There are many cybercrimes today including phishing, spearfishing, whaling, social engineering, targeting third-party access, business email compromise, malware, and of course, ransomware, but when it comes down to it, the greatest vulnerability for cybercrime is the individual user. Ultimately, human nature sees convenience instead of security. In looking at the recent events with the global pandemic, there’s a concerted increase in targeted cyberattacks by a much broader variety of actors. As we see convenience with smartphones, network-enabled devices, and Integrated Security networks, we’re opening new doors for these actors to find and exploit.
Hacking & Intrusions
We still have the old-school hacking and intrusions which involve a great degree of skill and technical ability via software or hardware. However, we now have people that are purchasing those packages off of the dark web and using them to further the network of bad actors that are there. Nation states have teams that are constantly developing and adapting these attacks and gaining access to sensitive data.
Cybercrime and The Web
There are a number of different criminal activities including hacktivism, criminal intent, insider threats, espionage, both corporate and nation state. However, with all of these attacks, what we’re seeing now is the threat landscape for criminal activity has moved—when you have shutdowns as a result of a national pandemic, that focus moved to the web—so there’s been a greater push and greater attention towards cybercrime and cyber threats.
Cybercrime is No Longer Targeted
From phishing to cyber espionage, the city states are what we’re seeing now, and it’s a billion-dollar industry. You can always go and look up last year’s FBI statistics, and you’ll see that it’s gone from an annoyance or targeting one company, to the lack of targeting and mass cyberattacks on everyone. This is the biggest scare. Anyone can now easily go out on the dark web, or at least a deep web, and buy these tools that take advantage of any company. If someone is hit, they are hit. These cyberattacks are not even targeted.
“More people are working in a different environment than they were 9 months ago. So you think about the level of comfort you have in your home – you may be a little bit more relaxed, you may not pay attention to as much detail; you may have the baby crying, the dog running around, wanting to go aside, so you’re just clicking on this or the other. That is is the whole recipe for disaster. People love convenience over security. So it’s just a perfect storm, in my opinion.” – Jason Pryce, Datto, Inc
Have You Heard About The Most Recent Breaches?
Just to show how bad it is getting out there, those of you in the IT industry may be familiar with some of the most recent breaches where proprietary information was stolen to put cybercrime in perspective.
#1 The University of California, Berkeley
The University of California, Berkeley (UC Berkeley) has confirmed it suffered a data breach, becoming the latest victim of the Accellion cyber-attack. On Monday (March 29, 2021), “multiple” employees at UC Berkeley received an email from an unknown actor stating that their data had been stolen and would be released. The emails contained a link that displayed a sample of personal details from UC employees, a statement from UC Berkeley reads. UC Berkeley said that the data breach was due to an earlier intrusion suffered by third-party provider Accellion, a secure file transfer service, which was used by the university. (source https://portswigger.net)
#2 UK Victims of Ransomware
Many consumer victims of ransomware scams fail to get access to their data even after they pay off extortionists, according to a survey by Kaspersky. The poll found that close to half (46%) of UK ransomware victims paid the ransom to restore access to their data last year, yet an unfortunate 11% of victims who shelled out did not have their stolen data returned. Whether they paid or not, only 18% of 1,006 UK victims surveyed were able to restore all their encrypted or blocked files following an attack.(source https://portswigger.net)
#3 US Healthcare Systems
FBI warns ransomware assault threatens US healthcare system – Federal agencies warned that cybercriminals are unleashing a wave of data-scrambling extortion attempts against the U.S. healthcare system designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of COVID-19 are spiking. (source https://apnews.com)
#4 FireEye Cyber Attack
FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community – …Recently, we were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack. (source https://www.fireeye.com)
Cybercrime is growing and changing every minute of the day. IT groups for small and mid-size companies will be under intense pressure to defend against it. Having access to outside expertise is one way to improve the plan and help repair the breaches if they occur.
To learn more about RDI Intuitive Technical, contact us!