While government-sponsored hacking and disinformation makes big news, don’t take your eye your eye off the ball when it comes to protecting your personal and corporate data. A report from a consulting firm, Positive Technologies, painted a dark, dark picture, saying the second quarter of 2018 showed a 47 percent increase over 2017. You need to remain vigilant, even when events are beyond your control. Nobody is immune.
As reported in Tech Republic, Positive Technologies said the most common methods of cyberattack are:
- Malware (49%), with spyware or remote administration malware being the most widely used forms of infection.
- Social engineering (25%) is the term for manipulating users into believing a message, link, or attachment is from a trusted source, and then infecting targeted systems with malware, stealing money, or accessing confidential information.
- Hacking (21%) exploits vulnerabilities in software and hardware, causing the most damage to governments, banks, and cryptocurrency platforms.
- Credential compromise (19%) targets password managers used for storing and keeping track of passwords.
- Web attacks (18%) are online racketeering attempts to extort website operators for profit, sometimes by threatening to steal client databases or shut down the website.
- DDoS (5%) tends to be the weapon of choice for business rivals, disgruntled clients, and hacktivists. Political events can drive attacks on government institutions. Criminals can use DDoS attacks to take websites offline and demand payment from the victims.
Attacks can be made in tandem, such as the common duo of using phishing emails to trick users into downloading malware.
Financial and healthcare institutions, retailers, and government databases remain prime targets, but higher education institutions and even school districts are being attacked. Wired reports that this past March, the Department of Justice indicted nine Iranian hackers in alleged attacks on 144 US universities and 176 in 21 other countries. They were also cited for attacking 47 private companies.
Hackers are homing in on the money. Positive Technologies said targeted attacks are outnumbering mass campaigns, with attacks directed at companies and their clients, as well as cryptocurrency exchanges. Data theft is driving an increasing number of attacks, with many criminals seeking personal data (30%), credentials (22%), and payment card information (15%). To steal this data, hackers are compromising online platforms, including e-commerce websites, online ticketing systems, and hotel booking sites.
The scary part for us is the report you can never be sure that criminals don’t have your credit card number from one source or another. Even a brand-new smartphone in a store can have pre-installed malware.
People and businesses can take steps to keep their data safe by installing updates for operating systems and application software and installing antivirus protection on all systems and endpoints and keeping it up to date.
Businesses can encrypt all sensitive information, perform regular backups, minimize the privileges of users and services as much as possible, and use two-factor authentication. Enforcing a password policy with strict length and complexity requirements, and requiring password changes every 90 days, can also help protect systems.
We offer security audits for businesses, and we can answer any questions individuals have about protecting themselves from cyberattacks. Call us – 973-433-6676 – or email us to set up an appointment.