Motive Of Attackers
It seems like every few months, we hear of yet another company whose data has been breached or most recently held for ransom. While financial gain remains the top motive of attackers, here are just a few ways to help protect your company from being the next victim.
86% of attacks were financially motivated, with organized crime responsible for most external attacks. External actors conducted over 70% of attacks.
Types Of Attacks
“As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount,” said Tami Erwin, CEO, Verizon Business. “In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious.”
Over 67% of all breaches were due to phishing and business email compromises. Credential theft breaches were due primarily to stolen or weak credentials. 25% of credential theft breaches involved phishing, and 22% involved human error.
- The CEO/Executive: The scam appears as an email from a leader in your organization, asking for highly sensitive information like company accounts, employee salaries, Social Security numbers, and client information.
- File Sharing & DocuSign: Phony requests to access files in Dropbox and DocuSign accounts are on the rise, tricking workers into clicking on dangerous links.
- The Romance Scam: This one can happen completely online, over the phone, or in-person once contact is established. But the romance scam always starts with someone supposedly looking for love. The scammer often puts a phony ad online or poses as a friend-of-a-friend on social media and contacts you directly. But what starts as the promise of love or partnership often leads to requests for money or expensive gifts. The lure here is simple love and acceptance.
- The Mobile Phish: Scammers distribute fake mobile apps that gather your personal information in the background or send text messages containing dangerous links.
- Surveys: You get a request to take a survey for a social issue you may care about. Unfortunately, when you click that link, you could be getting infected with malware.
- The Urgent Email Attachment: Phishing emails try to trick you into downloading a dangerous attachment giving a bad actor access to your computer. For example, such emails ask you to download attachments confirming a package delivery, trip itinerary, or prize.
Avoiding Phishing Scams
- Is This Asking For Too Much Information? Be wary of anyone who asks for more information than they need, even if you are talking to a company or bank you do business with.
- Do I Know You? Ask this simple question before responding to a message. First, check to see if you recognize the sender’s name and email address.
- Is That A Legitimate Link? Before clicking on a link, hover over it to see if the URL address looks legitimate.
- Am I On The Web Page I Think I’m On? Before logging in to an online account, make sure the web address is correct. Phishers often forge legitimate websites, like online storage accounts, hoping to trick you into entering your login details.
- Is It Too Good To Be True? Avoid “free” offers or deals that sound too good to be true.
- Is My Security Software Active? Always use comprehensive security software to protect your devices and information from malware and other threats that might result from a phishing scam.
Web application server breaches nearly doubled with more than 80% due to credential theft. Although trailing far behind in second place at 5%, desktop sharing has significantly increased, with the need for remote offices more common due to the pandemic.
- Fake Commerce Sites: Fake product sites are used to sell products that are not worth the price paid or not delivered.
- Credit Card Fraud: They are asking for credit card information to proceed on a website.
- Malware: Software designed to disable your computer system for the scammer’s personal use or to simply damage it. It is also a general term used for viruses, spyware, worms, trojans, and more.
Avoiding Web Scams
- Keep Your Computer Software Updated: Your operating system, web browsers, and apps constantly update to adjust to the scammers’ new tricks.
- Buy From Trusted Sources: Do some research if you are not sure. There are excellent resources for helping identify some unsafe sites when you attempt to visit them.
The detailed information in the Verizon Business 2020 Data Breach Investigations Report (2020 DBIR) is impressive. You can find breakouts by attack methods, industry data, defense methods, and more. Some of the information shared in this story is from MacAfee/Dell security.