Article:

Insufficient Protection from Cyber Attacks?

21 May 2021

There are many types of cyber attacks, ranging from sophisticated automated attacks to manual attacks. The goals of cyber attacker can vary from deploying ransomware to fraudulent attempts to extract funds from target organisations. Between 2017 and 2021, there has been a rise in social engineering (phishing) used as a tool to facilitate cyber attacks from 72% to 83% and a fall in ransomware from 17% to 7%¹.

“More generally, the pandemic had stretched resources and led to competing priorities in IT and cyber security teams. In some cases, there was a perceived conflict between prioritising IT service continuity and maintenance work, and aspects of cyber security such as patching software”

The average total cost of cyber breaches for 2020 was calculated to be $3.86 million dollars with the United States having paid the most. With ransomware attacks having a greater average cost compared to other types of breaches².

Cyber attacks can happen to the largest and smallest of organisations. Attacks can be automated to target exposed services, users, and outdated systems. More complex attacks such as fraud are much more likely to be manual whereby the attacker must interact with the target to be successful. Current trends show that attackers are targeting the human factor within organisations via phishing³

There are many factors that can be attributed to cyber attacks:

  • Insufficient budget to implement the required controls, procedures, or training
  • Having a false sense of security
  • Human error leading to misconfigurations, data leaks or impersonation
  • Insufficient training causing users to be unaware of phishing attempts
  • Stretched resources in IT due to the COVID-19 pandemic

Over the past year we have observed a wide range of cyber attacks with completely different modus operandi, for example.

  • Automated botnet that was exploiting exposed AWS instances running outdated services and deploying a crypto miner set to mine crypto coins into the attacker’s wallet
  • Externally exposed ticketing/helpdesk along with remote desktop services that could allow an attacker to sift through the tickets for credentials to gain a foothold within the organisation
  • Automated phishing campaigns that contain a malicious excel document that drops a ransomware payload designed to spread throughout the organisation

As a result of these incidents lessons have been learned. Not all lessons are however technical, and it is also important to address the human aspect. This can be done by.

  • Investment in cyber security to maintain secure external and internal landscapes
  • Organisations always being prepared for potential breaches 
  • Accepting that humans will always be hackable using social engineering techniques. As a result training is key to ensure employees can spot malicious social engineering attempts
  • Knowing what is within your estate and identify weak points or areas of external exposure  which an attacker may attempt to exploit
  • Involving security at all stages of a development or change to internal/external facing systems/services

The dynamic in the current situation is that all the above have to be juggled with the additional workload provided by a high proportion of some workforces working remotely. As resources become stretched more thinly opportunities for Cyber attacks increase. With limited time and resources businesses would benefit from comprehensive risk analyses to ensure that their efforts are focused on the areas most at risk to minimised potential losses. It is always worth focusing on how failure to manage key risks can damage the culture of your organisation.

Author: Vijay VeluHead of Offensive Security.

RETURN TO THE FRAUD HUB FOR MORE FRAUD INSIGHTS AND ARTICLES

References:
1Cyber Security Breaches Survey 2021
2. IBM Security: Cost of a Data Breach Report 2020
3. Data security incident trends