BRIAN PINNOCK: Email, collaboration tools top targets as SA braces for year of cyberattacks

Targeted attacks across a variety of platforms, growing threats from insiders, the deployment of more sophisticated cyber deception techniques and phishing attacks targeting new recruits — the cyber threat landscape indicates that SA organisations are in for a tough year as cybercriminals escalate their attacks.          

The year ahead will put immense pressure on security teams as cybercriminals hone their attacks and take advantage of an expanded attack surface. Mimecast’s State of Ransomware Readiness 2022 report found that 53% of SA cybersecurity decision-makers say their role gets more stressful by the year, with nearly six in 10 citing negative mental health effects from ransomware attacks.

For SA organisations and their security teams to better understand the top cyber risks they’ll likely face in 2023, the following key trends may provide welcome insight into what the cyber threat landscape may hold in the year ahead:

• New recruits become prime targets. Emails impersonating a colleague are known to have the highest success rates for threat actors, and incidents of “new starter” phishing are expected to increase this year. Phishing offers relatively low costs and a high return on investment, and with our habit of announcing new positions on social media, threat actors are sensing a golden opportunity to target new hires with convincing attacks.

Such attacks may take the form of fake welcome emails from senior executives, or fake onboarding portals. Once the new hire is tricked by the threat actor, they could suffer credential harvesting, account takeover, or even multistage malware droppers, potentially leading to devastating breaches of company networks.

• Hybrid work gives attackers a bigger bull’s eye to aim at. Since 2020 huge numbers of organisations have adopted remote or hybrid work environments where employees work away from the office at least some of the time. For such disparately-located organisations there is likely to be an increase in attacks as threat actors take advantage of an expanded attack surface and the opportunity to deliver malware and targeted attacks across multiple platforms.

In addition, data is increasingly used, moved and retained for longer periods across various virtual environments, creating additional vulnerabilities that threat actors will exploit. The growing use of digital technologies to meet our collective need to communicate and exchange data creates greater scope for threat actors to target people, their devices and company networks.

With company networks offering an attractive combination of email addresses, technology assets and a growing number of email and collaboration platforms, cybercriminals will continue to seek new opportunities for exploitation, putting greater pressure on organisations and their security teams in the year ahead.

• Insider threats grow as defences improve. There is growing recognition among business leaders that cyber risk is business risk. As investment in new cybersecurity tools and technologies grows, the risk of insider threats also grows. This covers both malicious and unintentional activity by employees. If email and system access is not removed following an employee’s departure, it creates significant risks to the organisation. In more malicious cases, employees may be bribed or coerced to assist threat actors.

To further complicate matters, such cases may be extremely difficult to detect. The maintenance of normal day-to-day processes and procedures should limit attacks. However, shadow IT may pose additional risks as security teams aren’t aware of vulnerabilities associated with any software, systems and applications that haven’t been approved by the IT department.

• Cyber deception techniques reach the next level. For cyberattacks to be successful there has to be an interaction between the person being targeted and their work or personal devices. Threat actors employ deception to trick targets into interacting with malicious code, often contained in emails or attachments.

Over the past few years there has been an increase in the use of collaboration tools, messaging services, websites, connected devices and SMS, which are all potential vectors for the delivery of malicious links or code. Threat actors will use social engineering to create a supposed affiliation between sender and recipient, and it’s this affiliation that will be exploited in successful phishing campaigns.

Cybercriminals are also displaying increasing maturity in their attack methodology. Recent phishing campaigns are well-written, personalised, reference current events, and contain the correct logos and branding of trusted brands. The phishing mails are also crafted in such a way that it is difficult to distinguish between legitimate communication and spoofed emails.

The growing complexity and sophistication of cyber-attacks can threaten to keep organisations from making measurable progress against cyber threats. Yesterday’s cyber defences will no longer protect against the elevated risks to people, communication and data. Security systems will have to grow more intelligent and orchestrated, with multi-layered security strategies providing the highest degrees of cyber resilience.

However, with an ongoing cybersecurity skills shortage threatening to delay much-needed progress, organisations will need to explore opportunities to outsource components of their security practice to managed service providers, managed security service providers, and security-operations-centre-as-a-service providers.

• Pinnock is vice-president of sales engineering for EMEA at Mimecast.