At the end of March 2021 email addresses, dates of birth, phone numbers and a lot of other, traceable information was stolen from Dutch car insurance automation company RDC after a hack. Supposedly millions of Dutch car owners are victim of this data breach. Not only can the data itself be sold; this specific dataset also allows criminals to find out where they could steal nice, expensive cars. More recently, at the start of April 2021, another prevalent data breach hit the news: over 533 million Facebook-accounts had their information stolen (just to give you a clear perspective on that number, that’s 533.000.000 individual people!). This is an enormous blow for the company and shows that even the largest tech giants are not immune to hacks and data breaches. As the above examples illustrate, data is a hot and valuable commodity: the use of digital systems is currently generating 2.5 billion gigabytes of data per day, worldwide (again, for visual reference: that’s 2.500.000.000 gigabytes each day). Some quick math learns us that this means that you generate an average of a whopping 150 gigabytes of data a day, all by yourself.
The thought of all that personal information being out there for criminals to take advantage of is not a happy one and criminal practices aimed at obtaining, exploiting and selling data have existed since the beginning of the internet. Over time, as new technologies are developed and our use of online services changes, these threats also change in nature. In this article, we’ll take you through the most dangerous digital threats encountered by businesses today. Some are very new, some have a past but still persist today (and with good reason). Forewarned is forearmed!
Perhaps one of the most well-known, evocative examples of recent cybercrime trends is the use of ransomware. In May 2017 many businesses in many different countries had become the victim of a large-scale attack with ransomware under the name of WannaCry. Seemingly out of nowhere, the world was familiar with the concept of this type of malicious software as Google searches for the term soared
Even if you don’t know exactly what it is, chances are you’ve heard the term pop up somewhere over the past few years. Ransomware is malicious software that encrypts files and makes a computer system inaccessible. The perpetrators then demand a ransom (what’s in a name?) payable in some variation of cryptocurrency, often Bitcoin. Critical services such as medical organizations or financial companies are extremely interesting targets for ransomware. Because these services are critical to the infrastructure of modern day life, these organisations will often pay to have their information restored as soon as possible to minimize impact. Even though Ransomware is as prevalent and dangerous as ever, it has seen somewhat of a decline in recent months. There is a new kid on the block that offers a more sure-fire and low-profile way for cybercriminals to take over systems and networks for personal gain; cryptojacking.
Cryptocurrencies have been on the rise for some years now. Put very shortly and simply, cryptocurrencies are virtual currencies that add extra layers of security, privacy and transparency to their transactions. To obtain these currencies, you can put computer hardware to use to ‘mine’ them by performing complex calculations. This cryptomining has an extremely high power consumption as it pushes the processor and graphics card to their maximum power draw to make these complex calculations faster. Serious cryptomining comes with a high electricity bill! And since cryptocurrencies are popular and highly profitable mining without paying for all that power consumption seems like a good proposition for cybercriminals. That’s where cryptojacking comes in. Cryptojacking-scripts are a type of malware that hijacks a computer’s processing power to mine cryptocurrency for the attacker; they get the goods, you get to pay. Not the best business proposal! Cryptojacking is on the rise, as it is a much less clear and brute-force way to extract coveted cryptocurrencies from possible victims. Sometimes without them even knowing. Keep an eye on your CPU and GPU usage, everyone!
Named after the famous Trojan Horse-scene in Homer’s Odyssey, trojans are one of the oldest forms of malware in existence. Even today, they are still widely used as their development has not halted with the rise of new forms of cybercrime. In fact, they have evolved to become more sophisticated and harder to detect and protect against. Trojans pose as trusted software but, once installed, open a backdoor into your computer system. This will give the attacker access to your computer and allow them to take over control of (certain parts of) the system. After the trojan is installed, the attacker can, for example, steal login credentials or install malicious software. Trojans themselves rarely cause damage but they allow criminals to perform a host of other activities, including most of the other ones on this list!
Another type of attack that has made headlines over the past years and is still very much popular today, is the DDoS-attack (Distributed Denial of Service). These attacks are targeted at online services, from web-shops to social media platforms and financial services. If your business operates online, it runs a risk of being the victim of a DDoS attack. During such an attack, the attacker will bombard a webserver with an enormous volume of requests so that the server will crash. Imagine, as a quick example, that a server is built and configured to support 100 connection attempts per second at the same time. If someone then launches an attack where a 1000 attempts a second are made, the webserver will crash and stop working. Depending on various factors the average cost of a DDoS attack can be over €3.000.000; web-shops that miss orders, cloud storage that is unavailable or crucial governmental services that are unreachable. Even though it is one of the simplest forms of attacks, the results can be devastating.
Last but very certainly not least; the saying goes that a system is only as strong as its weakest link. This is doubly so for any security measures. Unfortunately, the weakest link in cybersecurity are we; the users. A quick errand on the way to work? “I’ll leave my laptop case under the seat. I’ll be back in a minute anyway.” Stepping away from your computer at work for a second? “I won’t have to lock it, my co-workers will keep an eye out.” An email with a lot of typing errors and a PDF attachment? “They always email me these weekly reports. They probably had their spellchecker turned off.” Cybercriminals know that many of us believe we’d never fall for this kind of manipulation and that a single moment of carelessness or inattention can have dire consequences. And they gladly make use of that. This type of hacking is called Social Engineering; preying on the human tendency towards trust and curiosity. Far less technical and more social (again; what’s in a name?), this is how many data breaches happen. Most are familiar with the concept of phishing; spoofing emails to look legitimate and are designed to persuade you to enter sensitive information. While this is the most prevalent of social engineering scams to gain information, there are many others such as baiting (promising the victim a reward) or tailgating (taking advantage of human trust to gain physical access to devices). Though this type of cybercrime is much less clear to identify, it is very much preventable. The key is to always be vigilant, never take security measures for granted and following your company’s security policies!
Now that you know what to be on the lookout for, we’ll share some tips on how to prevent you and your data from being a target for cybercriminals. Better safe than sorry!
Keep your software up-to-date: cybersecurity and cybercrime is often a cat-and-mouse game. Where criminals find new ways to exploit systems, software engineers and security experts continuously want to stay a step ahead by finding and patching (un)known vulnerabilities. Make sure you regularly check your critical software systems for the newest (security) patches.
Consider your network infrastructure an investment: for many businesses, having their IT infrastructure up and running is a main priority. “As long as it works”. This attitude will cause more damage in the long run, as maintenance and security upgrades are often added as an afterthought. By investing in proper hardware and people, you ensure that you won’t as easily be victim to a data breach. Don’t skimp on cybersecurity! Your customers will thank you.
Be aware of your security policies: have you thought about what to do in case malicious activity is detected in your network? Or how frequent you perform tests and updates? How and where your backups are stored and verified in the case you are a victim of ransomware? Having a proper (digital) security policy in place helps prevent cybercrime within your organisation, as well as reduce the impact of possible breaches.
Train yourself and those around you: as stated earlier, the human factor is the weakest link in digital security and Social Engineering is on the rise. Know what to look out for and teach those around you. This goes from double checking the sender address on an email (tip: copy-paste it in a text editor and change font to see if anything weird is going on there) to password security and physical protection of devices such as laptop cases with locks. Stay vigilant!
Take some time to think about the above. Should you need some help in checking your digital security and to think about proper procedures; we can help. Make use of our free Security Consult and we’ll go through your infrastructure and policies to see how well you have protected yourself against digital threats. Just shoot us an email!