Here’s a surprising statistic to kick off the new year, 68% of surveyed business leaders feel that cybersecurity risks are worsening.
The surprising bit? That it’s not closer to 100% who believe their organisation is under cyberattack like never before!
Yes, there have been some high-profile hacking cases in the last few months (Medibank and Optus, for example). However, SMBs with weaker cybersecurity find themselves in the criminals’ crosshairs.
Rewards from ransomware and phishing scams for SMBs might be lower, but the risks to the hackers are lower – and there is a never-ending supply of ‘customers’.
To protect your business in the coming year, it’s essential to know the attack trends.
What new methods are hackers using? What types of attacks are increasing in volume?
Knowing the answers helps you stay on top of IT security and mitigates the risk of a data breach or malware infection.
Let’s dive in.
Attacks on 5G devices
5G is finally beginning to fulfil the promise of lightning-fast internet. As providers build the infrastructure, you can expect this to be a high-attack area.
Hackers are looking to take advantage of the 5G hardware used for routers, mobile devices, and PCs. Anytime you have a new technology like this, it’s bound to have code vulnerabilities. This is exactly what hackers are looking to exploit.
What can you do? Be aware of the firmware security in the devices you buy, as some manufacturers will build better firmware security into their designs than others. Make sure to ask about this when purchasing new devices.
One-time password (OTP) bypass
This alarming new trend is designed to get past one of the best forms of account security. Multi-factor authentication (MFA) is well-known for preventing fraudulent sign-in attempts. It can stop account takeovers even in cases where the criminal has the user’s password.
There are a few different ways that hackers try to bypass MFA. These include:
- Reusing a token: Gaining access to a recent user OTP and trying to reuse it
- Sharing unused tokens: The hacker uses their own account to get an OTP. Then attempts to use that OTP on a different account.
- Leaked token: Using an OTP token leaked through a web application.
- Password reset function: A hacker uses phishing to fool the user into resetting a password. They then trick them into handing over their OTP via text or email.
What can you do? Train your team around MFA best practices and have a consistent protocol.
Attacks surrounding world events
During the pandemic, the cyberattack volume increased by over 600% as large criminal hacking groups realised that world events and disasters are lucrative. Now, attacks come under the guise of everything from the latest hurricane or typhoon to the war in Ukraine.
Unsuspecting people often fall for these scams because they are often distracted by the crisis, with hackers using social engineering tactics, such as sad photos, to play on emotions.
What can you do? Treat charity communications as a potential threat like anything else. Check email addresses are legit and go direct to a website rather than click a link.
Smishing and mobile device attacks
You may have noticed a sharp rise in SMS-based phishing (“smishing”) recently as cybercriminals cash in on our obsession with our mobile devices.
Most people aren’t expecting to receive fake messages to their personal numbers, but mobile numbers are no longer as private as they once were.
Hackers buy lists of them online and then craft convincing fake texts that look like shipping notices or receipts. One wrong click is all it takes for an account or data breach.
What can you do? Mobile malware is also on the rise, so it’s vital to ensure that you have good mobile anti-malware and other protections on your devices, such as a DNS filter.
Elevated phishing using AI and machine learning
Remember when all you had to do to avoid a phishing scam was not send money to a fake prince?
These days, phishing emails are not easy to spot, and criminal groups have taken things to the next level with AI and machine learning.
Not only will their communications look identical to a real brand’s emails, but they will also come personalised as the hackers know it will capture more victims.
What can you do? Never click on a link that looks remotely suspicious. Triple-check before taking action, as it could cost the company a small fortune.
Book a cybersecurity check-up
Is your business prepared for the cyber threats coming in 2023? Don’t wait to find out the hard way! Call us and schedule a cybersecurity check-up and team training to stay one step ahead of the cybercrims.