March 4, 2022
By Pavel Jiřík in Blog
The COVID-19 pandemic certainly “helped” all sorts of cybercriminals by forcing both businesses and individuals alike to move most of their activities online. The Association of Certified Fraud Examiners found that 79% of respondents saw an increase in fraudulent events following the outbreak of the pandemic, with 90% expecting even more instances of cybercrime in the future. Just to give an example, there were nearly 400,000 cases of credit card fraud in the US in 2020.
What can we all do to prevent ourselves from falling victims to such attacks? The best way to stop criminals is simply to learn what methods they have at their disposal. This way, we can stop them in their tracks or at least minimize the damage caused. That’s exactly what we are going to talk about here.
Cybercrime: Where Are We Now?
If it were considered a country, cybercrime would have the third-largest economy in the world. Cybercrime Magazine estimated that, in 2021, cyber-related crimes cost the world $6 trillion. By 2025, the losses caused by scammers might even reach $10.5 trillion.
But the damages done by them aren’t only financial. For businesses, cybercrime costs often also include:
- theft, damage, or destruction of data
- lost productivity
- disruption to how the company works
- reputational harm
- and many others
What’s more, cyberattacks are no longer just a problem for large and influential corporations. In fact, 43% of cyberattacks were aimed at small and medium-sized businesses that often don’t have enough money for cybersecurity and aren’t prepared to recover from such attacks.
Even more staggering are the costs of attacks made on individuals. The Federal Trade Commission reports that consumers lost $547 million to romance scams in 2021 alone. US consumers are also increasingly being scammed on social media, where they lost $770 million on these platforms in 2021.
5 Common Types of Cyberattacks
Because of the growing number and cost of attacks, many companies have now started to invest heavily in cybersecurity and awareness training for their staff in order to prevent cybercrimes and data breaches as much as possible. As a result, in 2022, worldwide spending on cybersecurity is expected to reach over $130 bn.
While this is an important step, businesses shouldn’t think they are safe - cybercriminals are constantly updating methods and coming up with new ways to strike. Below are some of the most common kinds of cyberattacks that individuals and companies should watch out for.
1. Phishing Attacks
Every day, Google’s Threat Analysis Group blocks around 100 m emails containing phishing links and malware downloads. Even though it seems like a lot, with 3.4 bn phishing emails sent each day, it’s clear that many are still evading security filters.
Unfortunately, because such emails look nearly identical to those sent by genuine companies, a lot of people fall for these scams and click on links to “verify their account” or “complete a transaction”. This way, they unwittingly give criminals their bank account data, social security numbers, or other personal information.
To avoid falling victim to phishing scams, users should be cautious when opening emails - especially if they contain hyperlinks, attachments, or ask for personal information. Banks or support centers never ask for account passwords or credit card numbers, so if someone is asking for them then it's a good idea to first contact a bank representative or tax department before responding.
Another “useful” method for criminals is vishing. This is a form of phishing that uses phone calls instead of emails to convince victims to act in a specific way, often giving fraudsters their private information or access to bank accounts.
Fraudsters - often claiming to be from the victim’s bank, police, or tax department, etc. - rely on social engineering techniques and threatening language to lead victims into believing that responding to the call is the right thing to do. For example, the caller might suggest that they want to help the victim protect their bank account or avoid criminal charges.
A second, common tactic is to leave threatening voicemails telling the recipient that they will be arrested, their bank accounts shut down, or worse if they don’t call back immediately. Some vishing cybercriminals even provide their victims with a phone number to call if they have questions or want to “verify” the caller’s identity in order to increase trust in them.
Sadly, the rise in popularity of Voice over Internet Protocol (VoIP) has made it extremely easy for cybercriminals to create fake phone numbers to hide behind. As fraudsters can create numbers that appear local or similar to those used by legitimate organizations and then quickly discard them, it’s getting harder to track and catch vishing criminals.
As with phishing, the best way to avoid falling for this scam is to never confirm or give out your personal information over the phone, even if the scammer offers you a way to apparently “verify” their identity.
3. Ransomware Attacks
Ransomware isn’t a new threat, but it is becoming more prevalent as criminals learn just how far companies are willing to go to protect their data and reputations. In 2020, victims of the 11 largest ransomware attacks spent a total of $144m on paying the ransom, investigating the attack, and restoring backups.
What does a ransomware attack usually look like? The victim’s computer is infected either through a phishing email or other exploit kits used by the criminals, then a ransomware program will encrypt either some file types or all of the data.
