Protect Your Business: Cybersecurity Attack Trends to Watch in 2023
Every. Single. Year.
Or so it seems.
The West Gate Bridge outbound is shut down to one lane after Boxing Day. So the traffic snarl starts long before the bridge out on the Monash before the Burnley Tunnel.
Bumper to bumper, no matter how early you hit the road on the 27th, it’s always the same horrendous experience.
The sun dances across the dashboard; finally, Spotify is not trying to sell you something for Christmas. The kids are settled in the back, headphones on and watching Disney+.
And then it hits you.
Did you lock the back door?
Of course, you did.
Or did you?
That sinking feeling settles in…
You know it’s an irresistible time for crooks to take advantage. People are less guarded, carefree and well, in holiday mode.
What to do?
Simple mistakes or poor planning like this is how brazen cybercrooks thrive on taking advantage of businesses like yours.
Amongst all the festivity of the holiday season, you should make the most of the new year’s arrival to prepare. And establish a robust resiliency plan for securing your business from cyberattacks.
During the last twelve months, you’ve seen a significant increase in cyberattacks on Australian businesses. In fact, 68% of business leaders surveyed believe that cyber threats are getting worse.
Worryingly, attacks continue to get more sophisticated and executed by large criminal organisations. In 2021, global cyberattacks increased by 15.1%.
So like ensuring you lock your back door before you head to Lorne, plan on protecting your business from attacks.
Are you and your company across the latest methods online crooks are using? What types of attacks are hackers carrying out?
You must be aware of current security vulnerabilities and threats to your business. This way, you can better prepare your IT security to decrease data breaches and malware infection risks.
Listen, while heading down the Peninsula, along the Great Ocean Road or into the High Country this January, spend some time looking at what cybersecurity experts think is on the horizon next year.
Anticipate attacks on 5G devices
In the last few years, excitement has built around 5G and its ability to deliver fast-paced internet in the palm of your hand. But, with the major telcos building infrastructure to support their mass rollout, crooks are chomping to launch attacks.
Hackers can exploit security vulnerabilities in 5G hardware for routers, mobile devices, and computers. As is often expected with new tech, there is the possibility for code vulnerabilities… much to the hacker’s delight.
You can prepare by knowing the firmware security in the 5G devices you buy. Of course, you can expect some manufacturers will build more comprehensive firmware security into their designs than others. So it pays to ask about this when purchasing new 5G devices.
Bypassing one-time password (OTP)
Multi-factor authentication (MFA) is considered one of the most effective methods for account security. Typically, MFA stops account takeovers even when crooks have the user’s password. But, hackers are looking for creative new ways to penetrate MFA.
Here are some of the ways hackers are trying to bypass MFA:
- Reusing a token: Access is gained to a recent user’s OTP and an attempt to reuse it.
- Sharing unused tokens: The hacker uses their account to get an OTP. Then attempts to exploit that OTP on a different account.
- Leaked token: Using an OTP token circulated through an application.
- Password reset function: The crooks use a phishing email or text message, so the user goes and resets their password. And in the process, it reveals their OTP.
Exploiting global uncertainty to launch attacks
During the pandemic, cyberattacks increased by a colossal 600%. Large criminal organisations masterminded that global uncertainty and events create a lucrative environment to execute cyberattacks.
One way is to launch phishing attacks during significant global events and tragedies, such as the recent floods across southeast Australia or the war in Ukraine. Many unsuspecting people often fall victim to these scams. The crooks seek to use the events as cover when carrying out their attacks, as they know many people are distracted by crises.
Your business and employee need to be alert for scams surrounding these events. Many crooks often use social engineering tactics, such as sorrowful photos, to evoke an emotional response from their victims.
SMS-based phishing and mobile phone attacks
You take your device with you everywhere. Well, not a tablet but your mobile phone indeed. And being connected to your device 24/7 is the perfect breeding ground for hackers to launch mobile device-based attacks, including SMS-based phishing (“smishing”).
Now, I know what you’re thinking. You can distinguish between a fake text message and a real one. But can you? What if you’re expecting a delivery, and the text message appears to come from Australia Post? Heck, the link even says austpost.co.au, so it looks legit.
Here’s the thing, hackers can buy a list of mobile phone numbers. They then create text messages that look like legitimate shipping notifications or receipts. And all it takes is expecting a shipping update, and you see the fake text message and click. That one click launches a damaging data breach.
The crook’s tactics keep changing. And mobile malware is on the rise. During the first few months of 2022, malware attacks targeted at mobile devices rose by 500%. So your business must have powerful mobile anti-malware and other protections, such as a DNS filter.
AI and machine learning create sophisticated phishing emails
It is becoming more challenging to identify a phishing email in your inbox. Many have spelling and grammar mistakes in the past, but now, many don’t. In fact, crooks are using AI and machine learning to craft emails nearly identical to an authentic email from your business. Often, the scammers personalise the email to the recipient. And by exploiting this technology, hackers can target more phishing emails than in the past.
Is your Melbourne business overdue for a cybersecurity health check?
Embrace the new year by scheduling a review of your IT security. Let us help you review your current IT resilience plan and help you stay protected.
About the author
Yener is the founder and Managing Director of Intuitive IT. Prior to running his own business Yener worked for a number of corporate organisations where he gained invaluable experience and skills, as well as an understanding of how IT can complement and improve business outcomes.