Although there may be a few frightening characters who show up at your door this Halloween, cyber threats are far scarier (and not likely to be appeased by just a few pieces of candy). The FBI reports that in the US alone, potential losses from cyber crimes exceeded $6.9 billion in 2021.
In the spirit of Cyber Awareness month, we’ve rounded up 8 cyber crime trends to look out for in the year ahead.
- Advanced Phishing Techniques
Phishing attacks are any type of communication that appears to come from a trustworthy source and trick the recipient into handing over sensitive information, like login details, security codes, or a credit card number. While phishing isn’t exactly a “new” cybercrime, attacks are becoming more sophisticated and trickier to identify. They’re also leveraging more than just email, and attempting to source information through other communication channels, like text messages and phone calls. Be on the lookout, particularly for unusual requests coming from some of the big name companies that you use most frequently. Companies like DHL, Microsoft, Amazon, FedEx, PayPal, and Apple are among some of the most commonly impersonated brands.
- BEC Attacks
Business Email Compromise (BEC) attacks are a specific type of phishing that’s currently on the rise. In this type of attack, a hacker assumes the identity of someone who has authority within a company—a CEO or trusted external vendor, for example. By either spoofing this person’s email address or gaining unauthorized access to their account, the hacker sends a message to someone, tricking them into sending them sensitive information or even transferring funds.
- Social Media Scams
In 2021, Social media scams laid claim to 25% of all losses from online fraud—double the amount from just the year prior. Unlike other cyberattacks, which typically target older demographics, social media scams tend to be more effective at exploiting young adults.
The most common social scamming attempt to watch out for is false advertising. Scammers create fake online shopping ads that entice people to buy, but the buyer will never actually receive their purchase. Fake investment opportunities are another particularly successful social scamming technique, where the scammer creates hype via a fake social media account and tries to collect funds for a fraudulent investment venture.
- Malicious Cryptomining
Cryptocurrency prices may be falling, but cryptojacking is on the rise. Cryptojacking volume worldwide is up 30% in the first half of 2022, compared to 2021. Malicious Cryptomining (a.k.a Cryptojacking) involves using someone else’s computer, phone, or tablet to mine digital money, or cryptocurrencies. Put very simply, it can work like this: a person unknowingly downloads cryptomining malware on their device. The malware quietly runs in the background, mining cryptocurrency. If a cryptojacker is successful in deploying their malware to enough computers, they can run a lucrative cryptomining operation built entirely on other peoples’ computers. Unlike other cybercrimes, instead of stealing your data or money, cryptomining steals your resources (internet, electricity, computer processing power), for someone else’s financial gain.
- Industry-Specific Targeting
Although no industry is attack-proof, some appear to be more appealing to cybercriminals than others. In the wake of the COVID-19 pandemic, healthcare, in particular, has become a huge target. In just the first 5 months of 2022, the total number of healthcare data breaches has doubled, compared to the same timeframe in 2021. Other high risk targets include public administration, finance and insurance, education, and retail are also high risk targets for cybercrime.
- Distributed Denial-of-Service (DDoS) Attacks
DDoS—Distributed Denial-of-Service attacks have continued to rise in recent years. 2021 saw upwards of 9.84 million DDoS attacks, with 73% targeting education, finance, government, and healthcare. DDoS attacks maliciously flood servers with internet traffic and cripple a company’s operations by slowing page load times or, in some cases, bringing an entire site down.
While DDoS attacks are not new, they’re becoming more difficult to defend against. Cyber criminals have evolved their approach to launch “multi-vector” DDoS attacks. Now, rather than flooding a business with traffic from one entry-point (or “vector”), they’ll funnel high volumes of track through multiple entry-points, making it increasingly difficult and complex to combat and control.
- Open Source Software Risks
Many businesses seek out open source applications as a way to avoid costly software licensing. While this seems like a great way to curb cost, open-source software is notoriously vulnerable and can easily be infected by malware. Once that software is installed on someone’s computer, the user opens themselves up to being exploited by cyber attackers looking for an easy entry point. It might seem like a smart financial decision up front, but paying for security breaches later is a high price for cheap software.
- Small Business Threats
Small businesses frequently make the mistake of thinking they’re not likely to fall victim to cyber attacks. They may reason that there are larger, more obvious targets out there, but the sad reality is that small businesses are three times more likely to be targeted by an attack. And because these businesses often don’t have the right protections in place and lack the funds to combat these attacks, 60% of them are forced to shut their doors within 6 months of the attack.
In addition to proactively ensuring proper security and safety measures are in place to guard against cyber attacks, companies need the protection of proper cyber insurance. Contact Quaker today to speak with one of our cyber specialists to learn more about programs that cover everything from data breaches and business interruption loss to data recovery costs.