Change and innovation in the cybersecurity industry seem to be going faster than ever, driven by cybercriminals. They continue to develop new tactics and techniques to disrupt IT systems, steal data and monetize their efforts.
Here are some of the more widespread and successful cyberattack campaigns that companies are now facing.
BEC with Deepfake Technologies
One of the biggest threats in cybersecurity is still e-mail phishing. However, phishing has diversified. Of the 13 types of e-mail threats identified by Barracuda, Business-to-Business Compromise (BEC) is the most lucrative.
The FBI estimates that cybercriminals received nearly $ 1.9 billion from BEC 2020 and $ 1.7 billion in 2019. It’s even more impressive than it sounds when one realizes that these numbers represent about half of the losses from all forms of cybercrime during each one of these years.
Virtual meeting platforms, combined with AI-driven deep-fake technology, are the latest BEC channels. Deepfake audio has already successfully tricked victims into making millions of dollars in fraudulent transmissions. In recent months, one of the more newsworthy successes was a bank manager in Dubai who, through a false voice, was tricked into transferring $ 35 million.
Deepfake technology is constantly improving and the price is falling. Already a viable tool for many cybercriminals, the threat of counterfeit video poses to organizations is growing steadily more serious.
Even deepfake technology can be mitigated, if not completely eliminated, by knowledgeable IT teams. Minimizing risks requires a mix of technology, process and people.
- Technology: Improve phishing defenses to block the BEC route. Invest in email security that uses AI to monitor internal email patterns to detect when suspicious activity occurs and flag controlling characters as a “reply” email address that is different from the “from” email address.
- Process: No individual employee should be able to approve large money transfers. Require secondary controls to stop any BEC attempts.
- People: Make it a routine to train all staff in BEC awareness, including simulation exercises with phishing tools.
Big game hunting
In 2021, there were 2,686 cyberattacks for ransomware in the United States, according to the 2022 CrowdStrike Global Threat report. This is an increase of 82% compared to 2021.
The most significant increase in ransomware attacks involved an activity called “Big Game Hunting (BGH)”, in which broad visibility attacks with high visibility are visited across industries. CrowdStrike notes that BGH was felt in all business sectors worldwide.
Fortunately, the media and law enforcement attention raised after two of the more notorious BGH strikes in 2021 – those against JBS Foods and the Colonial Pipeline – helped reduce data leaks.
Living off the land
With increasing frequency, ransomware attackers are trying to avoid writing malware past the point of gaining legitimate credentials. Known as “living off the land”, this effort helps avoid the detection of older antivirus apps.
Sixty-two percent of the discoveries indexed by CrowdStrike Security Cloud for the last quarter of 2021 involved no malware at all. Instead, the cyber attackers ran standard sysadmin commands and installed ransomware manually.
Lock and leak
Threat actors based in the Middle East used ransomware combined with “lock and leak” information disruption in 2021. Cyber-attackers would encrypt a target’s data to collect the ransom. Nothing new about that. But then they also stole the data, which forced the target to pay more to get the data back or sold it on the dark web instead.
Lock and leak efforts are growing in popularity as cybercriminals can double dip from a single successful infiltration operation.
The cost of cyberattacks continues to grow
Over the past three years, the cost of cybercrime has affected the global economy by nearly $ 1 trillion a year. That is more than 1% of total global GDP.
The average cost of a ransomware attack in 2021 was $ 220,000. The average data breach in 2021 was $ 4.42 million. Even organizations with fully deployed security automation experienced an average data breach cost of $ 2.45 million in 2021. A data breach involving between $ 1 million and $ 10 million in items cost the organization $ 50 million.
Risk management tailored to your needs
The question is no longer whether a cyber attack will happen but how prepared your organization is for the episode when it does. The first step is to get robust insurance coverage against today’s threats and those that develop in the future. Contact the risk management staff at BNC Insurance to learn more.