In this article, we take a look at some of the newest security threats and what you can do to defend your organisation against them.
1. Business Email Compromise (BEC)
Companies of all sizes are at risk from Business Email Compromise (BEC) attacks – the FBI recently released statistics estimating that US companies alone lost $1.3 billion to BECs in 2018. BEC scams are an advanced type of phishing attack in which hackers target very specific business users in order to steal money. One of the most common types of BEC attacks occurs when an attacker is able to compromise or spoof the email account of someone senior in an organisation, such as a Finance Director, to request the payment of goods or services to an alternate bank account. There have also been recent reports of BEC attacks that have been used to target employee salary payments.
BEC attacks often appear entirely genuine, making them very difficult to spot, and hackers will go to great lengths to improve the success of scams, such as researching individuals and company supply chains.
One of the fastest growing forms of cybercrime, formjacking has become extremely widespread. This is due to the fact that attacks are often very difficult to detect and can be extremely profitable for criminals, allowing huge amounts of personal and financial information to be stolen in a very short period of time.
Formjacking involves a hacker compromising an ecommerce website in order to insert a piece of code designed to read the personal and financial data that users enter into the site. The important thing to note is that the actual transaction goes through as normal, with no indication that anything is amiss. It may only be when the customer is a victim of fraud do they know that their details have been stolen.
The most famous and widespread example of formjacking was the so-called Magecart attack, which was able to compromise more than 50,000 retailers and service providers, including Ticketmaster and British Airways.
Cryptojacking is a relatively new form of cybercrime that has grown significantly in the last year. Cryptojacking involves a hacker taking control of a computer’s processing power in order to mine for cryptocurrencies such as Bitcoin. What makes this type of attack unusual, and perhaps harder to detect, is the fact that it doesn’t attempt to damage or disrupt IT systems.
However, this doesn’t make it a victimless crime. When computers and networks are infected with cryptojacking malware they will usually witness a fall in performance. And if undetected, the attack will continue consuming processing power.
4. Insider attacks
Every business wants to believe they can trust their staff, but an increasing number of attacks are carried out by existing and former employees. Malicious insiders, as they are known, have the potential to misuse access to networks and assets to wittingly or unwittingly disclose, modify and delete sensitive information.
Businesses of all sizes can be attacked by insiders. Even the Coca Cola Company recently announced that it had suffered a data breach, when they discovered a former employee in possession of worker data on a personal hard drive.
How to stay secure
To protect your business against the latest cyber security threats, it’s important to keep up with cyber security trends. When trying to combat these sorts of crimes, it’s essential to constantly re-assess your security posture and invest in detection and response technologies. Cyber security assessments such as penetration testing can be especially valuable in helping to establish whether your system has any weaknesses that could be exploited by criminals.