A recent report from Microsoft sheds light on the current state of cybercrime.1 The software giant released of its annual Digital Defense Report, which analyzes cybercrime over the past 365 days, to the public. The analysis shows how adaptable hackers have proven to be. What did the report find?
Cyber Criminals Target Humans, Not Machines
According to the Microsoft report, a whopping 70% of cybercrime takes the form of phishing, the most common type of social engineering attack. In these attacks, scammers pretend to from a trusted institution, usually via email, and send unwitting recipients to a Web page where they would log in with their actual credentials. However, the website is fake, and this information goes straight to the scammers, who can then use it to log into the real institution's website, instead of logging the user in. Therefore, Microsoft refers to phishing as "credential harvesting." The Microsoft report highlighted just how serious a problem phishing has become. In 2019 alone, the software company blocked one billion emails that included URL intended to harvest the victim's credentials.
These results make a compelling argument for cybersecurity training. Phishing attacks are successful when people are tricked into clicking links and providing their credentials to scammers. No hacking is necessary, and scammers realize this and have turned their attention from critical infrastructure to the people who use it. By increasing user vigilance and adherence to security policies, phishing attacks may decrease. This is especially important in 2020 when so many people work from home for the first time due to the COVID-10 pandemic. In 2020, some phishing scams reflect the significance of the pandemic in our lives with scammers posing as the CDC and World Health Organization and targeting medical organizations. With concern shifted to COVID-19, some people may have overlooked their role in cybersecurity and fallen victim to these scams.
This report also serves as a prescient reminder of the importance of password security. If a scammer successfully harvests a victim's email and password with a phishing attack, they may have access to more than just the account at the imitated institution if the victim uses the same email address and password combination for other websites. Therefore, it's important to use strong and unique passwords for different websites and services.
Ransomware Is A Persistent And Pernicious Threat
Microsoft also reported an increase in ransomware attacks in which hackers lock down the victim's computer and hold data hostage unless the victim pays to unlock their files, often via cryptocurrency. However, hackers may not release data after receiving payments, and victims cannot guarantee that the ransomware is fully removed from their systems. While ransomware has proved lucrative for some hackers, companies learn a costly lesson when productivity drops, and data must be retrieved.
Ransomware may be on the rise, but malware in general controls a smaller share of the cybercrime market than it once did. After all, why would hackers exert the effort to hack a computer or create malware when it's so easy to get victims to provide their login information? Companies must become as adaptable as scammers have proven to be if they want to avoid falling victim to phishing and ransomware attacks, strengthening both technological and human measures to fight cybercrime.
LeadingIT offers 24/7, all-inclusive, fast, and friendly technology and cybersecurity support for nonprofits, manufacturers, schools, accounting firms, religious organizations, government, and law offices with 10-200 employees across the Chicagoland area.