Phishing & Ransomware attacks have targeted many influential companies for many years, and this year is no different. Cybercriminals are still utilizing the same attacks using a wholly different passageway to push organizations in repaying the ransom and lure the workers using different types of phishing crimes.
Hackers are now more inclined towards attacking businesses with double-extortion type ransomware, where a cybercriminal threatens the integrity of a business. The hackers are also targeting organizational representatives throughout the Covid-19 situation by creating luring phishing pages to deceive users into putting their corporation or personal credentials.
Double-Extortion Ransomware – Use Case
Nick Rossman from IBM Security stated that the double-extortion ransomware attacks will be dominant this year, and large corporations will become the main target.
IBM Security’s group further investigated that in 59% of the total ransomware strikes, criminals exfiltrate a company’s sensitive info before encrypting everything to ask for ransom. They basically filter out sensitive information to blackmail companies about leaking their secrets, and that’s exactly how double-extortion crimes operate.
Double-extortion crimes go beyond the defenses of a company surpassing any backups or incident response strategies by hitting their weakest point where they become helpless and end up paying the ransom amount. Still, there is no assurance given from the criminal side as they still hold the company’s personal information that might be disruptive in the future.
As criminals have now shifted their techniques by focusing on copying and encryption of data, the ransom has also been doubled in recent years as per the “Cybersecurity Report 2020.” of TrendMicro. If we discuss the “WannaCry” ransomware, then it still scans for unpatched computers, and it compromised a large number of computers back in 2017.
Attacks using Emails
The ransomware strikes on corporations are constantly rising, but if we examine the number of dangerous emails being sent to the companies with attached malicious and infected files, then these emails are continually declining. The reason behind this decline is that criminals haven’t stopped spreading ransomware, but they have shifted mediums and procedures.
Email phishing is still popular, but now hackers utilize many other mediums to lure their users. These phishing scams now rarely target the masses; nevertheless, a rise in specifically directed phishing attacks is seen in recent years as hackers try to directly compromise high-profile individual’s accounts rather than random people.
Increase in Linux Vulnerabilities
Hackers are approaching the Linux system as many corporations are already moving to the cloud-based systems, recognizing it as a more secured and suitable medium for business. According to IBM Security, in 35% of the reviewed incident vulnerabilities, hackers utilized Linux flaws.
The cryptocurrency-miners take a huge percentage of Linux-based malware, and this is causing criminals to find new ways of abusing Linux operations while damaging the cloud services.
Rise of Deepfake
Deepfake is another threat obtaining popularity among attackers. Company scams and phishing threats are being improved using Deepfakes to replicate the voice of a company’s CEO or other people by making false claims on their behalf.
Ransomware and phishing attacks will continue to rise because of new techniques being introduced by cyber attackers. The companies have to stay alert for stopping any disruptive scenario; they need to fix all leaks while educating their representatives about future threats.