December 16, 2022
Convergent reviews the major cybersecurity vulnerabilities and breach trends from 2022 and explains why the same risks continue to expose organizations going into the new year.
As 2022 comes to a close, we’d like to take a look back at the cybersecurity vulnerabilities, why they are still relevant, and why they deserve continued attention.
While Business Email Compromise came from humble beginnings – remember the fraudulent asks for gift cards – BEC continues to grow, both in prevalence and sophistication. BEC remains the costliest cybercrime in the United States, with the FBI alone receiving over 20,000 complaints totaling $2.4 billion in adjusted losses in the last year.
Today, email compromise schemes are more sophisticated and prey on the COVID-inspired remote work trend. One example of the increasing sophistication: Bad Actors compromise emails from high-ranking company officials and request a virtual meeting with employees. They use deep-faked video (or a still image and claim to have video and audio glitches) to request wire transfers. After the funds are delivered, the perpetrators move the money into cryptocurrency to throw off attempts at tracking or recovery.
Another vector is Tech Support Fraud (TSF). TSF occurs when scammers impersonate a company’s IT services or a well-known tech company and offer to fix non-existent problems. Losses from tech support fraud doubled in the past year to nearly $350 million and have increased by more than $330 million in the past five years.
Then there are social engineering or vishing attacks, more elaborate schemes that require deep planning and research by the perpetrators.
This type of attack involves a threat actor who impersonates someone to trick a target into providing money or data. It’s one of the most difficult attack vectors to control because it relies heavily on the target’s subjective judgment. Bad actors continue to develop improved tactics and tools that support these types of attacks, to both by-pass multi-factor authentication and more traditional anti-phishing techniques.
SEO poisoning likewise preys on the target’s subjective judgement. It has been described as “phishing using search engines” because attackers use the same methods as legitimate businesses trying to rank higher in online search results, this making the malicious actor’s links more likely to be clicked-on, with resulting chaos and malfeasance.
There are several ways to help protect your business:
With cybercrime’s continued growth in both prevalence and cost, prevention is worth some time and money. Digital Silence strives to be the down-to-earth, sophisticated partner you want on your team, and we have a unique breadth of industry experience that lets us align our work with your specific business priorities. Let us help protect you.