Cybercriminals turn to mobile devices, ‘deep fakes’

Cyberattacks are reported almost daily on various enterprises as well as individuals. Rwanda police recently charged 12 people with digitally breaking into the Equity Bank and stealing a large sum of money in November 2019. Travelex, the foreign-exchange bureau, has its computer data held to ransom this past New Year’s Eve, the thieves demanding US$6 million to undo the lock they had placed on it. Phishing through email has become a common way to obtain Facebook users’ personal information – they receive a link to a fake website where they have to provide that info to gain access. These are just a few examples, but we will be seeing more and more advanced cyberthreats in the future in parallel with the emergence of newer technologies.

From the RiskBased report 2019, the details of 4,100 online financial transactions were released to the public due to data breaches while seventy-one per cent of those involved financials and rewards and most of the rest political and government-backed issues in the first half of 2019.

The most common forms of cyberattacks are hacks (52 per cent), malware (28 per cent) and phishing and social engineering (32 per cent), Verizon said last year.

Malware is generated when a computer user clicks on a link or email attachment that installs software that will block access to key components of the network, rendering the system inoperable but sharing information from the hard drive.

Phishing entails fraudulent communications that appear to come from a reputable source, usually through email. The intent is to steal sensitive data such as credit card and login data. Social engineering involves manipulating people into giving out confidential information that leads to a more complex fraud scheme.

The “Kaspersky Security Bulletin 2019 – Advanced Cyberattacks and Threat Predictions for 2020” foresees threats growing in sophistication and becoming more specifically targeted. The focus will be more on mobile attacks and they will diversify in tandem with the propagation of machine learning, “deep fake” technology and global trade tensions.

Kaspersky – which monitors these threats and builds tools to thwart the criminals – warns that so-called deep fake video and audio files will be automated to support profiling and the creation of scams and social engineering schemes.

Kaspersky, based in Russia, announced three-digit year-on-year growth for its “enterprise solutions” segment in Southeast Asia in 2019. “While Southeast Asia houses countries at different levels of IT maturity as well as economic stages, one thing in common – enterprises in this region are starting to see the importance of a multi-layer approach to cybersecurity especially as they embark on their Industry 4.0 journeys,” said managing director Stephan Neumeier.

“With our in-depth threat intelligence and next-generation technology, we are confident that our enterprise growth in this region, along with the entire Asia-Pacific region, has just started. Thailand showed double-digit growth, mainly from the growth in enterprise solutions offered to financial institutions, healthcare and manufacturing companies.

Kaspersky’s key business solutions include Threat Intelligence and Anti-Targeted Attack. “These products aim to provide a holistic ‘true cybersecurity’ for companies. When we talk about true cybersecurity, it involves the combination of solutions and professional services which can cover the four stages of a cybersecurity attack – predict, prevent, detect and respond.”

Conscientious firms build cybersecurity into their business value, starting with customer relationships, production processes and supplier interactions. If done properly, these actions enhance customer trust, accelerating their adoption of digital channels. They reduce the risk of customers or employees trying to circumvent security controls. They build security into customer-facing and operational processes, reducing the deadweight loss associated with security protections. 

Businesses need to determine what required actions and cybersecurity frameworks are incorporated so they can prevent, respond to and minimise losses to themselves and stakeholders, Kaspersky says.

Here are seven ways employees make a business vulnerable to cyberattacks:

• opening email from unknown people
• having weak login credentials
• leaving passwords on sticky notes
• having access to everything
• lacking effective employee training
• not updating anti-virus software
• using unsecured mobile devices