The key to defending against cybercrime tactics is to stay aware of how they’re changing. Do you know what this year’s biggest cybercrime events are so far?
The biggest cybercrime events of the year don’t just make for good “doom-and-gloom” news – they’re important reminders about the reality of cybercrime and the need for cybersecurity.
By paying attention to the ways that cybercriminals cause so much damage and steal so much data, you’re better prepared to notice if something like that is happening to you.
With that in mind, consider the following four biggest stories in 2019 cybercrime – so far…
iPhone Vulnerabilities Put Millions Of Users At Risk
This summer Google published research showing that an iPhone-based cyber-attack has been going on for the past two years at least. The largest iPhone attack in history, this long-term cybercrime effort has been infecting iOS users with malware that steals their private data, including:
- Passwords
- Encrypted messages
- Locations
- Contacts
The same month, another Google Project researcher published an article all about how iPhone software can be penetrated to give hackers remote access, even though none of it operates as a conventional “server-side” code.
Don’t worry – if you’re currently an iPhone user and you keep your operating system updated, then you’re secure. Apple released a patch for the vulnerability back in February of this year.
However, even though you’re safe now, you may have been hit prior to the patch, and not even know it. If you were infected a year ago, then your data was stolen back then, and will already have been compromised.
This is yet another example of why it’s important to keep your technology patched and updated. While in this case the necessary patch wasn’t released for years, in most cases, regular patch management is an effective way to protect yourself against known
vulnerabilities.
Ransomware Continues To Spread
Month after month, more and more businesses, municipalities and government organizations get hit by ransomware:
- In May, the city of Baltimore was hit with ransomware that made their server’s inaccessible. They refused to pay the ransom, which kept their systems offline for weeks – in the meantime, they attempted to “rebuild certain systems”, according to Mayor Jack Young.
- Baltimore joins the growing number of municipalities hit by ransomware this year – all of which, after the attack, invest considerable resources in investigating the source of the incident.
- 22 different organizations in Texas, many of which are local government agencies, were just infected with ransomware in August as well.
The good news is that if you have you have a data backup solution, then it doesn’t matter if your data has been encrypted by ransomware. You can just replace it with your backup, simple as that.
That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.
Be sure to:
- Back up data on a regular basis (at least daily).
- Inspect your backups to verify that they maintain their integrity.
Secure your backups and keep them independent from the networks and computers they are backing up.
Healthcare-Based Attacks Become More Targeted
FireEye researchers have noticed an increase in targeted attacks against healthcare organizations that house large amounts of valuable patient data. This is opposed to the conventional “wide-net” approach to cybercrime attacks, which are more opportunistic, targeting as many organizations as possible and hoping for the best.
These hackers are using credential theft malware, ransomware, extortion campaigns, and cryptomining to execute these attacks. Over the past two years, many databases associated with healthcare have been put up for sale on the dark web, as well as the sale of access to healthcare systems in these markets.
This all confirms the suspicions of cybersecurity experts watching the healthcare industry – attacks are on the rise, and they’re becoming more targeted and more likely to reoccur. In fact, organizations in the healthcare industry are the third most likely to be hit again after an original cyber-attack.
In addition to using the range of standard cybersecurity technologies like antivirus and firewalls, you need to train your staff to ask themselves these key questions before opening an email:
- Do I know the sender of this email?
- Does it make sense that it was sent to me?
- Can I verify that the attached link or PDF is safe?
- Does the email threaten to close my accounts or cancel my cards if I don’t provide information?
- Is this email really from someone I trust or does it just look like someone I trust? What can I do to verify? Does anything seem “off” about this email, its contents or sender?
Evolution Of & Access To Phishing Kits
Cybersecurity professionals are noticing an uptick in the availability of advanced phishing kits being sold on the dark web. In fact, the AV-Test Institute estimates that a new malware strain, deployable via phishing, is created every 4 seconds.
In anticipation of what is likely to be a landmark year for phishing, make sure you know what to look for in a phishing email. Ask yourself the following questions:
- Do I know the sender of this email?
- Does it make sense that it was sent to me?
- Can I verify that the attached link or PDF is safe?
- Does the email threaten to close my accounts or cancel my cards if I don’t provide information?
- Is this email really from someone I trust or does it just look like someone I trust? What can I do to verify? Does anything seem “off” about this email, its contents or sender?
What’s The Best Way To Protect Yourself?
When you’re not sure if you have the skills or knowledge to get the job done, what can you do? Consult with cybersecurity professionals.
The cybersecurity professional’s job is to manage your cybersecurity, simple as that. Instead of needing an employee or internal team to keep your tech and data secure, you let someone else with the skills and knowledge do it for you:
- Cybersecurity professionals perform regular vulnerability testing as per industry standards to ensure you aren’t dealing with overlooked cybersecurity weaknesses.
- Cybersecurity professionals help you plan and achieve a secure environment to work in.
- Cybersecurity professionals provide ongoing service and support for any security-related concerns you may have.
Alvarez Technology Group can be your team of cybersecurity professionals. We’ll even help you find out if your data is for sale online – in honor of Cyber Security Awareness Month, we’re offering a free Dark Web Scan – contact [email protected] to claim yours.
Like this article? Check out the following blogs to learn more:
Watch Out! You’re IT Provider May Not Secure Your Data Properly
URGENT/11 Zero-Day Vulnerabilities Impacting 2 Billion Devices
8 Essential Reasons to Outsource Your IT Services
