Emerging Cyber Threats
22.09.2022
Back to blog listEmerging Cyber Threats
How common types of cyberattacks are evolving
Cyberattacks are constantly changing. Find out more about the evolution of cyberattacks and learn some of the best practices to protect against threats.
Key points
Cyberattacks have evolved as companies deploy more interconnected devices and digitize their operations. Supply chain attacks and ransomware are becoming more widespread as cybercriminals become more sophisticated. Protective cyber tools are being developed in order to deal with this challenge. Briefly speaking, a cyberattack is an intrusion that uses some computers to penetrate other computers. Examples range from a simple "brute force" attempt in which a criminal tries an infinite number of possible passwords to sophisticated campaigns, including stolen credentials usage and malware spreading for data stealing and network crippling.
Common types of cyberattacks
The types of cyberattacks vary widely, depending on the attacker, target and tactics used, with risks to businesses falling into the following main categories:
Ransomware and malware:
Malicious cyber actors have found it’s profitable to break into networks, encrypt them and demand payment in exchange for the decryption key. One-third of the world's businesses were affected by ransomware in 2021, many of them more than once, with the average ransom estimated at about $250,000 per attack, according to IDC. The recent “success” of ransomware is partly driven by the increase in popularity of "ransomware as a service" (RaaS). For a small fee (and a share of the profits), anyone with limited programming skills can perform a ransomware attack. Ransomware types have also become more sophisticated. Cybercriminals now use double and even triple extortion methods, stealing sensitive data and threatening to publish it or sell it on the dark web if their demands are not met.
Denial of Service (DoS):
This type of cyberattack involves taking a network offline or launching a distributed denial of service (DDoS) attack that has the same effect: access is shut down by flooding a network with malicious traffic to overwhelm its capacity.
Data theft:
Data theft was one of the original types of cyberattacks, when hackers stole credit card numbers and personal information. But like most types of cyberattacks, such data breaches have grown in scope and sophistication. According to the Ponemon Institute's 2021 report, the cost of a data breach has reached an all-time high of $4.24 million. According to Ponemon, compromised credentials are at the root of many of these breaches, causing nearly 20% of incidents. Intruders gain access to data in numerous ways, both old and new. Phishing attacks capture passwords used as credentials to access corporate networks. Skimming devices placed at point-of-sale terminals collect credit card data. Discarded, lost or stolen devices (phones, tablets, laptops) are a treasure trove of data. Data can also be intercepted from improperly disposed documents or during a phone call by a malicious actor, impersonating himself or herself to be a third party.
Impersonation:
This category includes many types of phishing, from the simple "claim your prize" email loaded with malware to sophisticated "social engineering" in which an urgent email purporting to be from a customer, colleague or supplier tricks a user into performing a malicious task. Attacks such as "whale phishing" and "spear phishing" use online or stolen information about executives to trick their employees or associates into being unaware participants of cybercriminals’ fraud schemes. This category also includes attacks in which criminals create fake websites with similar-looking web addresses, also known as "URL phishing." Such attacks trick users into sharing confidential information or accepting malicious downloads while believing they are doing business with a legitimate company. The resulting damage to companies includes not only lost business and remediation costs, but also damage to their reputation and customer relationships.
Brief history of the types of cyberattacks
More than 50 years ago, an engineer named Bob Thomas developed a self-replicating program to spread experimentally through computers. He named it Creeper (after a character in a "Scooby Doo" cartoon) and the computer virus was born. In the 1980s, with the advent of personal computers, viruses became a weapon, and with the advent of the Internet, the types of cyberattacks began to multiple around the world.
The types of cyberattacks have evolved alongside with the technology development. Just about each technological advance results into a new wave of cybercrime:
• the proliferation of email has led to an increase in phishing attacks compromise of corporate email. Because emails are cheap and have high volume, they remain a top attack vector for intruders.
• the emergence of the Internet of Things (IoT) has enabled cybercriminals to exploit networked devices for cyberattacks, for instance, by turning smart devices into spam servers for DDoS attacks.
• the explosion of mobile communications has led to appearance of such types of attacks as "smishing", which is conducted via text messaging, "vishing", which is conducted via voicemails, and "SIM swapping," in which attackers impersonate cell phone users and convince the telecom operator to activate the account on a new phone, gaining intruders with access to all applications and passwords on the phone.
Post-pandemic emerging cyberattacks
A survey of executives, conducted by Forrester found that 92% of companies were affected by a cyberattack during the pandemic, and 70% were affected three or even more times.
