When you picture hackers, you conjure up an image of rebellious teenagers in hoodies, think again. Cybercrime is a great deal more organised than you might think and cybercriminals are increasingly developing business models of their own. In fact, certain groups of hackers are known to only work Monday to Friday, taking off weekends. These are no kid geniuses, they’re professionals.
Anyone can launch a devastating hit
Cyberattacks are becoming far more sophisticated. Specifically, there has been a sudden rise in nation-state attacks – attacks which are developed by countries and are backed by massive resources and budgets.
What’s worse, these attacks are increasingly being leaked to the general public. This means that instead of there being just a small group of very talented individuals with specific targets, there are now thousands of ordinary cybercriminals attacking as many people as they can. Because malicious individuals can also buy easy-to-download tools from hackers which guide them step-by-step through an attack, they don’t need programming skills or technical resources to launch a very sophisticated attack. It’s even possible to pay hackers for their time in putting together a particular attack for you. You could, for example, purchase Ransomware as a service.
This is a trend Check Point predicts will continue into 2018 for the simple reason that it is working. For most companies, cybersecurity is a knee-jerk reaction to the latest threat as opposed to a series of logical steps based on a holistic view of the areas in which they are exposed and where their biggest threats lie.
And what is most frightening is that we are going to see an increasing number of these attacks hit critical infrastructure such as power and water utilities, and public transport in the future.
Attack vectors are rapidly expanding
IoT devices, many of which are sold off the shelf without any security, are fantastic targets for hackers. And once these devices are connected, they act as a gateway into both the user’s home and company network.
People are also more reliant on their mobile devices than ever before. And while they may feel they know their devices well – from a security perspective, they don’t. Most people will blindly connect to their coffee shop’s WiFi without knowing whether it is secure. This is, without doubt, one of the biggest threat vectors, Check Point’s experts say, and one which needs to be addressed quickly.
At the end of the day, education is key to avoiding an attack. But there is also cost-effective software available that can fulfil this function. These types of software will alert users when the WiFi to which they are connected is compromised. And from an organisation’s perspective – when one of their users has connected to a compromised site or downloaded a compromised app the company can then have the affected device quarantined until it returns to a secure state.
Check Point has a product called ZoneAlarm Mobile Security which mobile phone users can install on their devices. On the enterprise side there is a product called SandBlast Mobile, which detects and prevents mobile threats before they have a chance to take effect.
Attacks are well-timed
Attacks are also becoming smarter, Check Point says. For example, hackers will launch an attack across borders over the weekend. Then when people who are working over the weekend are caught out, they won’t have the backing of their IT team to resolve the issue. By Monday major damage has already been done.
Cybercriminals also take advantage of seasons like Christmas, bringing retailers’ websites down when it hurts most.
Online shoppers become targets too, with people lured into downloading malicious apps in a bid to secure cheap deals.
SA is particularly vulnerable
While some might be tempted to think that South Africa, ‘hidden away’ at the tip of Africa, is less vulnerable to cybercrime than other countries, the opposite is true. According to Check Point’s latest Global Threat Impact Index, South Africa is currently number 29 on the list of countries most at risk.
At the end of the day, the writing on the wall is clear – local companies must take threat prevention to the next level by deploying more advanced security prevention technology if they want to remain unaffected by growing scourge of cybercrime.