5 minute read
BANKING AND FINANCE FEATURE BANKING DIGITAL SECURITY CYBERCRIMINALS
into a network or application, placing the business and its customers at risk.
MSPs must safeguard their clients' IT infrastructure from malware because they oversee their security. An attacker who gains unauthorized access to an MSP's network can also readily access the IT infrastructures of the target’s clients. The MSP and its clients are then vulnerable to ransomware attacks.
A 2021 ransomware attack on the MSP software provider Kaseya sought a $70 million ransom payment to restore the data of as many as 70 of the business’s clients. However, because the software stored information on each MSP's customers, the assault affected 1,500 companies in at least 17 nations.
Ransomware is widespread now
Anyone can rent professional ransomware tools, purchase instructional DIY kits to create and launch attacks or employ a criminal organization to deploy ransomware assaults, thanks to RaaS. Additionally, RaaS is accessible and economical for nascent cybercriminals because these malicious source codes are available for as little as $39.
To collect RaaS income, several cybercrime gangs are adopting a subscription affiliate model with profit sharing. A threat actor is now paying a monthly subscription to gain access to the ransomware tools, code, and deployment help. The gang automatically takes a portion of the ransom money each time a cybercriminal uses the gang's harmful code to retrieve a ransom.
This strategy makes smaller businesses and organizations in developing nations more susceptible to ransomware. These businesses have become vulnerable targets for a new generation of cybercriminals trying to make a profit, even though attacks on these companies are typically not profitable for significant cybercrime gangs. These attacks are inexpensive to deploy, and their attacks are now costing businesses millions of dollars in ransom payments, clean-up expenses, compliance fines, and lost revenue.
How criminals disseminate ransomware
Cybercriminals frequently combine their methods when trying to gain access to IT infrastructure and introduce dangerous ransomware. Others utilize various techniques to locate flaws and obtain credentials to boost their chances of success. At the same time, some may use ransomware assaults in the hopes of discovering zero-day vulnerabilities.
Phishing assaults, undoubtedly the most popular means to steal passwords or spread malicious URLs, increased by 120% in Q3 of 2022. It is customary for cyber attackers to initiate phishing attempts and obtain access to an IT environment before spreading ransomware because stolen credentials are routinely the top cause of breaches.
Cybercriminals frequently target MSPs to access their clients' systems and spread other ransomware because many MSPs manage access permissions for the methods of their clients.
Knowing cybersecurity trends is only half the battle won
Unfortunately, cybercriminals always seem to be one step ahead when exploiting weaknesses. To stay current, learning about cybersecurity trends like ransomware-as-a-service is essential, but being aware of them is just half the battle won.
ATM skimming
ATM skimming is when scammers place a device on an ATM to capture your card information and PIN as you use the machine. This information is then used to make fraudulent purchases/ withdrawals from your account.
To avoid falling victim to ATM skimming, it's important to always check the ATM for any signs of tampering, such as loose or extra attachments. Also, cover your hand as you enter your PIN to prevent scammers from visually capturing it.
Skimming is illegally installing equipment on petrol pumps, ATMs, and point-of-sale terminals to steal information, such as card numbers and PINs. With this data, fraudsters can create fake credit or debit cards. According to estimates, skimming results in more than $1 billion in annual financial losses.
Pump skimming for fuel
The typical location of fuel pump skimmers is in the machine's internal wiring, out of the customer's view. The gadgets used for data collection save information for subsequent wifi or download.
Guidelines to avoid pump skimming
Select a fuel pump closer to the store and in the attendant's line of sight. Skimmers are less likely to target these pumps. Use a debit card instead of a credit card. Cover the keypad while entering your PIN. Instead of paying at the pump, think about performing the procedure in another secure premise with the attendant. Contact your bank immediately if you believe you've been a victim of skimming.
ATM and Point of Sale skimming
Devices for ATM skimmers often cover the original card reader. A few skimming gadgets are located near exposed cables, in the terminal, or in the card reader. ATMs with pinhole cameras capture a user entering their PIN. The placement of pinhole cameras varies greatly. When recording PINs, keypad overlays occasionally take the place of pinhole cameras. This is because Keypad overlays keep track of user keystrokes.
Skimming equipment stores information for eventual wireless transfer or download.
Tips to avoid falling prey to such crimes
Before using the cards, check the POS terminals, ATMs, and other card readers. Look for anything that is off-centre, bent, broken, or scraped. If you find anything strange, avoid using card readers. Before inputting your PIN, tug on the keypad's edges. Cover the keypad after entering your PIN to prevent cameras from recording your entry. Use ATMs which are indoors, well-lit, and away from any threats. If you are using ATMs in tourist destinations, watch out for skimming devices. Use chip-enabled cards. Devices that steal chip data are less common than those that steal magnetic stripe data. Be cautious while using your debit card with linked accounts. Instead, use a credit card. Immediately contact your bank if the ATM doesn't return your card after you cancel a transaction.
Impersonation scams
In this scenario, scammers pose as bank employees/another authority figure to gain your trust and access to your personal information. For example, they may call or email you, claiming to be from your bank, and ask for your personal information/login credentials.
Credit card fraud was one of the most widespread types of fraud in the United States in 2021, according to complaints received by the Federal Trade Commission (FTC). However, that statistic only provides a partial picture of the issue.
The Nilson Report, which tracks the payments sector, predicted that over the next ten years, losses in the United States from card fraud would reach $165.1 billion, affecting every age group. According to Insider Intelligence, only one sort of credit card fraud, card-notpresent fraud involving online, over-thephone, and mail-order transactions, will be responsible for an average estimated $5.72 billion in losses in the world’s largest economy in 2022 and beyond. When someone uses a credit card to make an illicit purchase, such as purchasing goods on Amazon, this is known as credit card fraud. Other types of credit card fraud include identity theft, using stolen cards, and card-notpresent fraud. While credit card fraud is a significant issue, there are precautions to avoid being one of the statistics.
Theft of identity
Identity theft occurs when fraud or another crime is conducted using your personal information, such as your credit card or Social Security number. The Federal Trade Commission received around 1.4 million reports of identity theft in 2021.
Conclusion
Technology and banking scams are becoming increasingly sophisticated, and it's essential to be aware of the dangers and take steps to protect yourself. Always remember to be vigilant and never disclose your personal information or login credentials unless you're confident you're dealing with a legitimate source. Stay safe out there!
