It’s 2019 and it would seem that a common new year’s resolution among cyber-criminals was to set their sights on loftier prizes. There has been a significant shift in cyber-attacks: criminals are increasing their onslaught on businesses and enterprise.
Whereas the consumer was at high risk in the past couple of years, the last few months have seen an uptick in attacks on industry infrastructures. In 2019 alone, such attacks rose by 12 percent.
The short answer as to why hackers are increasingly targeting bigger game is that there is simply more money in it. By targeting large businesses that handle personal accounts of millions of consumers, hackers can steal more information and make more money in one hit. It’s just more efficient.
The longer answer deals with the technical aspect of these attacks and rapidly growing industries:
Business demands are growing at a rate that defense security can’t keep up with. In so many words, cyber-thieves are attacking business and industry more because there are more soft spots to take advantage of.
These new breed of attacks are correlating with the increase of business management tools. A particular point of interest for hackers in the modern era is:
The Cloud. As businesses grow, so too do their need for storage. A large amount of sensitive data is stored on cloud servers today but the poor configuration can be a potential in for a hacker. Simple Storage Service or an S3 bucket is a file folder service on the cloud that stores a user’s files.
According to Symantec, 70 million such files were illegally accessed in 2018. Another way hackers have upped their game is:
Formjacking. As the name implies, formjacking code spies on retailer’s websites in order to steal credit card and account information when the user fills out a form for purchase. Major sites like Ticketmaster and British Airways are just a couple of industry Goliaths that recently fell to the slingshot of formjacking.
The advent of IoT Devices is yet another burgeoning soft point for digital criminals to take advantage of. Smart thermostats, security systems card readers all promise to streamline the way people do business but they can also compromise supervisory control and data acquisition systems. In some cases, malicious code can completely wipe and render useless a device crucial to business and industry operation.
While modern tools business tools may not have caught up with sophisticated malware yet, there are precautions you can take to withstand attacks:
- Configuration – If you rely heavily on cloud servers then it is imperative that you properly configure your S3 buckets. Misconfigured S3 buckets are a goldmine for hackers because it is easy money for them. There are multiple online tools and organizations that specialize in helping you secure your configurations and guarding against malicious script.
- Know Thine Enemy – There are specific methods that can be looked for as the calling cards of hackers. Such methods are referred to as TTP’s or tactics, techniques and procedures. Examining your system and processes for specific behavior can be vital in stopping a cyber-attack. Utilizing a framework that analyzes real malware attacks is very useful since the files used to house malware change all the time. A defense framework can tell you what to look for so that you can better defend yourself.
- Be Aware of Change – Unauthorized changes to files remain as one of the most telling clues of an infection. Analyze your files regularly and be on the lookout for changes that you or your team did not make. Your best ally to help you carry out this basic yet crucial defensive protocol is a solid anti-malware suite.
At the end of the day, these tactics are fairly basic and practical but nonetheless important. As malware continues to evolve and adopt new shapes and forms, security plays catch-up. Still, modern security solutions are cropping up daily and can make a world of difference for business and industry.
It seems that even small businesses must be asked to blaze an uncertain path if they want to keep up in an increasingly digital landscape. Attacks on supply chain systems have more than doubled in the last year and even smart audio devices like speakers can fall prey to a crafty programmer.
Forging ahead while using modern tools to do business can seem scary for sure but there are plenty of tools and actions that can be utilized to give yourself a good defensive line against modern attacks. With a little bit of knowledge, a lot of diligence and a modest investment in security software and analysis, the terrain becomes less treacherous.
You cannot blaze a successful trail without arming yourself against attackers anymore so forge ahead with the right tools and as always, stay vigilant.