Shadow IT and the growth in applications at use in the work environment, together with the Internet of Things (IoT), have led to an increase in entry points that cybercriminals can exploit for phishing and other attacks. This environment is made more troubling by the lack of corporate security awareness training to identify threats. As bad actors become more sophisticated in their attacks, so too have their success in gaining access to corporate data, financial assets, and networks.
Here are 7 sophisticated cyber-attacks that are difficult to stop, and growing in 2019:
- Magecart is a data skimming technique where bad actors will use a browser to steal sensitive data from online forms – mainly from consumer-facing websites such as reservation sites or e-commerce sites. Web-skimming threats like Magecart were significant in 2018 and still are here in 2019. Check out this Wired article that shows a card-skimming Magecart attack that has hit 17,000 domains and continues to grow in scope.
- In early 2019, cybercriminals attacked mainly Russian Asus laptop users by hijacking a legitimate software update tool to distribute malware, which then created a backdoor to these affected laptops. 57,000 users were infected worldwide.
- Credential-stuffing is a technique where login credentials gathered from previous breaches are used in automated attacks on other sites. Because people often use the same username and password from site to site, this attack is successful about five percent of the time. In 2018, there were 115 million credential stuffing attacks every day!
- As we’ve touched on previously, there has been significant growth in rogue browser extensions that serve as malware. While some serve legitimate purposes, they can be hijacked (“man-in-the-browser”) and serve as silent keyloggers, screen scrapers, two-factor authentication interceptors, and for data exfiltration. They are difficult to detect because they are part of a trusted application and often served by Google and other app stores, and are simple JavaScript and HTML, rather than an executable.
- 2019 has seen a significant increase in PDF-based attacks and weaponized documents. SonicWall discovered more than 47,000 new attack variants within PDF files in all of 2018, but found 73,000 attacks in March 2019 alone.
- The popularity of Microsoft Office has created an environment where macro-based attacks can launch simply by a user opening a document without giving approval for macros to run.
- Bad actors are also using local Windows tools to infect endpoints, such as PowerShell, Windows Scripting Host, and the Windows Management Instrumentation command line once they take over admin privileges.
Cybercriminals are successful in large part because many organizations are not carrying out due diligence in addressing the problems of BEC, phishing, spear phishing, ransomware and other threats. For example, many organizations provide no or inadequate security awareness training, so their users are not trained to recognize some of the more common threats. Many don’t back up their data so that they can recover from a ransomware attack. Many don’t have good security against threats like phishing or spear phishing. Many don’t have the internal control processes necessary to enable the recipient of a BEC attempt to verify requests for wire transfers or information. Many have not adequately addressed the problem with Shadow IT, allowing threats to enter through unprotected channels. In short, there are things that organizations can do to protect themselves, but often are not doing.
SEERTM threat detection technology is the foundation of SlashNext anti-phishing solutions. It is a smarter, cloud-powered approach to real-time threat detection that catches phishing threats which can evade URL inspection and domain reputation analysis methods. Both SlashNext Real-Time Phishing Threat Intelligence and SlashNext Targeted Phishing Defense use SEER technology to accurately detects all six types of phishing threats—with near-zero false positives.
See what threats you’re missing. Contact us for a demo or try SlashNext Real-Time Phishing Threat Intelligence free for 15 days.