Cyber-attacks all point in one direction: to cause maximum damage to a business or organization. Their objectives can be specifically categorized into motives such as, financial gain, motives of revenge or one-upmanship, or even cyber-warfare between two organizations or whole nations.
Before we dive into the most common ways companies are affected, let’s have a brief look at some trends in relation to the threat landscape:
Malwares are packages or types of malicious software that are created to spy, infiltrate, and compromise a business or an organization’s data. Ransomware, worms, trojans, adware and spyware can all be classified under malwares. They can cause major data breaches, disrupt businesses and cause a lot of financial loss to an organization and damages reputations of the victims. Malware usage has been up almost 800% since early 2020. “WannaCry” a malware group, took advantage of a security liability of Microsoft and displayed ransom messages to connected businesses, hospitals, banks and manufacturers. The development of Malware is expected to remain static during 2021 (neither decrease nor increase in amount).
These attacks will steal information from users or trick them into downloading malware by sending malicious emails that resemble real/official requests but are, in fact, a scam. An example can be when cyber criminals hacked the AP News Twitter account and falsely tweeted that the White House was under attack. The attackers used a targeted phishing attack (spear-phishing) to gain access to the account. Another example is when Hillary Clinton’s emails were leaked during her Presidential campaign. Phishing attacks are more tricky to handle. Since they pose as something else entirely, and since they are very easy to perform. They are also one of the most common methods used by cyber criminals to access data and perform identity theft. Phishing attacks are in an ever-growing curve, with the expectation of number of attacks increasing even further during 2021/2022.
These attacks disrupt or stop the traffic to a website, or an application, server, service, or even a network by flooding it with traffic from botnets (compromised computer networks), preventing actual users from accessing it. In 2018, GitHub experienced the largest DDoS attack ever when it was hit with 1.35 terabits of traffic per second and was offline for almost 20 minutes as a result. DdoS attacks are currently in a downward trend, expected to decrease in the number of attacks during 2021/2022.
These attacks occur when an internal resource at an organization, spies on or intercepts communication between users and businesses or even employees within their organization. MitM attacks target personal or company information or redirect that information to another destination or for espionage purposes, for example: Russian intelligence operatives attempted to breach the Organisation for the Prohibition of Chemical Weapons (OPCW), a weapons watchdog organization, by using espionage equipment in a car next to the OPCW headquarters in Hague. MitM attacks have recently surged all around the world, resulting in Governments enforcing cybersecurity norms.
The growing popularity of IoT devices and the growing concept of a connected world exposes users to further risk of account data being compromised. Hijacking of accounts can have devastating consequences on a business if their data is leaked, falsified, or plagiarised. Account hijacking incidents can be minimized by constant monitoring, multifactor access systems, proper security logs, and encrypting data. Example: In July, the Twitter accounts of some of the world’s most influential people — including Barack Obama, Bill Gates, Joe Biden, Elon Musk, and Kanye West — all posted suspicious tweets asking for Bitcoin. The scam tweets would vanish and appear in a whimsical fashion. Identity thefts and hijacking accounts have been on the rise from the past two years and these attacks are maintaining an upward curve.
Businesses need a dedicated and experienced team of certified security experts to keep up with the security challenges. Cyber criminals are quickly developing and improving their methods – and there’s no way for organizations to single-handedly stay on top of this rate of growth and pace of destructive innovation.