The unstoppable advance of data networks in general and globalization is the perfect environment for a new industry, whose main objective is to obtain economic benefit by dealing with other people’s data, or to use them to damage the digital reputation of people, industries or even countries. This new “business”, increasingly advanced and organized industry is known as Cybercrime.
The German company Hornetsecurity, a leader in cloud-based security services, has recently published its annual cyber threat report Cyber threat report Edition 2021/22, which exposes the evolutionand risks of cybercriminal attacks.
You can download the report by clicking on the following link: Cyber Threat Report 2021/2022
A report that should serve to make the industry in general, and people in particular aware of the possible risks and their consequences. From my professional experience, I believe that not much importance is yet given to the consequences of a cyberattack.
Recently in Spain, one of the most prestigious universities, the UAB, suffered an attack that affected many of the university’s services for several weeks.
The lack of investment in cyberattack prevention tools, along with the lack of training makes networks the perfect environment for this new type of crime.
To begin with, according to the report «Hidden Costs of Cybercrime» by the American computer security manufacturer McAfee, the economic losses caused by cybercrime amounted to 945,000 million dollars in 2020. Not a negligible amount. Surely lower than the real one, because remember that many companies do not report these types of attacks, to avoid the bad image it entails, and the «panic» effect it can have on theircustomers.
The media are also responsible for not disseminating, or giving the importance it really has to these criminal acts.
Email remains one of the main input vectors used by cybercriminals.
The company STATISTA have determined that about 300 billion emails are sent every day, according with out Sec Lab only 60% can be categorized as clean.
A good configuration helps to block part of the mails received as spam:
- Correctly configure spf, dkim, and dmarc logs
- Using blacklists and grays in real time
- Use of intermediate mail analysis servers, which analyze and clean the emails before they reach our inbox.
- Use of good antivirus tools.
In the attached graph we can statistically see the types of threats:
The most common way to infect a computer using email is still to send attachments in differentways: compressed, HTML, EXCEL, pdf, Word, etc.
What are the most affected sectors?
With the Threat Index, experts are able to measure attacks across different business sectors. Two conclusions can be drawn from the data. It is obvious that the Threat Index is directly proportional to the sectors with a greater number of companies.
That cybercriminals usually choose those companies where, the success rate of the attack may be higher, or the impact on the business is greater and therefore the possibility of obtaining economic return from the attack is greater.
Attack vectors are many, and increasingly sophisticated:
We see for example the Phising among the most popular. Phishing is an attack that attempts to steal your money or identity by causing you to disclose personal information (such as credit card numbers, banking information, or passwords) on websites that pretend to be legitimate sites.
It is not the objective of this email to detail in depth all the technical aspects of attack vectors, but it is worth remembering that there are several types of Phishing:
The people of HornetSecurity have different solutions that minimize the impact of SPAM, Phishing or similar.
Another quite common case is brand identity theft, where we receive an email from a company almost identical to the original, asking for a certain interaction with the end user, with the clear objective of stealing information or introducing some type of malware, ransomware, etc. Email addresses are usually similar to the original:
The manufacturers themselves provide information to detect fraudulent emails. For example, Amazon provides the following information to its users:
The main affected brands detected by the HorneySecurity laboratory are:
Another topic in constant evolution is Ransomware. This type of attack no longer only encrypts the data and asks for a ransom, but first copies it and the person or company is extorted if it does not want to see their data exposed publicly.
There are numerous organized groups that are dedicated to this type of «business». Among the best known is the Conti group.
Conti is an organized ransomware group with an estimated revenue of nearly $200 million and is considered one of the most successful ransomware groups in the world.
In the article Manuals of the hacker of Conti (in Spanish), we can read technical and detailed information of the techniques that this group of criminals with high technological capacity.
There are many more groups dedicated to this type of extortion: pysa, darkside, avaddon, revil, etc.
In the same line there is Malware, among which we can highlight the famous Emotet. Malware of Trojan type first identified in 2014. During the last few years it has evolved, being able to perform multiple malicious actions, such as stealing access credentials, infecting devices with other types of malware, sending spam by mail to the contact list to self-replicate, etc.
Normally in this type of attack, hooks/links are used to spread the malware.
The forecasts are clear. Growth is inevitable, and it is directly to the growth of different network and data models: BlockChain, Metaverse, etc.
What can we do?
There is no single or perfect solution, but we can put all possible means to avoid the impact on the company of any attack vector that may involve economic damage or even, in the worst case, a closure of the business.
- Training. Key in the fight against cybercriminals. Company personnel must be trained to improve their skills and capabilities in data networks, and in the use of computer tools that may involve a risk for the company or at a particular level.
- Rational use of networks. In the line of training, people must be aware of the use and places they visit. Many websites or emails «attractive» to the end user, pose a clear security risk
- Antivirus. Any company must have a powerful, centralized and managed antivirus that allows to stop most hacking attempts.
- Backups. Every business should have a backup and disaster recovery plan in place. If you will allow me the expression, even of obligatory compliance by law. Why not? Backups are usually the saving element in severe cases of ransomware.
- Third-party applications that act as security gateways for email and cloud backup.
One of the leading companies in the security sector with Microsoft Office 365 is HornetSecurity, a German company of recognized prestige.
It has a set of tools that improve the protection of the Microsoft platform, which we must not forget, is a priority objective for many of the cybercriminal groups.