Halloween may be the one night in the year when ghouls, ghosts and goblins routinely roam the streets, but in the brave new online world a litany of cyber security threats are constantly lurking just beneath the surface.
These threats can’t be subdued with a fun-size candy bar or a well-thrown egg. According to Symantec’s 2016 Internet Security Threat Report, 2015 saw half a billion personal records lost or stolen in more than one million cyber attacks. Add to that a 55 percent increase in phishing attacks, a 125 percent jump in zero-day vulnerabilities and a 35 percent rise in ransomware, and the extent of the challenge facing modern organizations becomes frighteningly clear.
It’s numbers like those that are driving the demand for cyber security professionals to protect and defend organizations – and why it’s so important to keep up with the latest cyber security news to stay in front of current hacking techniques.
Here are some common hacker tricks that certainly don’t deserve a treat:
Trick #1: Phishing for Funds
Phishing scams use email or social media channels to contact victims with the aim of stealing account log-in details or financial information such as credit card numbers, or tricking recipients into downloading Trojans that give hackers control of their systems.
Phishing emails appear as if they’ve come from an official source and usually either encourage the download of an attached file or provide a link that leads recipients to a fake website that is designed to capture the desired information.
And phishing scams don’t just target individuals. A recent survey of 300 UK and US companies revealed that 38 percent of cyber attacks in the past 12 months were phishing scams.
In 2015, the Carbanak scam used phishing emails to trick bank employees into downloading a Trojan that subsequently stole around $1 billion from more than 100 banks in 11 countries. This was a sophisticated cyber attack with the Carbanak gang targeting banks’ internal systems and operations, resulting in a multichannel robbery that averaged $8 million per bank.
Trick #2: Hijacking the Brand
With more and more companies looking to social media networks such as Facebook and Twitter to communicate with customers and prospects, hackers are turning their attention to hijacking brands’ accounts to take control of their message and target their customers.
Hackers often pray on weak passwords, so double authentication is an effective method to prevent them from gaining access to your company’s social media accounts.
Ray Kruck, Vice President of Business Development for cyber security firm Proofpoint, told IBTimes UK: “Social media brand fraud is highly lucrative. Fraudsters can make money by compromising bank accounts, selling counterfeit goods and services or scamming followers into giving up their credit card information. The majority of fraudsters target financial service and retail brands. Online banking and ecommerce transactions make these verticals prime targets for moneymaking attacks. The lucrative nature of social media fraud is reflected in the accelerating pace of fraudulent accounts and attacks. We’ve already seen a 150 percent increase in social media phishing in 2016 over 2015.”
It seems no one is truly safe from the threat of a social media hijack. Hackers gained access to Facebook founder Mark Zuckerberg’s Twitter and Pinterest accounts and sent rogue tweets to his followers. The security breach was put down to Zuckerberg re-using an old password; “dadada.” Thankfully, the cyber attack was merely embarrassing rather than devastating with the hackers stating that they were just “testing” Zuckerburg’s security.
Trick #3: Holding Data to Ransom
How much is data worth to a company? That’s a question hackers are increasingly asking themselves as they turn to the latest cyber crime technique – ransomware.
This happens when a hacker gains access to an organization’s system – often via a phishing scam – and encrypts all the company’s data. The hacker then demands a ransom fee in return for unlocking their data.
In early 2016, Hollywood Presbyterian Medical Center, a Los Angeles hospital, was forced to pay $17,000 to regain access to their computer system after hackers hijacked it with a virus that encrypted their files.
Allen Stefanek, President and Chief Executive of Hollywood Presbyterian, stated at the time: “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom. In the best interest of restoring normal operations, we did this.”
Federal investigators usually try to discourage victims from paying the ransom as they fear this will only encourage hackers to launch more cyber attacks.
From phishing to social media hijacks and data ransom, organizations are facing cyber security threats on multiple fronts. And that means cyber securityprofessionals must be prepared for just about anything.
Want to start or progress your career in cyber security? Find the right cyber security education program for you.