Cyber-resilience

Next Article

Working From Home

THE RISING TIDE OF malicious threats

Digital transformation is creating fantastic new business opportunities, but it is also opening up many new angles of attack for cybercriminals. We asked the head of a software security company some pertinent questions about these.

Cybercrime today is big business – so much so that many security players indicate that the bad guys far outnumber the good guys, working on the side of security. Add to this the nature of digital transformation and the arena in which the criminals are operating is only growing larger, with the number of potential angles of attack increasing all the time.

We chat to John McLoughlin, CEO of J2 Software, a valueadded reseller of security software solutions, about the new kinds of attack vectors and threats we face in an increasingly digitising world. In today's digitally transforming world, what would you consider to be the most crucial threats we need to defend against? The threats are outcomes driven. Cybercriminals have an outcome in mind, such as to extract a ransom, steal information or embarrass the company or individual – it could even be a combination of these. The threats change all the time, as do the methods, so, really, the biggest threat to defend against is complacency. Do not wait until you are a victim before taking cybersecurity seriously. I speak to people every day, in different parts of the world, who wish they had not been complacent, who thought it would not happen to them – until it did.

Cybercriminals utilise a multitude of vectors to conduct their attacks. Which attack vectors are the ones most likely to succeed? Generally speaking, email is the most used vector, simply because it provides the most access to the weakest piece of the chain, namely the trusting user on the other side of the keyboard. Social engineering, convincing stories and people with little knowledge of what to look out for make the easiest targets. People inadvertently share details they shouldn’t. Curiosity gets people to click on links, open files, connect to complete strangers online, respond to queries and so on. Therefore, without a layered, proactive defence, user visibility, insider threat detection and user awareness, it is always going to be a matter of when – not if – you will become another statistic.

Do the attack vectors differ according to the size of the business? The vectors remain the same, but what will differ is the execution once the initial compromise is successful. Some businesses will be better prepared than others

and these factors will change the method of final attack. Remember that cybercriminals do not just hit and hope; they do research, take their time and work to succeed. Like good salespeople, who will identify their targets, do the research and then work their way to the right person to close the deal, cybercriminals too are persistent and patient. As they learn more about your organisation, they will pivot and adapt their approach, based on what they learn. Once they know which platforms you use, their phishing methods will change and their targets will shift until they get in. The criminals are working on many opportunities at the same time, and while they might be similar, they will adapt for each of their target victims.

What are the most dangerous new threats to have arisen in the past two years? For me, it is the double extortion approach to attacks. This is amplified by people’s fear of reputational damage. The criminals realise that as backup and recovery has improved, the need to first steal the data before destroying it leads to higher success in ransom payments. If you do not pay the ransom, then your sensitive data is leaked online.

Are there any potential threats on the horizon? Every time some new technology is deployed, or there are new gadgets released, the attackers change their methods. But the biggest threat comes down to how much you are willing to lose before taking action. Criminals already have the outcome in mind – they want your money, data or business.

The need to work remotely during the pandemic also gave rise to a whole slew of new attack vectors and approaches: can you outline what the most dangerous and unexpected or unique ones were? Cybercriminals are constantly adapting their approach to deceive their targets and increase their success rate. There is a new trend developing that speaks directly to this phenomenon – it is an adapted version of the standard ‘completing of a successful change of bank details’ style of fraud. Many people have seen and encountered this approach, also known as invoice fraud. It is where an attacker pretends to be a supplier, creates a fake change of bank details letter, and emails the accounts department to get the banking details updated.

The attack method is nothing new, but the execution has simply evolved. The end game is the same – i.e. to steal your money – but the criminal syndicate now uses the fact that most people are working from home to target their prey with a more personal approach. The cybercriminal uses the telephone and identifies themselves as the supplier's finance contact person. The call is friendly, includes some small talk, pandemic discussions and is made to sound unique, right down to using the correct accent. The attacker informs your team that they’re changing banks and asks about the process to do so. They then confirm the details and send this via email.

As this is expected, your finance team has a higher likelihood of being tricked and falling for it. The cybercriminal often uses messaging apps like WhatsApp and Signal to confirm the details have been sent and will then call back again a short while later to confirm receipt of the details and to answer any questions or concerns. This adaptation has been necessitated to get around the usual verification process in place at a business. The attacker does their own verification with your finance team, increasing their success rate exponentially. There have been different versions and levels of sophistication in these attacks, including highly targeted attacks where the cybercriminals have even spoofed the supplier’s telephone numbers.

What are the most critical impacts on a business when cybercriminals get their attack right? Security is taking on a new shape, is being integrated into new business initiatives and is used as a competitive advantage. No one wants to be breached – once consumers are affected, they will fear working with companies they don’t trust. Providing a secure business environment is every company’s concern and cybersecurity must be an investment priority in every business, regardless of industry or size.

However, it is a higher priority for informationbased organisations like professional services firms, banks, financial institutions, insurance companies, telcos, municipalities and power utilities. These industries are already experiencing paralysing attacks that stop critical services such as electricity and water supply. These crippling cyberattacks will ultimately result in increased spend as they cause unprecedented loss of revenue.

Finally, any words of advice to organisations in respect of attack vectors, the dangers posed by cybercriminals or the means to secure your business more effectively? The main thing that needs to be done is to bolster cyberresilience. Cybersecurity is not a single or multiple system or solution. The importance of resilience is to look at the business and its systems and processes holistically. We cannot just deploy anti-virus and firewalls and think all will be well – especially when half the workforce no longer sits behind the firewall. Understanding the risks and taking incremental steps to bolster resilience along with increasing visibility across the entire attack surface are all we can do to stop attacks as they happen. Ultimately, resilience provides visibility, and visibility provides the capability to respond.