise that they are prime targets for bad actors to steal your information. From malicious apps that allow unrestricted control of your mobile device to unsecured data and devices to unsafe wireless habits, mobile devices are an easy target.
Most users are unaware of the ease in which a bad actor can set up “free” wireless networks that watch every byte of traffic that passes over it. Any credentials, private information or corporate secrets are instantly exposed without the user suspecting a thing.
Phishing continues to be the greatest threat to organizations because it attacks your weakest link, your employees. Phishing emails have achieved a level of artistry in effectively teasing and taunting our employees to click on a malicious link or open a malicious attachment. Research confirms the bad actors understand human behavior and know when to catch people off-guard, and which emails are most likely to encourage someone to drop their defenses to execute their malicious payload.
Research also shows that security awareness training programs are effective in modifying user behavior, surprisingly many businesses are still not taking advantage of this low cost, highly effective, risk-reducing measure.