What is a Cybersecurity Kill Chain? understanding, detecting, and preventing...Read More
It’s 2022 and hybrid office days and work from home days are decreasing, as most of us are returning back to the office after the Covid-19 pandemic around the world. That said a lot of online tools are here to stay and many apps, video conferencing tools have proved to be efficient in a lot of cases.
Unfortunately, this is also good news for cybercriminals that are always looking for ways to get your data, or scam you… Here are the top 3 most dangerous attacks that will be around for the year of 2022.
This one can come in different forms, but the most devastating looks like this: the attackers are patient and time the attack perfectly. How this works is the attacker gains access to an email in a company, it can be a partner, a supplier or other. They start by infiltrating slowly but surely the target’s network. They use keyloggers, or other tools to get a set of eyes in the network, and most importantly the emails going in and out.
The attacker will start to see patterns and then plan their attack… They would send an invoice, or payment request. The target will not notice a thing as the attacker will imitate the email styles and even payment formats. This is why this attack works so well, it may take months for the company to even realise there is an issue.
Some attackers use old employees email addresses, or hack weak passwords in order to gain access to the network. This attack is devastating as some of the hackers wait months or even years before they strike. Maybe they are waiting for a manager to be away on holiday, a new partnership, or even a usual A4 paper supply order… Come to think about it, it’s been the 2nd order this month and only half of the staff are in office…
Phishing attacks are quite effective as they are very easy to create, just copy the website you are targeting, then the attackers will either buy leaked email lists of customers on the dark-net or cold email a list of targets.
A Phishing attack is not an end, it’s a tool to get sensitive information like a password, ID number, credit card numbers, phone numbers etc. Then the attacker will try to gain access to your email or other accounts, to extract as much information on the attacker. Then of course, most probably take your funds where possible.
Crypto currency is a proven secure way to transact, but it does not require any KYC to withdraw or send funds, therefore it becomes extremely profitable for cyber criminals as they can easily hide their assets and easily withdraw them too.
Blockchain technology itself is very secure, even “unbreakable” but the problem comes when blockchains try to create “cross-chain” protocols or importing and exporting assets into new NFT games/ metaverses or other assets. Cybercriminals are actively analysing the bridges for vulnerabilities to exploit and to take funds, NFTs, or assets that are in the “bridge”.
To protect your assets, it’s advised to keep a cold wallet, or store your funds in a popular centralised exchanged that’s regulated in your country. Whilst on this topic it’s also important to be careful where you sign your transactions and to keep your funds in a variety of wallets incase a wallet gets compromised.
Just like you look left and right before crossing a road it is also important to have good cyber practices. Things like always checking the URL, seeing if a website looks a little different from usual, an email looks different… And if in doubt just call your bank or call your partner to double check.