The global economy for cybercrime is booming — reportedly generating revenues of 1.5 Trillion USD annually. As technology evolves, cybercriminals have diversified their targets, exploiting new vulnerabilities coming from unexpected directions. Here are three emerging cybercrime trends that demonstrate how diversified targets are enabling criminals to detect and exploit new vulnerabilities.
Cybercrime Diversification Trend #1: Exploitation of Human Error
One of the growing threats, is to focus directly on people. Although we have covered this threat before, it bears repeating because people are the single biggest threat to business data security. The growth of this attack method is evidenced by the increasing volume and sophistication of phishing attacks that take advantage of human error. According to a recent Data Exposure Report, 65% of CEOs and 78% of CSOs have admitted to clicking on a link they should not have. Check out our earlier post for the top actionable ways you can fortify your defenses.
Cybercrime Diversification Trend #2: Disruption and Destruction
While the majority of cyber attacks are motivated primarily by intelligence gathering, over the last year there has been a significant increase in attacks that are designed to disrupt and destroy. Groups using destructive malware increased by 25% in 2018. These disrupt and destroy type of attacks are not only aimed at businesses, but also at organizations that power systems that we rely on without even thinking about it – utility companies, satellite communications, and potentially the vast network of connected IoT devices.
In 2018, Hackers working for Russia claimed “hundreds of victims” last year in a giant and long-running campaign that put them inside the control rooms of U.S. electric utilities where they could have caused blackouts. Also during 2018, the Thrip group compromised a satellite communications operator and infected computers running software that monitors and controls satellites. The attack could have given Thrip the ability to seriously disrupt the company’s operations.
Cybercrime Diversification Trend #3: Indirect Targets
Another notable development is the increase of attacks on indirect targets. Supply chain attacks were reportedly up by 78%. Organizations now have to consider strategies to protect their environments outside of their firewalls as cyberattacks shift to partner or shared environments as an entry point. According to a recent Supply Chain Insights report, today’s investments in an end-to-end supply chain are not effective in risk mitigation. Worse, only 37% have visibility of extended-tier suppliers and most lack the solutions to manage global complexity. That leaves the field wide open for exploitation.
Tip for the day: When you’re evaluating your risks, don’t forget to evaluate your risk of indirect attacks. With an ever evolving threat landscape, hyper-vigilance is a key element of defense.