We’re seeing an evolution in cybersecurity threats that may create new security challenges for businesses. While phishing and malware certainly aren’t going away, new threats are emerging that require business leaders and their CISOs to rethink security protocols.
Cybersecurity and Artificial Intelligence
Artificial intelligence isn’t inherently a dangerous tool. In fact, AI and other automation tools can streamline your business processes, free up employees’ time, and reduce errors. Unfortunately, cybercriminals find AI similarly helpful, and in recent years, they have been learning how to use AI to amplify the effectiveness of existing scams. Common scams that you think your security protocols already protect against may need to be reevaluated once AI comes into play. Let’s look at phishing as an example.
Phishing attacks are social engineering scams that attempt to deceive people into providing sensitive information or data. A common phishing attack is when a hacker sends an email purporting to be a reputable company that requests the user’s login credentials, credit card information, social security number, or something else. AI is making this task easier for criminals by:
- Fixing grammar and spelling mistakes in a phishing email.
- Incorporating information about the person’s employer — like their bosses’ names or the company’s logo — to make it more believable.
- Intelligently responding to email inquiries, making individuals think there is a real person talking to them.
- Using deep fakes to build believable video or audio messages.
- Creating fake websites or forms to collect user information.
Other Emerging Threats
Phishing, ransomware, malware, DDoS attacks… these cybersecurity threats are alive and well. But hackers and threat actors are finding new ways to attack businesses to get the information they want.
Credentials Harvesting
Hackers can harvest your employees’ credentials in a myriad of ways — phishing, malware, email scams, malicious extensions to applications, fake websites (aka domain spoofing), etc. The credential harvester will watch and record keystrokes as your employees enter their login information. Credential harvesters will store these usernames and passwords and use them to gain access to your systems when the time is right. And because they often use the harvested usernames and passwords months or years after they’ve harvested them, it can be difficult for you to pinpoint the vulnerability or even recognize that you had a data leak.
Infiltrating Edge Devices
Edge devices are the boundaries between the digital world and the physical. They connect people and places with information by transmitting, storing, converting, or processing data. Nearly any device or system can be an edge device — smartphones, computers, medical devices, smart speakers, thermostats, self-driving cars, etc. Edge devices are typically not as protected as the systems themselves, which make them more easily accessible to hackers and threat actors. Hackers are focusing more of their energy on gaining access through an edge device than through the system itself because they are less likely to be detected.
Living Off the Land Attacks
Living off the land (LOTL) attacks are advanced types of malware attacks. Unlike traditional malware attacks which require the user to download a file or software that grants the hacker access to the user’s systems, LOTL attacks use the existing system’s functionalities. By using the tools already imbedded in the system, LOTL attacks can control, damage, or disrupt systems without raising any of the traditional alarms.
LOTL attacks work in some of the following ways:
- Exploiting trusted systems or tools.
Existing tools within the operating system (like Windows PowerShell) can be infiltrated with malicious code. Because the tools are trusted, the attack easily avoids detection.
- Hiding malicious code in benign files.
When attackers hide code within a benign file (like a PDF) that then executes when the user opens the file, they can gain access without the user downloading or installing any malware.
Exploiting SaaS Provider
If your business uses software hosted by a third party, be wary of this scam. Hackers can gain access to your systems by infiltrating the systems of your software as a service (SaaS) provider.
Small businesses are leveraging SaaS more than ever before. Third party-hosted cloud software is often cheaper and easier to implement than on-site applications. But when you use a SaaS provider, you must trust that they have adequate protections. If your SaaS provider has a security weakness, your business is at risk of data breaches. Unfortunately, managing SaaS security risks isn’t as straightforward as securing in-house software. Even if you appropriately vet your software provider (by reviewing their breach history, understanding their privacy policies, looking at their reputation, etc.) and know the capabilities and limits of the software, their security practices may still be lacking.
Cybersecurity Tactics to Implement
Securing your systems and the applications you use is only going to get more important as our world is more dependent on technology year after year. Fortunately, there are a few best practices that will put you well on your way to adequately protecting your employees, your customers, and your business as a whole. If you want to discuss these practices with our team, reach out to us today. Our Meaden & Moore advisory team would be happy to assist.
