They are continuing to attack with ransomware delivered via email and other phishing scams. Overall ransomware numbers are dropping, though that indicates a shift in criminal strategy from focusing on consumers to focusing on businesses (where the money is).
However, there are signs that people are FINALLY getting the message that clicking on every link in a suspicious email is a bad idea. The success of attacks via email are declining.
That doesn’t mean these crooks are giving up on their efforts to steal your data and expose your business to legal risk.
It means they are switching up how they attack you.
Here are four new ways cybercriminals are plotting to take what’s yours.
Social Media - Wolf in Sheep’s Clothing
As businesses rely on social media reviews to validate their goods and services, cybercriminals see an opening. There are two approaches to this extortion racket.
Cybercriminals set up social media accounts that can trick online customers into believing they are the real business. They then threaten to use these accounts to post embarrassing content that will damage the business.
The other approach is straight out of a mob movie and is the online equivalent of “nice business, be a shame if something happened to it.” Cybercriminals will engage in online reputation destruction, posting negative reviews on Yelp, Google, etc. unless a business pays up. Think this is far-fetched? CheapAir has been a recent target of this extortion scheme.
Don't’ think your online reputation is important? When was the last time you went to a restaurant or bought an item with a bunch of one star or negative reviews?
Cybercriminals and hackers are beginning to pretend to be legitimate SMB businesses on various social channels, tricking users into sharing personal details.
These accounts are hard to track and hard to take down.
The File-less Assault
Historically, there’s been a link to click that would download a malicious file and invite the virus into your computer. As more users are -- finally -- getting wise to phishing email scams, cybercriminals are turning to attacking the source.
Phishing emails were once a simple email blast with a link that, when clicked, downloaded the virus onto your computer. Today, they’re becoming more targeted and sophisticated. Cybercriminals are combing through social media accounts and other public information to better target their marks by personalizing their phishing attempts.
These social engineering attacks are more difficult to detect.
Malware That Thinks for Itself
Your SMB IT team has a hard enough time preventing brute force viruses. Do you think they can keep up when viruses are able to “think” and modify it’s code to avoid detection. While self-aware viruses are science fiction, Malwarebytes predicts for 2019 that “malware that is modified by, created by, and communicating with an AI [artificial intelligence] is a dangerous reality.”
Now that you’re aware of these growing attacks, take action.