The reason we go on so much about cyberthreats here at Cultrix and the challenge they pose for businesses, is not to shock business owners unnecessarily, but to provide up-to-date global knowledge on developing trends, so businesses can develop a security mindset.
Examining 2022’s cybersecurity risks, we looked at why the ‘don’t take anything at face value’ approach needs to be adopted for businesses’ everyday security. For instance, not opening risky emails containing links, providing bank details to unknown contacts, and being generally alert to anything that looks odd; because if it looks odd, it is.
In this blog we want to clue you up even further about how global cybercrime is developing, because it relates to our everyday business and consumer environment. And some of the insidious ways cybercriminals are targeting our vulnerabilities is shocking, but again, gives us useful insight into why we need to be vigilant at every level.
Does your business operate differently to how it did five, or two years ago? So do cybercriminals.
What you may notice as we go touch on some of the ways cybercrime is adapting to its environment is how responsive cybercriminals are to the changing operational environment. If there is a global vulnerability or crisis, cybercriminals respond by adapting and finding opportunities to exploit.
Just as you adapt your business to the climate, so do cybercriminals.
Attacks to supply chains
Many businesses’ supply chains have been disrupted on a local and global scale over the last few years. Businesses and organisations, struggling to meet demand have put fewer familiar arrangements in place, potentially causing them to be vulnerable and giving rise to cybercrime opportunities.
Cybercriminals gain ‘backdoor access’ to organisations and their infrastructure, embedding malicious software through source code, repositories and open-source libraries. Infections are then passed on via trusted partners through software updates, since the usual security tools are unable to identify them.
Supply chain oversight is therefore recommended as a continuing area of security for all businesses, and you can find more guidance on this at the National Cyber Security Centre.
Cloud account takeovers
Since the mass adoption of the cloud, where effectively all of an organisation’s critical data is held in the cloud on a third-party platform, account takeovers have been rife, and are set to continue.
Targeted phishing attacks, dark web exchanges of compromised data and exploitation of vulnerabilities in passwords, particularly where personal passwords are used for corporate accounts, continue to provide opportunities for accounts to be taken over by cybercrime operators and impersonators, with the victim not knowing anything in the run up to the compromise.
Stay up to date with password guidance and security, never using personal details that can be found on the internet, use two-factor authentication methods, and a password manager.
Cybercrime no longer an ‘elite’ activity
Perhaps the most shocking fact about contemporary cybercrime is that it is now widely recruited to. Forget the stereotype of a tech genius of incredible intelligence hacking away on their machine in an attic bedroom. Tutorials and affiliate schemes, even Ransomware as a Service (RaaS), are commonplace and open to any unskilled attacker, enabling them to use sophisticated tools.
This means the base of attackers grows wider, and novel cybercrime methods become the everyday, as complex ransomware is developed, funded by unskilled actors who ‘buy in’ to these tools and use them for their own advancement in the dark web.
Development of ransomware attacks
Ransomware attacks where a system is denied access by someone, or an organisation, who needs it, until they’ve paid a sum of money, are becoming more sophisticated. Attacks were mainly characterised by encrypting data, but now, data copying and extraction is used to steal data, backups are encrypted and deleted, and domains hijacked.
The means of making ransom demands are becoming more varied and harder anticipate. Added to this, ransomware attackers do not like the attention attracted when a high-profile company is compromised, so the trend has been to focus on smaller companies unlikely to attract headline news if they were to undergo an attack.
We don’t want to scare you
By being aware, and vigilant in how you operate and assure your systems, data, suppliers and stakeholders, you can ensure your company is as secure as it possibly can be.
Yes, you’ll need some up-to-date security technology to do that, which is where we can help.
2022 Cyberthreats to be aware of
Non-traditional cyberthreats are emerging in 2022 businesses need to be aware of. Read why ‘don’t take anything at face value’ should be your approach.
The essential tech-word glossary
The tech world is full of terms people may not understand. We promise to always speak your language, but here are some of the basics that could be useful