Hackers are constantly inventing new ways to attack you. However, some attacks have become "classics" that you should always be aware of. But there are also more recent attacks that are likely to become the most worrying threats for companies. Follow this guide...
Cyber attacks are evolving and mutating at full speed in a never-ending race between hackers and IT security engineers. If some viruses and other hacker strategies are quickly outdated due to the obsolescence of the technologies that drive them and the updates of cybersecurity actors, we can still observe processes and threats that remain standards to be wary of. It is therefore useful to keep in mind the current situation and the reality. Nevertheless, other attacks are already emerging and are a real danger that you should anticipate and include in your IT security protocols. Beware, this reading includes the virus... of learning more.
1/ Phishing or Spearphishing
What is it?
It's a group of e-mails looking like they're sent from real organizations or institutions (banks, taxes, internet operators or energy providers, or even the police), or even from people you know. Their goal: to make you click on a link that will send you to a web page that looks like an official page, or that will install a virus in your system. From there, by playing on your fears to solve a so-called urgent problem, you will be asked for information that the hackers will then use for their own benefit: login accounts, passwords, bank or identity details, etc.
Between January and December 2021, Microsoft blocked more than 37 billion phishing attacks and other fraudulent emails targeting businesses or consumers.
In fact, more than 80% of cybersecurity events involve phishing attacks and 94% of cyberattacks are activated from an email. Beware: up to 85% of links would be sent via SMS/MMS (smishing) and social networks.
In France, phishing remains the most common attack method. 73% of companies declare it as the main entry way for attacks.
What is it?
"A ransomware is a computer software that takes data as a hostage. It encrypts and blocks the files on your computer and claims a ransom in exchange (...) quite often, the ransomware infiltrates in the shape of a computer worm or Trojan horse, via a downloaded file or a file received by e-mail (...) the purpose is to extort a certain amount of money".
The ANSSI identifies three trends in ransomware: Big Game Hunting, RaaS (Ransomware as a Service) and double extortion.
Ransomware is one of the most dangerous types of hacking because it is relatively easy and cheap to achieve.
In January 2021, a study conducted by the French National Agency for Information Systems Security (ANSSI) noted a 255 % increase in reports of ransomware attacks for 2020. By 2022, according to Avast experts, the situation is not expected to calm down. The Log4Shell flaw, which appeared in December, is already being used for ransomware attacks. These attacks now constitute 78% of all cyberattacks.
Who are main victims?
"75% of ransomware victims are now small and medium-sized businesses that have insufficient dedicated resources." According to the Anozr Way Ransomware Barometer 2021, France would be the EU country most targeted by cyberattacks with the insurance and finance sectors as the main targets (20% of ransomware).
3/ DDoS, Distributed Denial of Service
What is it?
"This kind of attack aims at disabling a server, a service or an infrastructure. It can take different shapes: a saturation of the server's bandwidth to make it unreachable, a depletion of the machine's system resources, preventing it from responding to legitimate traffic.
DDoS made an unexpected comeback in 2021: "According to a Cloudflare report, DDoS attacks increased by 175% between Q3 and Q4 2021, and by 29% year-over-year (...) one in three people report being a victim of such an attack in December 2021"
Online shopping sites, online casinos or any company or organization providing online services.
Coming threats in 2022:
For Avast experts, the first cyber threat to be afraid of is deepfake audio (spearphishing): inspired by deepfake, deepfake audio would allow to mimic an executive or an employee with a synthetic voice in order to obtain confidential information. Encouraged by the number of remote workers, this attack could do a lot of damage.
top 2021 threats : Top 2021 threats include ransomware, pandemic-related scams, and fleeceware
Attacks on mobile devices: "managing cell phone vulnerabilities will gradually become a priority in the field of corporate security". As a personal tool often used in a professional context, mobile devices are a key target for hackers thanks to their valuable information. The potential for hackers is great: 60% of social network use is done on mobile smartphones. In 2021, zero-day or Pegasus attacks against iOS, the mobile operating system developed by Apple, have been numerous. Unlike a PC or a Mac where the installation of protections is possible, under iOS the vulnerabilities are more likely.
Cloud and outsourced services attacks on the rise: welcome to the era of liquid computing! The use of cloud-based infrastructures and solutions has made it easier for companies to adapt to the difficult situation of the Covid19: telecommuting, remote control of industrial sites or even online commerce are all growing rapidly. But this revolution has come at a cost: an increase in cyberattacks on more vulnerable equipment. Cloud services are now under maximum surveillance against this type of attack, bringing cybersecurity into a new era.
Cryptocurrency, the new loot of hackers? "95% of computer attacks on cloud servers would actually be used to mine bitcoin," according to a 2020 report by Aqua Security. And the sums can reach record figures: in December 2021, a hacker apparently managed to seize $120 million in cryptocurrency. Netflix is even considering a documentary on "the largest hack in bitcoin history."
Used for ransomware, cryptocurrency is an easy, fast and inconspicuous payment method for hackers, well beyond bank transfers or suitcases full of easily traceable cash. Some also target cryptocurrency exchange platforms, like bitcoin, to break into their servers. By gaining access, hackers obtain passwords to customers' digital wallets that are sometimes stored there. Then it becomes very easy to transfer bitcoins from one account to another.
More difficult and in theoretically impossible: trying to hack the blockchain itself. Yet, one platform, Gate.io has thus lost $ 200,000 in 2019. However, specialists say that platforms have strengthened their security and that the stolen bitcoins put back into circulation are traceable and impossible to sell. In 2022, 3.6 billion dormant bitcoins, stolen in 2016, were recovered in this way.
As you can see, hackers know how to use their imagination and ingenuity to steal or hold you to ransom by blocking or stealing your information. However, it doesn't have to be that way. Whether you have your own CIO team or use a company specialized in cybersecurity, there are numerous solutions offering various levels of security to protect you from these attacks. You can read more about this in the rest of our article here.