A new year brings old threats and new tricks to the table for cybersecurity professionals to battle. Every organization should be prepared to mitigate and combat mundane, routine attacks on their cybersecurity defenses and ready for a new wave of sophistication from bad actors.
Here are three continuously improving cyberattack types penetrating even the best firewalls and systems:
None of these threat themes are new or unique in their goals, but as technology improves, being able to spot a phishing attempt or enhanced social engineering attack becomes increasingly more difficult.
So what are the main features of each of these three increasingly more common cyberattack types and how can you keep your company from falling victim to smart cybercrime?
Deepfake weaponization
This isn’t your average photo editing effort or touch-ups to remove dust or flying insects in front of your face (or eliminate untimely pimples). It’s also far from the funny videos or mash-ups you might see of two celebrities blended together on social media designed to get laughs, likes, or link clicks.
Malicious intent, combined with the right resources, time, and skillset, can turn a seemingly innocuous phone call or video interview into a hard-to-spot attack. It’s no laughing matter, nothing to like, and potentially still designed to get link clicks with much greater repercussions.
Think of your CEO’s voice being recorded, his visual appearance from multiple interviews and pictures archived and stored to a database, and then pieced together and sent out from a faux communications email account to employees asking for staff to click the link to see the full news article and company’s coverage. Problematic for obvious reasons and more likely to garner a click than a traditional phishing attempt.
Facial mannerisms and somewhat unique physical features can be identified as soft biometrics, but rely on the recipient to have a fairly in-depth awareness of the boss directly.
When in doubt, always remember your cybersecurity awareness training and phishing simulations designed to help you spot other telltale signs of a potential attack.
Biometric spoofing
Look out James Bond. Move over Mission Impossible. You don’t need contact lenses with copies of retina scans to fake out some biometric authentication systems. Without ensuring live detection, deepfakes, 3D-printed masks, pictures and videos obtained online via social media accounts, and more can all be used to exploit one of the most secure methods of credential authentication.
The best defense to have if you’re going the biometric authentication route is a system with AI-enhanced algorithms to detect “liveness” and not be fooled or tricked by pictures, videos, or elaborate attempts to fake identification.
Identity spoofing, if successful, can be catastrophic to an organization’s security posture.
Fraudulent and synthetic identity creation
Fake identification has gone far deeper than using someone else’s ID to get past a bar or club bouncer these days. Elaborate schemes to create fake people are put in motion daily.
A stolen social security number from a minor credit bureaus have yet to register combined with a good name, fake date of birth, and an address or mailbox a bad actor knows can be exploited and the game is quickly lopsided in favor of the fraudsters.
Sometimes, the play is a long one. Social media accounts may be created and used to lend credibility if banks or credit card companies do any “know your customer” checks, for example. A synthetic ID may be used to generate real credit with small purchases being made on a credit card and paid off at the end of the billing cycle in full to build a larger line; allowing the fake ID creator to cash out with a larger purchase and no intent to pay.
Prepare and be proactive
The best defense is a good offense.
By layering your cybersecurity defenses, you can enhance your security posture and be more resilient to withstand even the latest attack types and threats.
Remember, there are problematic pieces to every credential authentication system and by adding in layers and systems to resolve those problems, you can keep hackers and bad actors with malicious intent at bay, forcing them to move on to easier targets instead of dealing with the frustration of failure at every turn.
What are the strengths, weaknesses, opportunities, and threats to a security awareness training program?
Phishing kits are becoming one of the most accessible components within a cybercriminal's arsenal.
Deepfakes are on the rise with AI. Are you ready to defend against them?
