BRIAN PINNOCK: Email, collaboration tools top targets as SA braces for year of cyberattacks
Cybercriminals are displaying increasing maturity — recent phishing campaigns are well written and contain the correct logos and branding of trusted brands
24 January 2023 - 05:00
byBrian Pinnock
Support our award-winning journalism. The Premium package (digital only) is R30 for the first month and thereafter you pay R129 p/m now ad-free for all subscribers.
Targeted attacks across a variety of platforms, growing threats from insiders, the deployment of more sophisticated cyber deception techniques and phishing attacks targeting new recruits — the cyber threat landscape indicates that SA organisations are in for a tough year as cybercriminals escalate their attacks.
The year ahead will put immense pressure on security teams as cybercriminals hone their attacks and take advantage of an expanded attack surface. Mimecast’sState of Ransomware Readiness 2022 reportfound that 53% of SA cybersecurity decision-makers say their role gets more stressful by the year, with nearly six in 10 citing negative mental health effects from ransomware attacks.
For SA organisations and their security teams to better understand the top cyber risks they’ll likely face in 2023, the following key trends may provide welcome insight into what the cyber threat landscape may hold in the year ahead:
New recruits become prime targets. Emails impersonating a colleague are known to have the highest success rates for threat actors, and incidents of “new starter” phishing are expected to increase this year. Phishing offers relatively low costs and a high return on investment, and with our habit of announcing new positions on social media, threat actors are sensing a golden opportunity to target new hires with convincing attacks.
Such attacks may take the form of fake welcome emails from senior executives, or fake onboarding portals. Once the new hire is tricked by the threat actor, they could suffer credential harvesting, account takeover, or even multistage malware droppers, potentially leading to devastating breaches of company networks.
Hybrid work gives attackers a bigger bull’s eye to aim at. Since 2020 huge numbers of organisations have adopted remote or hybrid work environments where employees work away from the office at least some of the time. For such disparately-located organisations there is likely to be an increase in attacks as threat actors take advantage of an expanded attack surface and the opportunity to deliver malware and targeted attacks across multiple platforms.
In addition, data is increasingly used, moved and retained for longer periods across various virtual environments, creating additional vulnerabilities that threat actors will exploit. The growing use of digital technologies to meet our collective need to communicate and exchange data creates greater scope for threat actors to target people, their devices and company networks.
With company networks offering an attractive combination of email addresses, technology assets and a growing number of email and collaboration platforms, cybercriminals will continue to seek new opportunities for exploitation, putting greater pressure on organisations and their security teams in the year ahead.
Insider threats grow as defences improve.There is growing recognition among business leaders that cyber risk is business risk. As investment in new cybersecurity tools and technologies grows, the risk of insider threats also grows. This covers both malicious and unintentional activity by employees. If email and system access is not removed following an employee’s departure, it creates significant risks to the organisation. In more malicious cases, employees may be bribed or coerced to assist threat actors.
To further complicate matters, such cases may be extremely difficult to detect. The maintenance of normal day-to-day processes and procedures should limit attacks. However, shadow IT may pose additional risks as security teams aren’t aware of vulnerabilities associated with any software, systems and applications that haven’t been approved by the IT department.
Cyber deception techniques reach the next level. For cyberattacks to be successful there has to be an interaction between the person being targeted and their work or personal devices. Threat actors employ deception to trick targets into interacting with malicious code, often contained in emails or attachments.
Over the past few years there has been an increase in the use of collaboration tools, messaging services, websites, connected devices and SMS, which are all potential vectors for the delivery of malicious links or code. Threat actors will use social engineering to create a supposed affiliation between sender and recipient, and it’s this affiliation that will be exploited in successful phishing campaigns.
Cybercriminals are also displaying increasing maturity in their attack methodology. Recent phishing campaigns are well-written, personalised, reference current events, and contain the correct logos and branding of trusted brands. The phishing mails are also crafted in such a way that it is difficult to distinguish between legitimate communication and spoofed emails.
