Security Threats Increasing in Frequency, Complexity, Scale
October Is National Cybersecurity Awareness Month
Every organization, regardless of size or industry, can be a target of a cyberattack resulting in significant financial and reputational damages. Internet-enabled theft, fraud, and exploitation were responsible for a staggering $2.7 billion in financial losses in 2018. The FBI receives an average of 900 internet crime complaints each day, according to the FBI Internet and Crime Complaint Center. The Ponemon Institute states that, on average, it takes organizations 191 days to identify a data breach.
Fileless Attacks are on the rise and exploit vulnerabilities in software and applications already installed on a computer. They also can be embedded into webpages. This type of attack, typically undetected through traditional antivirus software, is ten times more likely to succeed than file-based attacks. Approximately 77% of compromised attacks in 2017 were fileless. (Ponemon Institute).
Zero-day attacks are similar to fileless attacks and exploit a security vulnerability in a webpage or application that is unknown to the organization. These attacks can reveal passwords, personal information, browsing history, and more. There is no time between when the vulnerability is discovered and the attack. Zero-day attacks are increasing among advanced hackers and can be some of the most difficult to defend against. Zero- day attackers want to remain undetected as long as possible and exploit victims incessantly for days, months, or even years. There are countless new vulnerabilities exploited daily via zero-day attacks.
Cryptojacking is the unauthorized use of someone else’s computer to mine cryptocurrency. Attackers prey on insecure web applications and servers that are exposed to the internet or are located in an internal network. They plant cryptomining code to use and consume resources and extract data. There is a rise in cryptojacking attacks as well as constant attention to misconfigured public cloud instances.
Phishing emails are complex, highly-targeted attacks that have grown in sophistication due to professional hackers recognizing the significant financial opportunity in identifying and targeting employees within an organization. Phishing emails can appear to be sent from a colleague discussing a current project, because the attacker has taken the time to discover corporate initiatives. The majority of malware is still delivered by email.
Ransomware, a form of malware that holds a computer hostage until a ransom is paid to the attacker, is the most popular phishing attack. Ransomware attacks are growing in both frequency and sophistication, despite best efforts from industry experts and law enforcement. In fact, nearly 93% of phishing emails contain or link to ransomware.
Distributed denial of service (DDoS) attacks are launched from multiple computers and internet connections to flood targeted network infrastructure with traffic — ultimately causing a denial of service. DDoS attacks are becoming more frequent and longer-lasting, causing more financial and reputational damage than ever before.
For more information, visit www.fnts.com.