A new report from CyberCube found that sophisticated cybercriminals are increasingly shifting to launching business email compromise (BEC) attacks against executives, Insurance Business reports. These targeted attacks require more effort than generic phishing spam, but the potential payoff is far higher.
A similar trend has been seen in ransomware attacks, where criminals are conducting more targeted and damaging operations and requesting ransom amounts tailored to the victim organization. Oliver Brew, CyberCube’s head of client services, stated that this is part of a larger shift within the cybercriminal landscape.
“The business model for cyber crime is evolving rapidly,” Brew said. “Threat actor groups are conducting campaigns and adjusting their models to extract greater value from a smaller number of attacks. Recently, we’ve seen some very sophisticated and aggressive organized criminal groups conduct carefully targeted ransomware attacks, which mark a move away from the traditional high-volume, low-value approach.”
CyberCube’s head of content, Yvette Essen, said that remote working conditions create more openings for attackers to get into an organization’s networks or to hijack conversations.
“Criminals are realizing that ransom demands of millions of dollars are achievable when the target becomes a corporation rather than lots of consumers,” Essen said. “The danger now is that the coronavirus outbreak is creating the ideal conditions for ransomware attacks to flourish. With widespread working from home, increased internet traffic, increasing use of technology for what were face-to-face transactions, corporations must increase their vigilance.”
Meanwhile, Darren Thompson, CyberCube’s head of cybersecurity strategy, noted that many ransomware attacks aren’t disclosed, so these incidents are far more common than people might think.
“It’s important to remember that the amount of ransomware attacks like Travelex which have gone public are just the tip of the iceberg,” he said.
Any organization can be targeted with ransomware or business email compromise attacks. New-school security awareness training can prepare your employees to defend themselves against social engineering tactics.
Insurance Business has the story: https://www.insurancebusinessmag.com/us/news/cyber/ransomware-targets-csuite-executives--cybercube-219534.aspx