April’s crazy day saw jokes from friends and families from every major brand in the world. The month may have started with a lighter note, but will continue Cyber security the threat to both businesses and individuals is not ridiculous. Organizations spent time admiring the best pranks, but cybercriminals continued their game to further identify victims with new and innovative methods.
About the author
David Higgins is the Technical Director of the EMEA CyberArk.
Traditionally, one of their most popular tactics has been phishing. Social planning technology has been used successfully for years to attract businesses employees as well as unsuspecting consumers – to disclose sensitive information such as payment information or passwords. However, the sophistication of these attacks has risen sharply with COVID-19.
IT management teams need to be prepared for the huge amount of innovation currently coming from the cybersecurity industry. This includes observing new tactics and how they and employees can protect themselves from them.
Deepfakes as a growing threat
We know that the success of a phishing attack is based on credibility. Cybercriminals rely on people who believe they are someone else to access networks, whether it’s a credible-looking email that is supposedly sent from a legitimate source or a fake video message that cheats a trusted colleague. That’s why deep fraud is a concern – anyone can seem to look like someone else with obvious authenticity.
In fact, earlier this year, the FBI warned that malicious threat actors will “almost certainly” use deep counterfeiting as a tactic to advance their cyber operations over the next 12 to 18 months. Deepfake technology has the potential to completely change the phishing environment because it allows threat actors to move beyond text and take advantage of the deep level of trust in video or verbal communication.
Deepfake videos have already been used successfully to disseminate disinformation, mainly political, and it is only a matter of time before this technology is used to achieve other goals. The highly competitive nature of the business also means that there is also a strong chance that we will see distortion campaigns aimed at weakening competitors, such as the telecommunications group Viettel.
It is time for IT teams to understand the threat this technology poses to their business and take steps to train for deep counterfeit attacks, as it is likely that they will be targeted using this tactic in the near future.
VoIP ingenuity has proven successful
Vishing is yet another example of the ingenuity of cybercriminals and the constant evolution of their tactics, techniques and procedures.
Defined as unwanted calls or voicemails that have been fraudulently made by someone who claims to be a trusted service or co-worker. Vishing is becoming more common when attackers use VoIP (Voice over Internet Protocol) technology to make these calls over the Internet instead of having to use the original phone line. The number of such attacks has also increased dramatically during the pandemic, and the UK National Cyber Security Center (NCSC) warned of such attacks in its recent advisory report. working from home safety.
We know that offensive attacks have also already proven successful, and hackers are known to use tactics last year to target and successfully manage Twitter accounts of CEOs, business, celebrities and politicians, including Joe Biden, Jeff Bezos, Apple and Uber.
Voice cheating technique to deceive victims
We already know that false presentations are not limited to the video format. Still, countless and beyond, many hackers are experimenting with voice customization software that allows them to emulate the sounds of contacts known to victims when conducting voice-based phishing attempts, such as through phone calls or even audio files.
This software opens up the number of attack vectors available to malicious players, and IT teams need to be wary of these new means. Social planning techniques are constantly being developed to attract unsuspecting employees to hand over money, information and credentials, which is very worrying given that tools like speech adjustment technology are available to everyone and everyone.
BEC and phishing attacks continue to wreak havoc
Globally, 35% of companies experienced a spear request in 2020, and 65% experienced BEC attacks. These technologies may have been in use for a long time, but they are still the most effective tool in a cybercrime arsenal, and people will continue to use them.
BEC attacks are one of the most damaging cybercrimes, and the NCSC found that they were the main cause of cyber insurance claims in 2019, which is not surprising given how often they successfully target organizations of all sizes. But why do people still fall for them? The answer is that hackers rely heavily on technological innovations and stolen credentials to make their attacks much more sophisticated that we are used to seeing. The introduction of a wider range – and novelty – on these attack routes will greatly increase their chances of success.
Protect your business with a “presume infringement” mentality
Cybercriminals take precedence, and companies are still bad at social planning techniques. It is time for organizations to take responsibility for their cybersecurity strategies and adopt an “assume breach” mentality.
The best way to start a strong, multi-layered approach to cyber defense is to be proactive, not just reactive, in protecting the sensitive credentials sought by their attackers. Above all, organizations should prioritize three measures to change cybercriminals to the success of phishing: AI-based detection tools to detect vishing and deepfake attacks, privileged access control practices to restrict access to sensitive areas of the network, and training employees to ensure that they stay afloat.