There are numerous security threats that companies might encounter, making it difficult to decide which ones to address first. Here are three threats that deserve attention because they are not only dangerous but also prevalent.
Ransomware, trojan horses, phishing, SQL injection, and denial-of-service attacks are only a few of the many security threats that businesses might have to face in 2021. While protecting against all types of threats is important, it helps to know which types of threats are more concerning or common than others so you can prioritize efforts to mitigate them. Toward that end, here are three threats that are not only dangerous but also prevalent:
- Account Takeover Attacks
In 2020, researchers saw a sharp increase in the number of account takeover attacks. The number of incidents increased 20% compared to the previous year. This surge is expected to continue in 2021, according to experts.
In an account takeover attack, cybercriminals obtain both the email address and the password for an email account. With these credentials in hand, they are able to change the password and take over the account. They can then use the hijacked account to carry out malicious activities. Cybercriminals often impersonate the person to whom the account belongs in order to carry out attacks such as business email compromise (BEC) scams.
Account takeover attacks present a serious threat to companies because the hijacked emails appear legitimate. The email recipients won’t know, for example, that the email they just received is from a cybercriminal masquerading as their boss and not from their boss. Cybercriminals have used this ruse to con employees into transferring funds, providing sensitive data, and performing other harmful actions.
- Ransomware
Holding companies’ data for ransom has become a very lucrative business. According to one 2020 study, 27% of the organizations that experienced a successful attack ended up paying the ransom, at an average cost of $1.1 million [USD].
Plus, some ransomware gangs are branching out into the “ransomware-as-a-service” business. In other words, they let other cybercriminals use the malware they create to carry out attacks for a share of the profit. For example, a gang known as Pinchy Spider lets other cybercriminals use its GandCrab ransomware. This “ransomware-as-a-service” model means that more cybercriminals will have the tools they need to successfully attack businesses.
Because ransomware attacks are becoming more common, companies are increasingly heeding the advice of security experts and backing up their data in case they are attacked. This is prompting cybercriminals to come up with bold and dangerous tactics to get companies to pay the ransom. For example, gangs such as the Maze Crew steal data from their victims before unleashing their ransomware. If the businesses refuse to pay the ransom, the cybercriminals threaten to share it with the world. They often publish a small portion of the stolen data as proof they are not bluffing. This also adds social pressure because the businesses’ customers, suppliers, and others might find out about the attack if the data is published.
“Today it isn’t uncommon to hear of a ransomware victim being extorted into paying a ransom under threat of data exposure,” according to one security expert. “It has heralded a new era in ransomware where social pressure and shaming is being used to increase the attackers’ bottom line.”
A few gangs even try to bully businesses into paying up. The DoppelPaymer gang members are known for using this tactic. They often call their victims to intimidate them into paying. In one case, they even threatened to send a gang member to the home of a certain employee and provided the employee’s home address as proof they knew where that person lived. The gang also called several of the employee’s relatives.
- Inadequate Infrastructure for Remote Workers
When the COVID-19 pandemic first hit, governments around the world started issuing shutdown orders. To remain operational, many businesses let employees work from home.
In many cases, companies had to quickly deploy the infrastructure needed to support their remote workers, with security being an afterthought. As a result, these companies have massively expanded their potential attack surface, according to experts.
For example, the surge in remote workers has led to an increase in the use of Microsoft’s Remote Desktop Protocol (RDP). This could make companies’ IT systems more vulnerable to attack if the right security measures aren’t in place, according to the US Cybersecurity and Infrastructure Security Agency. There is evidence that this is already occurring. One study found that the surge in remote workers has led to a 127% increase in exposed RDP ports. Because they are exposed, these ports are at risk of being attacked.
Although it won’t be easy, companies need to assess the infrastructure they are using to support remote workers and fix any security issues.
Ransomware statistics flickr photo by Infosec Images shared under a Creative Commons (BY) license