When it comes to cyber security, small and mid-sized organisations cannot simply rest on their last update to provide them with enough protection for tomorrow. As we have seen time and time again here in Australia, cybercrime is constantly changing how it attacks businesses.
There has been some good news when it comes to stopping cybercrime as the government recently announced that it is investing $230 million to fight online attacks. In addition to this, IBM revealed that it plans to open a new National Cyber Security Centre in Canberra that will help organisations better prepare and respond to cyber security threats.
This news is very much welcome and will help in the long run but these efforts can’t fend off the countless cyber security threats that your company faces on a daily basis. It is important to not only follow best security practices for known threats but also stay up-to-date on new and potential dangers that can infiltrate your systems and cost your business in time, resources and money.
With this in mind, let’s look at 4 new cybercrime trends that threaten your business and what you can do to fight back.
Malware-infected documents
We previously detailed how malicious Word documents could infect your systems with Locky, a dangerous form of ransomware. Hackers have had great success with this method and are now equipping documents with different types of malware that can harm your company, according to recent research from Sophos. These dangerous documents either contain embedded files that look like an icon that execute malware when clicked upon or use special coding and have the user enable macros to run the malware.
In order to get a user to download and open the document, cyber criminals are using social engineering techniques via email. These emails can appear to come from other employees, clients or people who may need to be in contact with your organisation such as vendors.
What you can do: For starters, double check the email address of all senders and scan files in their entirety for anything malicious that may have been embedded. Also make sure employees know to never enable macros on a Word document.
Attacks become more targeted
Long gone are the days of poorly constructed scam emails claiming they would send you thousands of dollars for your personal details. Today’s attacks are sophisticated and appear more authentic than ever before. Hackers will research a business and find out where they are vulnerable. For instance, a company that accepts CVs from potential applicants via email are a prime target for today’s cyber criminals.
They will send the person accepting the CVs a ZIP file or malware-infected document containing their alleged credentials. The unsuspected employee will open the file, infecting the company in the process. Since many people are unaware of this tactic, it has a relatively high success rate.
What you can do: If possible, do not publish email addresses on your company website and avoid accepting documents like CVs as an attachment. If you must solicit information from people you do not know, it’s best to have them copy and paste the text in the body of the email. And, as always, follow best email security practices at all times.
Familiar threats coming from new places
If you are a regular reader of the Empower IT blog, you know how dangerous ransomware is (and if this is your first time visiting our website you can catch up on the topic here and here). While the primary way for cybercriminals to infect your systems is via email, Kaspersky pointed out that ransomware-infected online games is a new trend that has emerged.
It can be difficult for business owners to monitor every employee while they are at work and without any type of content filtering system in place, it is quite possible some staff members are playing games while on the clock. And that is just a start. Symantec found that there is a form of ransomware posing as an Android app that will lock your phone. This can be extremely problematic for those companies that either give employees a device to use or let them access company files from a personal device.
What you can do: There is no way to really spot these issues, however, putting internet-usage and employee device policies in place can mitigate the risks these activities may bring. And remember, cybercrime is always evolving and may come from a program or device you think is secure.
Malware for the masses
Believe it or not, becoming a cyber criminal is easier than ever before. The online black market, also known as the dark web, is awash with Malware-as-a-Service kits giving individuals all the tools they need to get started as a hacker. No longer does a person have to be a tech wizard to create a program that can harm your IT systems. All they need to do is search online to buy it and then focus on ways to convince users into installing it on their systems.
The people who create malware are talented and continue to develop new threats on a daily basis. And since they now have a marketplace to sell their work, all they have to focus on is creating the technology since others are lining up to buy it. This means businesses now have to deal with advanced technology that is being used by people who specialise in manipulation.
What you can do: Updating security patches, educating employees on the dangers of cybercrime and putting antivirus and email protections in place is a good start. Having a security expert come in and analyse your systems is also something worth considering.
The Director of Empower IT, Salim Sukari says, “These latest cybercrime trends reveal just how sophisticated the sector has become. It is now a multi-billion dollar industry that targets businesses just like yours in order to profit. And while the government and private sector are now focused on improving Australia’s cyber security capabilities, the best way to keep your company safe is to know what threats are out there and take the appropriate action to defend against them.”
Want to improve your cyber security? Contact Empower IT today. We are up-to-date on all the latest cybercrime trends and know how your organisation can best protect itself from the growing number of threats.