A message will then be displayed on the victim’s computer saying that the data needs to be unlocked with a unique decryption key for it to be usable again. But in order to get the key, companies need to pay a ransom, often in a cryptocurrency.
Attackers sometimes also threaten to delete the decryption key or increase demands after a certain amount of time has passed to put extra pressure on the victim to pay the ransom. According to the Sophos State of Ransomware 2021 report, the average ransom payment in 2020 was around $170k.
What can you do to avoid a ransomware attack? While there’s sadly no way to avoid being targeted by one, there are some measures you can take to minimize the impact:
- use and test backup data for your organization
- avoid clicking on unfamiliar or suspicious links
- never connect USB sticks or other storage media to your computer if you do not know where they came from
- keep your programs, firewalls, antivirus, and operating systems up to date
A good tip is to use an external hard drive that you will disconnect from your computer after creating a backup. Otherwise, if your hard drive is connected to your computer when some ransomware becomes active, data on the drive will also be encrypted.
4. Distributed Denial of Service Attacks (DDoS)
70% of organizations surveyed by Corero reported experiencing 20 to 50 DDoS attacks per month. Though most of them fail, the main issue is that with powerful machines, specialized tools, and far better bandwidth than ever before, cybercriminals can now launch DDoS attacks much faster and cheaper.
This also means that not just “big players” such as banks, enterprises, or social media platforms are at risk of being attacked. Businesses of all sizes and industries are all potential victims of DDoS attacks too.
A DDoS attack occurs when an attacker floods a target server with traffic to disrupt and perhaps even bring the target down. While sophisticated firewalls can detect and block suspicious amounts of traffic coming from a traditional DDoS attack, criminals can now also use multiple compromised devices to bombard the target with traffic.
The attack on the Amazon Web Service in 2020 was possibly the largest in the industry. In February that year, a massive online assault was launched on the company, using a rapid-fire attack to overwhelm its cloud servers. During the three days of the attack, traffic volume peaked at around 2.3 terabytes per second, breaking the previous record for the largest DDoS attack ever recorded.
Fortunately, many cybersecurity vendors have developed new and updated anti-DDoS and networking security solutions. These help protect enterprises from various types of both DDoS and botnet attacks, as well as multiple types of malicious applications that look for and exploit network vulnerabilities.
DDoS specialists can also be of help, as they can provide advice on the best solution for your specific situation and draw attention to any current vulnerabilities or issues.
5. Identity Theft
In 2020, nearly 1.4m identity theft cases were reported, and almost one-third of all those victims had fallen for this type of scam before. In just one year, from 2019 to 2020, the number of cases of identity theft grew by 53%. And the pandemic unfortunately only made the situation worse, as all sorts of government aid and unemployment support programs became ideal targets for cybercriminals.
Scammers targeted businesses and consumers alike by claiming to offer government assistance, home-testing kits, or help filling out Covid aid applications in exchange for personal or bank account information. Regardless of the method, their ultimate goal was the same: to gather enough information about the victim that would allow them to take out loans on their account or make purchases, for example.
For regular users, the easiest and cheapest way to protect your identity online is to share as little personal information about yourself as possible. Genuine tax departments or government agencies never ask for bank account details or security numbers, so you should be suspicious if anyone requests this information.
For businesses, meanwhile, adopting a passive voice biometrics system to verify callers might be exactly what they need to stop identity thieves in their tracks. As voice biometrics can be used to authenticate users via their phone or computer, unlike fingerprint or retina scanning, and it doesn’t require any special equipment, it is perfect for today’s remote world.
Voice verification is also more secure than using passwords or answers to personal questions, as it can easily expose identity thieves even if they use stolen data that would allow them to pass traditional security measures.
For this reason, using voice biometrics as a verification method is growing in popularity. This is especially true in call centers and financial institutions, as it helps them to prevent financial fraud - but not only. Since voice biometrics also allows companies to verify callers passively, without using passwords or PIN codes, it can make the authentication process quicker, easier for customers, and more secure than conventional methods.
The various types of cybercrime are growing in number and variety in 2022. As a result of the latest technologies, criminals can now attack more often than ever before. Knowing what the most common types of attack look like is therefore vital.
According to a study by IBM, human error is the main cause of 95% of cybersecurity breaches. So, by knowing what to expect, you will be able to take the necessary precautions to ensure your safety from such threats.
The majority of attacks can be prevented simply by not clicking on any suspicious links or sharing personal information online or over the phone. But investing in cybersecurity technology such as DDoS protection and voice biometrics should also be a priority for businesses. That way, in case of attack, they can prevent or at least minimize any damages caused - protecting their data and reputations.