The shift to remote way of work has led to occurence of new attack vectors, which will remain actual as companies continue to implement remote and hybrid ways of work. More than a year has passed since the “pandemic work”, however, about 78% of companies still have some employees working remotely, according to Forrester, what’s more, two-thirds of companies reported cyberattacks targeting remote workers.
A number of new tools and cloud servers have been rapidly introduced to enable collaboration and communication between employees working from home. This, indisputably, has increased the amount of potential vulnerabilities and attack vectors for intruders. Representatives of about eighty percent of companies, surveyed by Forrester replied, that transmission of their critical business operations to the cloud during the pandemic had increased their cyber risks. Companies were warned about attacks on email communications via virtual meeting platforms, which have become common tools for employees to communicate while working from home.
Changing targets in the post-COVID cyber threat landscape include:
• Email. Bad guys have long relied on email as their No. 1 attack tool, but they also evolved their technology during the pandemic and learned how to leverage artificial intelligence (AI) and machine learning to amplify their attacks. New types of email-delivered malware can also detect signs that it is passing through a "sandbox" or virtual machine to quarantine suspicious code. Thus, it performs its malicious actions only after it has left the protected area to avoid detection.
• Software vulnerabilities. Businesses, which try to operate way faster than they currently do are often easy targets for cyber thieves, and a spate of supply chain attacks in 2020 and 2021 has shown, that companies need to be more careful and work with their software vendors to ensure the security of the entire supply chain. Risks, corresponding with these types of cyberattacks are increasing as malicious actors take advantage of software vendors' announcements about patches and updates and then try to exploit vulnerabilities before companies fix them.
• Remote Desktop Protocol (RDP). Another common attack type in the new work environment is the misuse of Remote Desktop Protocol (RDP), which facilitates home-office connections and device support. A recent joint ransomware advisory from U.S. and international cybersecurity agencies cited RDP as one of the top three attack tools used by cybercriminals, along with phishing and software vulnerabilities.
Another trend is the usage of the deepfake technology in order to trick security measures, corresponding to biometric identification. As it was reported by The Federal Bureau of Investigation (FBI), cybercriminals use American’s stolen Personally Identifiable Information (PII) and deepfakes in order to apply for remote work positions. Although often deepfakes are recognized, incidents still occur from time to time. People are used to trust, what they regularly see and hear. For instance, we can remember ‘robotic calls’: in the beginning, people were able to detect, that a robot was on the line. Nevertheless, today some users make a conversation with a robot, being totally assured, that they talk with an operator. With the ongoing development of technology, it may become even more complicated to detect a deepfake.
Another very actual and at the same time everlasting risk is connected with insiders. As any person, who has access to some critical data or organization’s infrastructure is a potential insider, it’s not difficult to understand, that insider related risks are crucial ones. Insider incidents may be splitted in two basic categories: caused by employees’ negligence and caused by a malicious insider actions. In the last case, it’s typical for insiders to sell attackers required data for gaining illicit access to a network or steal and sell some confidential and sensitive data. Still, the insider threat is also often undervalued. For instance, according to CyberEdge group, many companies believe, that they are poorly prepared to deal with insider threat. In the list of preparedness to different threats, insider-related risks were marked number 9 out of 12. Even in case an external attack takes place, it often requires an insider to take part in a violation. What’s more, up to 30% of insider incidents happen due to malicious insiders. According to the 2022 Cost of insider threats global report by Ponemon institute, the average annual cost per incident for the three types of incidents, including employee or contractor negligence, criminal & malicious insider, credential thief accounts for $15,378,635.
Cryptojacking, in which crypto miners inject malware into companies' computers in order to steal the computing power, required for cryptocurrencies mining continue as well.
How to prepare for different types of cyberattacks
Protecting against all types of cyberattacks starts with awareness and training, but many other tools can help defenders protect against all types of cyberattacks.
As costs of data breaches are very high, thus, implementation of measures, aimed at dealing with related issues is a cost-effective way to ensure security and business continuity. With the increase of amount of remote workers, companies tend to implement such security tools, as email gateways, virtual private networks and encryption techniques in order to protect remote workers and corporate systems. The best defense is a good offense when it comes to protecting against supply chain attacks, so good threat intelligence and planning can identify and remediate threats before a breach occurs. After the shock of the COVID pandemic, 77% of organizations planned to spend more on software vulnerability management solutions, according to Forrester.
The bottom line
As the types of cyberattacks evolve, so do the tools, aimed at defend against them. Find out more about tools, provided by SearchInform and how they can help to reduce occurring risks.