Cyber-attacks are becoming more and more sophisticated. Whether on our work or personal devices, cyber criminals are stepping up their attacks at an unprecedented rate.
We all receive spam on a daily basis - whether it’s letting us know about gold hidden in the Middle East or asking us to transfer money to our friend or colleague’s bank account (whose email we later learn has been hacked).
We are not alone in experiencing this phenomenon. Google says that it blocks more than 100 phishing emails a day and Microsoft says phishing accounts for 70% of all new cyberattacks.
Phishing or individual impersonating attacks are a form of what cyber experts call social engineering attacks, designed to manipulate an unsuspecting user to hand over their information. In other words, it’s easier to trick somebody into clicking on a link than trying to hack into their computer by guessing their password.
These Social Engineering attacks now make up 93% of all successful data breaches according to Verizon’s 2021 Data Breach Investigation Report.
The rise of such attacks should be of concern to businesses because many employees are currently working on documents and sensitive information outside the safety of company firewalls.
Consumers should be concerned because they may find that clicking on a simple link for an electric toothbrush turns into a fraud that sees them lose £200,000 as one unfortunate victim experienced.
In this blog, we highlight some of the new social engineering trends that businesses and consumers should watch out for:
Content-Phishing and Phishing as a Service
This is when apps seeks permission to gain legitimate access to company services and files, even though they don’t necessarily implement any code. A high-profile example of this was JetBrains, a Czech software company that was hacked by Russian hackers in order to gain access to a host of US companies including SolarWinds.
Another example was a leak of 28,000 items of personally identifiable information (PII) from the SANS Institute in 2020 according to Security, an industry magazine.
Alongside this is a large and steady rise in “phishing-as-a-service”, with demand for ready-made phishing kits increasing by 120% in 2019 according to analysis. Pricing for such kits range from $20 to $880 according to experts.
State-Backed Social Engineering
The Cold War may be over but the Cyber War is heating up up. State-backed cyber hackers are exploiting an overreliance of many citizens and governments on digital infrastructure as a way of inflicting damage to nation states.
Google Threat Analysis identified an ongoing campaign by the North Korean Government to target security researchers on social media. The analysis said that the hackers pose as cybersecurity specialists in order to interact with security researchers of other companies on social media. The goal of this is to spread malware and gain information about software vulnerabilities according to CNBC.
A more worrying trend is that of “deep fake” videos which uses machine learning (ML) to create remarkably convincing fake videos of people. Many believe that this technique will start to be used in business.
“We’ve already seen these deep fake videos used in political campaigns. It’s only a matter of time before criminals apply the same technique to business” said CyberCube’s Head of Cybersecurity, Darren Thomson.
Finally, many cybercriminals have started targeting more lower-level employees as a way of gaining access into organisations to target high-ranking individuals or the company itself.
The most common example of this was the Ransomware attacks in 2017, when Maersk found itself hacked into via an employee clicking on a phishing email.
It is clear that businesses, governments, and citizens need to become more cyber savvy as online social and work interactions increase. Cyber criminals are stepping up their game big time and we all need to respond in kind.