New research reveals nearly 4 in 5 ransomware attacks include threats beyond data encryption.
Online users today, especially businesses, have to be extremely vigilant of cyberattacks. Cybercriminals today are extremely clever, misleading online users in an attempt to steal their personal information.
In 2022, 82% of all breaches involved ‘the human element’. For example, ‘vishing’, emotional manipulation, ‘deep fakes’, and phishing emails.
Dr. Niklas Hellemann, CEO of SoSafe, a cybersecurity awareness provider, says
Whilst it is important for everyday users to be aware of potential scams, it is also just as important for larger organizations, for which – in some cases existence-threatening – financial damage is at stake. Organizations need to empower their teams in digital self-defense. While cybercrime is constantly professionalizing, companies need to activate their employees as part of their cyber defense.
Below, Dr. Hellemann highlights five cybersecurity predictions for 2023 and what to do if you believe you are being targeted by a cyberattack.
Emotional Manipulation
One of the most popular weapons of choice for cybercriminals is using emotional manipulation which is set to rise even further in 2023.
While technical setups change, cybercriminals can always exploit human emotions to open a door into our systems. Emotions Like greed, curiosity, urgency, helpfulness, and fear naturally trigger us and certain behaviors, tricking potential victims into either providing certain information, opening compromised files, or making a payment on time for example.
SoSafe data showed that with an apparent willingness to help, cybercriminals tempted more than a third (37%) of recipients to click on malicious content in 2022. But with praise and flattery, this number rose to 41%.
If you feel any emotional pressure from receiving an email or text message from an organization or person, always try to verify provided information or requested action before actioning anything.
‘Vishing’
‘Vishing’, which stands for ‘voice phishing’, is already being used as a deepfake technology to successfully trick employees into believing they’re talking with members of their own organizations.
As part of a vishing attack, someone will receive a phone call or voice message from someone pretending to be from a reputable company or someone you know. This is to induce individuals to reveal personal information, like bank details and credit card numbers.
Unfortunately, as the quality of deepfake and vishing technology improves and becomes easier to produce, cybercriminals are very likely to be able to conduct successful, more believable attacks this year.
Originally prank calls were viewed as a bit of harmless fun, however, cybercriminals have now realized deep fakes can be used for social engineering attacks as an opportunity to maximize profits.
Genuine institutions or financial organizations will never ask for personal or financial details over the phone. Therefore, it is important to never provide these and rather verify the requested action via other channels – especially if you feel pressured by the request.
Targeting Burnout
Cybercriminals see burnout amongst remote workers and security teams as a vulnerable target opportunity. Employees are stressed due to a continuously changing, uncertain, and difficult situation- particularly regarding our economy. This makes them vulnerable to emotional manipulation.
At the same time, security teams are confronted with increasing complexity. To name one development, the ongoing shift towards hybrid and remote work creates new weaknesses in an organization’s security that specialists need to take care of. With a general increase in attacks, security teams are reaching capacity and suffering from burnout too, leading to more security threats.
As a result, the phishing strategy that increased the most in success last year was exerting authority and pressure on its targets – this tactic’s success rate increased by more than 10%.
Therefore, going into 2023. businesses should try to ensure they provide employees with the right security tools and the skills to protect their data no matter where they work.
Multiple Extortion
Cybercriminals in 2023 will use clever psychological tactics in their extortion, and compound them with further attacks. This is known as Multiple Extortion.
They tend to follow up on their initial theft, encryption, and ransom of sensitive data with the threat of releasing this data if the ransom isn‘t paid.
This is done using methods such as DDoS attacks, crypto mining, or bot networks until their demands are met.
Compound ransomware attacks will attempt to extort higher value sums from organizations, increasing the risk of damage.
Supply Chain Attacks
Supply chain attacks peaked in 2022 and are likely to continue in 2023. This is because cybercriminals are improving at exploiting their victims’ partner and supplier networks. This is normally down to security flaws in the supply chain.
An example of a supply chain attack in 2022 was the hack of the authentication services provider Okta, whose network was hacked by the Lapsus$ group. Okta’s customer information was accessed through Sitel, a company subcontracted to provide customer service functions for Okta. This allegedly impacted more than 15,000 customers.
Therefore, organizations need to be aware that they don’t only need to take care of their own security strategies. Their security is also dependent on one of their suppliers. Hence, organizations need to carefully evaluate security competencies when choosing a new partner.
