Skip to main content

Feb 2024

Cybercrime doesn't stand still - know how and when to act

As technology, systems and software become more sophisticated, so do the threat actors and their methods for infiltration.

Categories Cyber Essentials and ISO 27001, Cyber Resilience, Cyber Security Strategy

Even the simplest, everyday technologies such as QR codes can lead to a significant breach, loss of revenue and reputational damage. In this ever-changing landscape, this is what your organisation should be looking out for and implementing protections for.

Ransomware and denial of service are increasingly popular methods of attack, accounting for almost half of cyber breaches in 2023.

These attacks continue to be professionalised by ransomware gangs, many of whom operate a software-as-a-service model of ransomware to other criminals (affiliates) less skilled than themselves. These sophisticated and talented gangs provide easy to use tools, training and support as part of their criminal service, enabling hassle-free scale-up.

Many ransomware attacks are leveraging ‘zero day’ attacks where hackers can exploit a flaw before developers are aware of the vulnerability. Attacks using publicised vulnerabilities are becoming more timely, exacerbating the need for companies to patch swiftly, especially for internet facing vulnerabilities.

Some cyber criminals focus on capturing valid credentials to easily facilitate the start of an attack and sell these credentials on a marketplace called an Initial Access Broker (IAB) market. The IAB market is booming with threat actors harvesting valid credentials of companies and organisations to sell onto others. Virtual Private Network (VPN) and Remote Desktop (RDP) credentials are particularly sought after as they provide direct access into a company network.

 

Find out more in the full article published by ALARM here: https://www.alarmrisk.com/resource/cyber-crime-doesn-t-stand-still-know-how-and-when-to-act.html