Businesses Should Be Aware of Growing Cyber Attacks

In the coming days, it is estimated that businesses and their owners are likely to be targeted by cybercriminals. There is a strong chance that they could be the next victim of Cyber attack.

According to bizjournal quoting Ed Cabrera, Chief Cybersecurity officer at Cybersecurity Solutions firm TrendMicro. “Emails from business leaders – such as Chief Executives, Chairpersons or Residents – are most likely to be compromised by hackers looking for their next big windfall.

At the Florida International Bankers Association’s Annual Financial Cyber Security Conference, Cabrera said that “Anyone in your organization who has the ability to transfer money should be on the lookout because they’ll be targeted”.  The two-day conference held in downtown Miami on Oct. 29-30, centers on cyber-crime threats in the financial services industry and what companies can do to protect themselves as well their customers’ assets.

Cabrera added that Credentialed phishing attacks, “tabnabbing” and “watering hole attacks” are among the top cyber threats facing businesses in the United States, who outlined the evolving cyber threat landscape and its connection to underground criminal networks during his keynote address.

The World Economic Forum in its 2018 Global Risk Landscape report listed cyber attacks, as well as data theft and fraud, as two of the top five threats facing businesses. The attacks against businesses have almost doubled in the recent year and may trigger a breakdown in the systems that keep societies functioning. In the coming years, we are going to see extraordinary financial losses in business and some fear that attackers could eventually grow.

The financial services industry is particularly vulnerable to attacks because of their crucial role in moving funds, according to a report from the International Monetary Fund. The organization reports the average potential loss from cyber-attacks could be as much as nine percent of a bank’s global net income.

Phishing attacks aren’t very sophisticated, but they’re incredibly effective, but it is still one of the top ways hackers target individuals within businesses, said Cabrera.

Tabnabbing, a phishing attack that asks users to enter their login details to popular websites, is also on the rise. A classic example is an incident that happened in 2017 when Gmail users received an email asking them to download an application called “Google Defender” to prevent them from security breaches. The link in the message appeared to direct users to a legitimate third-party Google site, where they need to enter the login information that was later used to track their email activity.

Cabrera said tabnabbing can be difficult to detect because attackers will impersonate websites commonly used by their target.  He said “You might think, ‘OK, I’ve been timed out, let me log back in.’ Then when you enter your personal information it will capture that information and redirect you to another page.”

Another cyber threat is watering hole attack. In this scenario, an attacker aims to compromise a specific group of end users by infecting websites they’re known to visit frequently. Once the attackers have access to a network of user information, they can distribute malware to their computers.

While cybercrime has been on the rise since the 1990s, Cabrera said the number and variety of attacks have skyrocketed in recent years. Cyber criminals have utilized the deep and dark web to create a marketplace for themselves. The process not only allows them to quickly coordinate and execute cyber-attacks ­­– it lets them collaborate in the creation of malware and ransomware.

“They’ve actually created an end-to-end service for other criminals and that’s why we’re seeing an escalation of cybercrime and breaches,” Cabrera said.

In Cabrera’s opinion, businesses should constantly educate employees – you need to tell the employees why they must care about cyber-attacks and what those attacks could look like. From C-suite executives to entry-level workers – should be aware of the risks and signs of cybercrime. Ultimately, all you need is awareness and training.