Cyber criminals have always targeted users, finding it easier to trick unsuspecting employees than to bypass complex technical security measures – and this trend has been growing steadily the last few years. Identify fraud, where criminals impersonate someone else in order to steal their money or use their account to manipulate others, is now one of the most common types of cyber crime there is. Account takeover attacks, where criminals gain access to a user’s account and use it to send spam or phishing emails, is also on the rise, often allowing malicious emails to bypass email security filters.
Cyber criminals are beginning to target Enterprise Resource Planning (ERP) applications, with the aim of disrupting and stealing data from large companies, according to reports from both security experts and the US government. According to a recent report from security companies Digital Shadows and Onapsis, hacktivists and state-sponsored groups in particular and looking to exploit flaws in platforms provided by Oracle and SAP.
SAP and Oracle are believed to be the biggest targets due to long-running security vulnerabilities
New research from DataSolutions, an Irish IT solutions provider, has revealed that a majority (60%) of senior IT decision makers consider human error to be the greatest threat facing Irish businesses and organisations at the moment. This is consistent with results of similar surveys in other countries such as the US or UK, as cyber criminals evolve to target end-users and take advantage of improperly-trained staff instead of trying to bypass or hack complex technical security measures. The survey also revealed that 93% of respondents claim that they have a formal cyber security and defense strategy in place to help navigate today’s online threat environment, particularly in a post-GDPR world.
Cyber criminals are becoming increasingly smart and how they target organisations, targeting un-training staff instead of complex technological security measures
It seems that everyone in the cyber security sphere is talking about ransomware these days. Last year, attacks such as WannaCry, NotPetya and BadRabbit took the business world by storm, costing billions in damages. Ransomware is by no means a new threat (it has been around since at least 2005), but it is one of the fastest growing and most costly. Cyber crime is constantly changing, and criminals keep creating news ways to steal money. Ransomware has gotten increasingly sophisticated since 2005, but the people using and deploying it haven’t necessarily – now some cyber criminals are making more money selling high-tech ransomware strains to non-technical criminals than if they were to conduct the attacks themselves. The result is that more and more ‘hackers’ have access to ransomware and need very little technical know-how to operate it, leading to more and more ransomware attacks each year. It may come as a surprise, then, to hear that the FBI received less reports of ransomware attacks in 2017 than in 2016 and 2015, despite the increase in attacks.
The FBI reported just 1,783 reports of ransomware attacks in 2017, compared to 2,673 in 2016 and 2,453 in 2015.
The world has not seen the last of Meltdown and Spectre, according to a recent report by cyber security and firewall specialists SonicWall. By January 2018, the company had already come across 500 ‘zero day’ malware programs designed to take advantage of various processor vulnerabilities. On Meltdown and Spectre, SonicWall has said, “It’s likely these are just two of many processor vulnerabilities already in play. We predict the emergence of password stealers and infostealers to take advantage of Meltdown and Spectre vulnerabilities”.