It seems like a new type of cyberattack arises every week. Smishing, whaling, spear-phishing, sextortion – these terms gradually permeate the public psyche as they become more and more of an issue. For example, IoT cyberattacks are expected to double by 2025, and experts predict cyber attacks will cost companies $10.5 trillion by that same year.
In our “Cybersecurity experts’ views on email within Microsoft 365” report, we gathered expert insights from Lisa Forte (Co-founder of Red Goat Cyber Security LLP), Robin Bell (CISO, Egress Software Technologies, and Jack Chapman (VP of Threat Intelligence, Egress Software Technologies). We asked them which of the cyberattacks they’ve seen this year are the most concerning. These are the ones to watch.
The preventable attacks
For a cybersecurity professional, it’s deeply frustrating when an IT security issue could have easily been avoided. Unfortunately, preventable attacks happen all the time. A 2021 report found that almost all the data breaches and cyber attacks that occurred over the previous year could have been prevented – a whopping 94%.
These attacks cost thousands – if not millions – of dollars, and their cause often comes down to a lack of proactivity in defense.
“I was reviewing some of the largest and most impactful ransomware attacks that we have seen globally since 2020,” says Lisa Forte. “What really stood out for me was how many would have been totally prevented (or at least made harder for the attackers) by simple security measures. Deletion of accounts when someone has left, email defenses, phishing defenses, training, better authentication on user accounts, the list goes on.”
She adds, “I think that is far scarier than any ‘new and shocking’ but ultimately rather obscure vulnerability.”
Thankfully, it’s very simple to implement even basic security measures to avoid these issues – but many organizations need to be more proactive.
The targeting of vulnerabilities
As the name suggests, spear phishing is a more aggressive, targeted approach to phishing, which uses tactics like impersonation to attack an individual or specific group. Cybercriminals are turning to the latest technology to make these attacks even more convincing.
“The most concerning attacks I’ve heard about are spear-phishing attacks that use AI voice technology against high-value targets,” says Robin Bell. “A more day-to-day concern for most people would be the increase in voucher scams, not only in business email compromise but targeting the large number of people who are struggling with the cost-of-living increase.”
Many of us have already experienced attempted AI scams. It’s increasingly common to receive phone calls from robotic voices that sound eerily human. As Bell described, the cost-of-living crisis is creating new opportunities for cybercriminals in this area. At the same time, younger people are being targeted via WhatsApp and persuaded to share financial information.
The private life scam attacks
Nobody likes having their dirty laundry aired in public, and the rise in “sextortion” proves that nothing is too private to be taken advantage of by cybercriminals. Sextortion is a phishing attack whereby the cybercriminal demands a ransom in exchange for not leaking intimate photos or videos of the victim. They may have procured images through hacking or fraudulent coercion, created deepfakes, or they could be bluffing. Regardless, it’s a serious problem.
“All types of cyberattacks concern me, as it just takes one attack to be successful!” says Jack Chapman. “Currently, we are seeing a rise in truly horrific sextortion emails. This concerns me on a personal level for the users who get these distressing attacks, and some people have had to go on personal leave as a result. It shows attackers will stoop to any level to succeed in their objectives.”
Attackers will often quote one of the victim’s passwords to prove their seriousness and knowledge of the person. Chapman is right to be concerned about this; cases of sextortion soared during the pandemic. According to the National Crime Agency, sextortion attacks rose by 88% between 2018 and 2020. In the first two months of 2020 alone, there were 1,661 cases.
As cybercriminals become increasingly creative in how they attack, being one step ahead with robust defenses is key to protecting yourself against the most concerning security threats our experts have seen in 2022.
That’s just a tiny glimpse into the insights of our cybersecurity experts. The full report covers phishing attacks, email security, and the threats that keep them up at night. Click here to download your full copy of the “Cybersecurity experts’ views on email within Microsoft 365” report.