I want to talk about trending cyber threats. What they are, and why it means there will be no summer vacation for you. At least, no vacation from defending against these threats.
I am back from a wonderful two weeks in Italy: Castro dei Volsci (what?), Siena, and Florence/Firenze. Oh, and short stays in Rome arriving and departing. We had a wonderful time cooking, touring, wine tasting, eating, and visiting many museums. Here is a picture (you did ask, didn’t you?)
Still, all vacations end. It is back to the cybersecurity battle for me.
Trending Cyber Threats to Watch For
As I returned to work and started going through my mail (Delete!) I came across some requests for help. Look at these trending cyber threats:
- Bogus emails claiming the recipient’s SharePoint site was out of storage space, with an “invitation” to buy more storage. (This was especially confusing because the scam messages were mixed in with some legitimate notices.)
- Attempts to use an organization’s website to process credit card transactions to confirm which card numbers were valid in the process.
- Impersonated email invoices being sent out, attempting to get customers to wire money to the scammer’s account.
- Hackers taking over an organization’s Instagram account, using it to send spam Bitcoin purchase emails out to their followers.
- A news item saying that security professionals are quitting out of frustration with ongoing ransomware attacks.
What is Going on Here?
What can we make of these trending cyber threats?
Sending fake invoices and asking for the payment to be wired to an account is not a new thing. It clearly is still lucrative, or scammers would stop doing it.
The fake SharePoint storage emails are the latest twist on the “there is a problem with your Office 365 account” scam. What I found amusing is that these phishing emails were sent from “The <company’s name> Microsoft team”… even though the companies are too small to have some anonymous team sending out such notices.
The credit card validation hack was a new one for me. Apparently, this replaces the old trick of using a stolen credit card to purchase a small amount of gas, to verify that the card is valid. Maybe folks have moved online. Or maybe gas prices are such that it is no longer possible to spend just a few bucks on gas.
The Instagram hack is not a new trick, though it is pedestrian. “Buy Bitcoin!” Uh, have you been reading the news lately?
The last item is troubling, as it speaks to overwork and burnout among cybersecurity professionals.
These trending cyber threats confirm one thing. The scammers are not taking the summer off.
The Need for Eternal Vigilance
Folks I have talked to tell me that their return-to-the-office plans have launched, after many COVID-related delays. These plans include a hybrid work component—meaning that managing the security risks of a work-from-home staff will continue to be an activity for IT organizations. With work-from-home becoming part of the “way we work,” IT organizations must continue to successfully manage the security experience. We have crossed the Rubicon on this one.
So, my first takeaway is something I have no doubt said before: you cannot take the summer off. The pace of activity in the organization may have slowed a bit. But, as these trending cyber threats show, the hackers are, if anything, ramping up their efforts. They know folks are preoccupied with kids home from school, summer camp and all the other things that happen this time of year. Advantage: scammers.
Second, these trending cyber threats tell me that organizations need to layer proactive cyber threat response on top of the reactive responses people have already put in place. The barriers to entry for cyber crime continue to fall. Exploit kits are readily available. Cryptocurrency use facilitates hiding of purchases. Cybercrime-as-a-service providers are there to run the exploits for you (for a fee, of course.) Automation tools continue to advance.
The scammers are using sophisticated tools. You need to respond in kind. EDR (Endpoint Detection and Response) is a functionality that is coming into its own. I have written about it before. EDR tools are looking for anomalies. Things like successive failed login attempts. Or dozens of payment requests in an hour, all for the same dollar amount. EDR would help flag some of these trending cyber threats.
Use EDR to find and respond to the cyber threats before they find you. Reallocate your time and resources to address the cyber threats that have the most potential negative impact. Scale up your machine-enabled response to the more pedestrian stuff. Head off to the beach or your summer cabin knowing that these trending cyber threats are under control.