The growing complexity and sophistication of cyber-attacks can threaten to keep organisations from making measurable progress against cyber threats. Yesterday’s cyber defences will no longer protect against the elevated risks to people, communication and data. Security systems will have to grow more intelligent and orchestrated, with multi-layered security strategies providing the highest degrees of cyber resilience.
However, with an ongoing cybersecurity skills shortage threatening to delay much-needed progress, organisations will need to explore opportunities to outsource components of their security practice to managed service providers, managed security service providers, and security-operations-centre-as-a-service providers.
• Pinnock is vice-president of sales engineering for EMEA at Mimecast.
Support our award-winning journalism. The Premium package (digital only) is R30 for the first month and thereafter you pay R129 p/m now ad-free for all subscribers.
BRIAN PINNOCK: Email, collaboration tools top targets as SA braces for year of cyberattacks
Cybercriminals are displaying increasing maturity — recent phishing campaigns are well written and contain the correct logos and branding of trusted brands
Targeted attacks across a variety of platforms, growing threats from insiders, the deployment of more sophisticated cyber deception techniques and phishing attacks targeting new recruits — the cyber threat landscape indicates that SA organisations are in for a tough year as cybercriminals escalate their attacks.
The year ahead will put immense pressure on security teams as cybercriminals hone their attacks and take advantage of an expanded attack surface. Mimecast’s State of Ransomware Readiness 2022 report found that 53% of SA cybersecurity decision-makers say their role gets more stressful by the year, with nearly six in 10 citing negative mental health effects from ransomware attacks.
For SA organisations and their security teams to better understand the top cyber risks they’ll likely face in 2023, the following key trends may provide welcome insight into what the cyber threat landscape may hold in the year ahead:
Such attacks may take the form of fake welcome emails from senior executives, or fake onboarding portals. Once the new hire is tricked by the threat actor, they could suffer credential harvesting, account takeover, or even multistage malware droppers, potentially leading to devastating breaches of company networks.
In addition, data is increasingly used, moved and retained for longer periods across various virtual environments, creating additional vulnerabilities that threat actors will exploit. The growing use of digital technologies to meet our collective need to communicate and exchange data creates greater scope for threat actors to target people, their devices and company networks.
With company networks offering an attractive combination of email addresses, technology assets and a growing number of email and collaboration platforms, cybercriminals will continue to seek new opportunities for exploitation, putting greater pressure on organisations and their security teams in the year ahead.
To further complicate matters, such cases may be extremely difficult to detect. The maintenance of normal day-to-day processes and procedures should limit attacks. However, shadow IT may pose additional risks as security teams aren’t aware of vulnerabilities associated with any software, systems and applications that haven’t been approved by the IT department.
Over the past few years there has been an increase in the use of collaboration tools, messaging services, websites, connected devices and SMS, which are all potential vectors for the delivery of malicious links or code. Threat actors will use social engineering to create a supposed affiliation between sender and recipient, and it’s this affiliation that will be exploited in successful phishing campaigns.
Cybercriminals are also displaying increasing maturity in their attack methodology. Recent phishing campaigns are well-written, personalised, reference current events, and contain the correct logos and branding of trusted brands. The phishing mails are also crafted in such a way that it is difficult to distinguish between legitimate communication and spoofed emails.
The growing complexity and sophistication of cyber-attacks can threaten to keep organisations from making measurable progress against cyber threats. Yesterday’s cyber defences will no longer protect against the elevated risks to people, communication and data. Security systems will have to grow more intelligent and orchestrated, with multi-layered security strategies providing the highest degrees of cyber resilience.
However, with an ongoing cybersecurity skills shortage threatening to delay much-needed progress, organisations will need to explore opportunities to outsource components of their security practice to managed service providers, managed security service providers, and security-operations-centre-as-a-service providers.
• Pinnock is vice-president of sales engineering for EMEA at Mimecast.
EMILE MYBURGH: Beware the danger of your business emails being compromised
Reserve Bank hacked four months ago
Australians fear for privacy as Russian cybercriminals steal data
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.
Most Read
Related Articles
US court allows WhatsApp to pursue Pegasus spyware suit
Published by Arena Holdings and distributed with the Financial Mail on the last Thursday of every month except December and January.