During the last couple of months, the ability of organizations across most industries to quickly shift priorities in response to the global outbreak of the novel coronavirus has been put to the test.
As is always the case, some organizations are coping better than others, but they all face one major challenge that is making it difficult for them to do business in the post-COVID world: cybercriminals who are working overtime to make a profit during these turbulent times.
According to FBI Deputy Assistant Director Tonya Ugoretz, the number of cybercrime reports has quadrupled compared with months before the pandemic, which is one reason why cybercrime is expected to cause $6 trillion in damages by 2021.
What Are the 4 Types of Cyber Attacks All Businesses Need to Know About?
To keep cybercriminals at bay, organizations must familiarize themselves with their tactics and strengthen their cybersecurity defenses accordingly. Here are the most common types of cyber attacks to watch out for in 2020 and beyond.
- Phishing
- Verify the sender’s identity using a different communication channel.
- Use an anti-spam filter and keep it up to date.
- Never give out any personal information about careful consideration.
- Malware
- Install a reliable anti-malware solution.
- Keep all software updated.
- Enforce safe browsing and email practices.
- Man-in-the-middle Attacks (MitM)
- Avoid using public Wi-Fi networks, especially if they are not encrypted.
- Use a virtual private network (VPN) for secure remote access.
- Never enter any sensitive information on a website that doesn’t use HTTPS.
- Business Email Compromise (BEC)
- Watch out for out-of-character emails from management.
- Secure all email accounts with multi-factor authentication.
- Personally verify payment requests.
Anyone can become anything on the internet, and cybercriminals interested in obtaining sensitive information from companies don’t hesitate to disguise themselves during electronic communication as government agencies, non-profit organizations, or employees of the same company.
Despite relying mainly on lies and deception, phishing is the most common cause of data breaches in the world, and cybercriminals are constantly perfecting it. One of its most dangerous forms is called spear phishing, and it involves sending carefully crafted emails to a well-researched target, instead of bombarding thousands of targets with the same email message.
Recommendations and prevention tips:
The term malware refers to any malicious software whose purpose is to infect a computer, server, client, or network and cause damage. In the past, viruses, worms, and spyware were some of the most common forms of malware. In recent years, cybersecurity experts have been reporting a massive surge of ransomware attacks, whose purpose is to extract money from victims by denying access to important data.
In the first quarter of this year, the average ransom paid by victims to ransomware attackers reached $111,605, an increase of 33 percent from the previous quarter. A sum of this size may be a drop in a bucket for large enterprises, but it can be devastating for small and even medium-sized organizations.
Recommendations and prevention tips:
Cybercriminals like to play spy and eavesdrop on private conversations between two parties by launching man-in-the-middle attacks. A good example of a man-in-the-middle attack is when a cybercriminal connects to a poorly secured Wi-Fi network used by an employee to remotely access their company’s network and transmit important business documents.
In fact, cybercriminals sometimes set up seemingly legitimate public Wi-Fi networks just to lure in unsuspecting victims and collect all information they send. They can even redirect them to fake login pages to steal usernames and passwords. According to IBM X-Force’s Threat Intelligence Index 2018, man-in-the-middle attacks are responsible for about 35 percent of exploitation activity on the internet.
Recommendations and prevention tips:
Business email compromise, or BEC for short, is arguably the hottest scam in the cybercriminal community right now, accounting for half of all cybercrime losses and amounting to nearly $75,000 per complaint. However, the most interesting thing about BEC isn’t its effectiveness—but simplicity.
Typically, a cybercriminal targets a company that conducts wire transfers with suppliers abroad. Next, the cybercriminal either hacks an email address of someone with the authority to issue payment
requests or just spoofs it. Then they send a wire transfer request to an employee responsible for such operations. Because the request appears legitimate, the employee sends the money, not realize that the entire company has just been scammed.
Recommendations and prevention tips:
Conclusion
If there’s one thing the coronavirus crisis has taught us about cybercriminals, it’s that they don’t think twice about taking advantage of a bad situation and targeting those who are affected the most by it. As such, no organization can afford to put cybersecurity on the back burner while it figures out how to operate in the post-COVID world.
If you lack the resources to protect yourself against the cyber attacks described in this article or are interested in a comprehensive cybersecurity solution designed from the ground up to meet your needs, please visit our cybersecurity page to learn more about our solutions.