By Carrie Dagenhard (Tech Writer)
As the spooky season kicks into high gear ahead of Halloween weekend, everyone is readying their creepiest costumes, and flipping on their favorite slasher flicks in search of a good scare. But, as IT professionals know all too well, reality can be more frightening than the eeriest fiction, particularly in the IT helpdesk and MSP world. And, as cybercrime rates continue to rise, there’s no shortage of alarming trends to fodder the nightmares of network administrators and cybersecurity experts.
But unlike a bad dream, these chilling
cybercrime threats are becoming ubiquitous, threatening your MSP business's finances and reputation.
To help IT pros be better prepared to fend off these pesky fiends and to protect your company, here are three of the biggest current cybercrime trends — and what you can do about them:
The Threat Is Already In-House
Cybercriminals aren’t just sniffing around your business — in some cases, they may already be acting within your network. And, what’s worse, is that you opened the door.
According to data from a 2020 Verizon report, almost 30 percent of security breaches involve internal actors. Those threats could be bad actors who manipulated their way into your organization as an employee or third-party for the sole purpose of stealing valuable data to sell on the dark web. Or, they might be otherwise well-meaning team members whose negligence created an easy-to-exploit vulnerability. (For example, an employee who logs into your network using public Wi-Fi, shares login credentials through unsecured channels, fails to use two-factor authentication, or leaves their devices unattended.)
In either case, insider threats are especially difficult because firewalls, antivirus, and other traditional security measures are powerless against them. And whether they’re malicious cybercriminals or negligent employees, they’re not always easy to spot because they aren’t typically doing anything that might be perceived as suspicious.
So What Can You Do About These Bad Inside Actors?
First, you should ensure all employees participate in security education efforts to improve their digital habits. Next, you should use more stringent security vetting efforts for third-party vendors, employees, and anyone who has access to sensitive data. Third, you should adopt a reliable asset tracking solution to ensure all of your company’s devices are accounted for.
A Spine-Tingling Surge in Ransomware Attacks
2021 has been a banner year for ransomware attacks. In February, hackers broke into a Florida water treatment plant’s network and raised the levels of caustic lye in drinking water. In May, the Colonial Pipeline attack cut off gasoline supplies for a large swath of the Eastern Seaboard, creating expensive gas shortages and impacting the national supply chain. And this summer, IT firm Kaseya was hit by hacking group REvil, who locked victims from more than 17 countries out of their accounts to the tune of $70 million.
And that’s just to name a few.
Ransomware has quickly grown to become one of the most common and most destructive forms of cybercrime ever to exist, and experts predict it will only get worse. No one is safe. Cybercriminals target companies of seemingly all sizes and industries and hold their network access and precious data for ransom.
Unfortunately, there’s not much you can do to stop ransomware attacks — but there are a few things you can do to mitigate your risk. Educating your employees on good security practices, backing up your data, staying on top of security patches and fixes, and using asset tracking to replace any out-of-date hardware all rank at the top of the list.
Creepy Cryptojacking Vampires
Cryptomining is a process of gathering cryptocurrencies by solving complex cryptographic equations that validate data blockers and ad records to the blockchain. (If it sounds confusing, that’s because it is.) When cryptocurrency is mined, it enters into circulation and usually belongs to the person or organization who mined it. And given Bitcoin is currently valued at upwards of $60,000, cryptojacking can be quite lucrative.
But there’s a reason we’re not all crypto miners. Mining cryptocurrencies is a sophisticated endeavor that requires massive amounts of computer power — more than most people have at their disposal. So what do cybercriminals do to get their hands on all that shiny Bitcoin and other high-value cryptos without adequate power? They steal energy from others, of course. And sometimes they do it under cover of darkness, silently siphoning away your power until you have almost nothing left.
Like nearly every form of cybercrime this year, cryptojacking is also on the rise (after slowing down before the pandemic). Now, hackers are hijacking remote work tools, like Zoom and other video-conferencing platforms, and using them to install malware to aid in their cryptojacking efforts. Hackers are also leveraging phishing attacks and hiding malware behind emailed links and attachments.
After it’s installed, the malware significantly drains victims’ computer performance and leverages that power to mine cryptocurrencies. This can impact individual devices as well as entire networks and wreak havoc across organizations. As you might expect, it also leads to significant financial losses.
Cryptojacking is a mostly silent killer — in fact, sometimes the only sign that your computer has been infected with cryptojacking malware is lagging performance.
To reduce your risk of becoming a cryptojacking vampire’s next unsuspecting victim, make sure your workforce constantly updates their video conferencing software (and other apps) to the latest version — which can help protect against known vulnerabilities. Additionally, ensure everyone is well-educated on phishing and knows how to spot possible phishing attempts (and where to report them). And, if people notice their devices are suddenly running eerily slow, they should put in a ticket right away. After all, it’s better to deal with a few extra tickets than a downed network overrun by crypto-mining malware.
Unlike the ghouls and goblins running amok through your neighborhood on Halloween night, these cybercrime trends won’t disappear on November 1. In fact, experts are suggesting organizations brace for even more cybercrime in 2022. But by taking the proper precautions, you can reduce your risk and help evade these hair-raising threats.
comments