In the first few weeks of 2022, local e-mail security and mailbox hosting provider SYNAQ successfully fended off more than 30 million brute force cyber attacks. A brute force attack is when hackers use trial-and-error to work through all possible combinations in order to capture login passwords or encryption keys.
According to SYNAQ CTO Sam Gelbart, these attacks originated from over 90 000 unique IP addresses around the world but located mainly in Brazil, China and the United States – and they are nothing new.
“SYNAQ’s platforms are always under attack and the last year has seen much of the same,” he says. What has changed, however, is the significant increase in the number of threats relating to social engineering and organisational impersonation since the pandemic began.
“These remain our top two threats. And this, coupled with the way COVID-19 has affected our psychology, has led to cyber criminals developing strategies that deliberately play on our fears, uncertainties and doubts,” Gelbart adds.
In addition, cyber criminals were quick to take advantage of the vulnerabilities in cyber security defences resulting from the COVID-led launch of the new work-from-home (WFH) era.
The speed at which companies had to change to cater for mostly remote workplaces meant that many were unprepared to secure their users to the extent they could when working from a central location. Conventional technology, policies and processes were found to be heavily reliant on enterprise ring-fenced security; their weaknesses became all too apparent for the new, largely remote workforce.
“It’s not only that users are now accessing the corporate network outside the traditional security structures of the previous silo organisation, but also the psychological mindset of being 'at home' and the subconscious feelings of safety and security this engenders,” says SYNAQ Product Manager Jared van Ast.
“Because we’re at home, our defences are lowered. This often impacts our behaviour when working with e-mail and over the internet. We click on things we wouldn’t normally click on; we might even download something just to confirm a suspicion or obtain further clarity. And this could place corporate networks at greater risk than ever before.”
And, as Van Ast points out, users have always represented the foremost risk to enterprise security, with e-mail regarded as the number one targeted entry point to a network. It is therefore not surprising that the marked increase in online traffic over social media and e-mail in the WFH era has seen phishing and malware attacks rising in tandem.
And it’s likely to get worse. With data the most valuable corporate asset nowadays, big data pools such as those that form the bedrock of verticals like healthcare, education and financial services are being targeted. Even smaller organisations are unlikely to be spared.
Gelbart and Van Ast agree that cyber crime tactics have changed since the start of the pandemic. Criminals have been quick to exploit the increased need for contactless interactions by, for example, launching scams around QR codes – those 3D “barcodes'' that can be quickly scanned with a smartphone to gain access to online resources. In just one growing trend, criminals create fake QR codes and link those to fraudulent online resources.
Added to this, it’s never been easier for bad actors to access capital to fund and execute their nefarious activities, thanks to the following:
- The untraceability of crypto.
- Ransomware-as-a-service gives virtually anyone with even limited technical know-how the tools to extort huge sums of money from unwary and unprepared businesses.
- Geopolitical instability is resulting in increased cyber espionage tactics by world powers such as China, Russia and the US – it’s already playing a role in the current Russia-Ukraine conflict.
- There’s greater focus on crypto-currency and blockchain hacking.
- A significant proliferation of smartphone malware.
Gelbart maintains that in order to address these threats, it’s important to apply the lessons learned from the COVID-19 pandemic: Preparation and response planning is critical for effective security.
“Businesses both large and small were under-prepared for the pandemic – as were most governments around the world. In much the same way as no-one expects a pandemic, no-one expects to be the victim of a cyber attack, but the key to withstanding both is to be prepared for ‘when’ and not ‘if’ they occur,” he says.
He recommends the following “non-negotiable” steps to address corporate cyber risk in the post-pandemic era:
- There must be committed, ongoing organisational investment in security processes, policies, technology and skills development.
- Strategic planning needs to deal with possible risks far better than before, taking account of the fact that while worse case scenarios like the COVID pandemic are rare, they can and do happen.
- Zero Trust Security policies and technologies based on the concept of “never trust, always verify” must be adopted rapidly.
- Plans must be made to deal with the effects of a cyber attack and mitigation strategies must be developed.
- Areas of highest risk must be identified in terms of business continuity, and technology and processes must be put in place to limit the fallout from attacks.
- End-user education must be stepped up, with users trained to adjust their behaviour in terms of e-mail and online etiquette and risk awareness; and to understand how to recognise fraudulent or dangerous content.
- Access control and proper user account management should be enforced to help prevent account compromise.
- Monitoring systems that give actionable insights into your specific security risk must be implemented to enable the right corrective action to be taken when it counts.
Share