Bad Actors On Repeat:
The Same Old Cyber Vulnerabilities Keep Working

image of bad actor and computer accessories

The latest blockbuster threats, such as ransomware and cryptocurrency scams, may generate a lot of flashy headlines, but malicious actors still are cashing in on the classics.

Tried and true cybersecurity vulnerabilities remain very lucrative exploits for bad actors, even as their strategies evolve to try to sidestep increasingly sophisticated defenses.

A prime confirmation of that truth came from the FBI’s recently released Internet Crime Report. Because the annual analysis relies on reports from the American public, there likely were even more incidents than indicated, but the threats and trends are instructive.

The FBI described the increase in cyberattacks and malicious cyber activity last year as “unprecedented.”

The costliest crime reported was an a “top-ten” chart-topping oldy; Business Email Compromise, which was noteworthy not so much for the number of complaints (about 20,000) as for the adjusted loss: a staggering $2.4 billion. Yes, with a “b.” (Overall reported losses in 2021 surged to $6.9 billion.)

Business Email Compromise began with tactics such as compromised vendor emails, requests for W-2 info, or fraudulent asks for lots of gift cards — methods we may roll our eyes at today. However, the pandemic provided the perfect launch pad for initiating fraudulent wire transfers. In one new scheme, bad actors compromise emails from important people, such as a CEO or CFO, and request a virtual meeting with employees. Then, displaying a still picture and claiming their video/audio is glitching, they tell employees to initiate wire transfers or send directions via the compromised email address. Once they get the funds, they quickly move them to cryptocurrency wallets, then disperse them, making recovery very difficult.

In any cybersecurity incident, a rapid response can make all the difference. Prudent companies should consider these three strategies:

1. Proactively look for breaches. A compromise assessment service uncovers whether a threat actor already may have a foothold — an invaluable tool given today’s decentralized workforces.

2. Regularly train employees about evolving threats. As the latest trend in business email compromise indicates, today’s threats can appear quite credible. Most workers don’t read cybersecurity news, so these new iterations likely aren’t on their radar. This is called social engineering, and training to prevent it is crucial to a well-rounded security plan.

3. Plan for the worst. Don’t wait until you’re scrambling to contain a breach. Form a pre-existing relationship with a trusted cybersecurity adviser. Then, if something happens, you can protect yourself, get help tracking down the bad guys, and get back to normal operations as quickly as possible. Digital Forensics, Incident Response, and Managed Remediation services all play into this.

Other high-cost scams, based on the FBI data, include investment crimes, personal data breaches, real estate/rental fraud, tech support scams, non-payment/non-delivery crimes, identity theft, credit card fraud, and corporate data breach, and government impersonation.

By far, the most prevalent threat is the broad category of phishing/vishing/smishing/pharming, accounting for more than a third of the 847,000 total complaints to the FBI. That’s a massive jump from about 26,000 phishing complaints in 2018. While the category’s loss tally ranked much lower at $44.2 million, it looms as one of the likeliest threats.

Companies also can’t overlook more physical concerns, such as losing flash drives or other devices containing confidential data. Both the prevalence and magnitude of these threats is overwhelming. As much as we wish a company could set up a security system and coast, that’s not the reality in today’s world. Digital Silence’s people are passionate about getting businesses the support they need in an ever-changing security landscape. Contact Digital Silence to find out how we can protect you as a valued partner. We offer compromise assessment, social engineering, digital forensics, incident response, managed remediation, and much more.

Are you experiencing a
Security Incident?

We are here to help 24/7. In addition to providing immediate assistance, Digital Silence offers a suite of remediation services designed to help organizations get back to business.