Cyber Threat Insights from the Front Lines
Recent headlines, including massive Medicare data breaches and a class action lawsuit against an LTC management company, are good reminders that vigilance is key to reducing your organization’s vulnerability. One important strategy is keeping up with the latest types of cyberattacks so that you can defend against them.
In a recent webinar, Tazergy cybersecurity partner, Huntress, updated Tazergy customers and industry colleagues on some of the latest threats they see from the front lines of cyber protection.
Common cyberattack entry points
To protect your organization, it is important to fortify all the potential entry points where cybercriminals can attempt to gain unauthorized access and compromise data or systems—the doors and windows a burglar might try to break into. Among the current, most popular targets for attack are Identity, Endpoint, and Humans.
Identity. Through this entry point, cybercriminals target a user’s identity or an organization’s identity structure to steal personal information and then use it to impersonate the victim.
Endpoint. Endpoints are devices (physical and virtual) that connect to a computer network, through which cybercriminals can gain unauthorized access, steal data, or disrupt operations. Devices can include desktop/laptop computers, mobile devices, servers, smart speakers, thermostats, and security systems.
Human. Often referred to as the weakest link in cybersecurity, the Human entry point is the largest target for any organization. Attacks to the Human entry point can be tougher to prevent, as it just takes a single person to inadvertently trigger a breach.
Three current cyberattacks targeting individual users
Since the most vulnerable point of entry is the Human element, let’s break down three of the most common lines of attack: phishing, malvertising, and SEO poisoning.
Phishing is an attack during which malicious actors send email or text messages pretending to be a trusted person or entity. Their end goal is to steal sensitive information, like usernames, passwords, credit card numbers, or bank account information. These messages often encourage the users to open an attachment, click on a link, or enable macros in a Word document.
Malvertising, or malicious advertising, is the practice of injecting malware into online ads to harm users. Cybercriminals use malvertising to trick users into visiting unsafe websites or downloading malware onto their computers. In some cases, malicious code can be embedded into ads. Users don’t need to click on the ad to be affected—the code might redirect them to a malicious website or exploit software vulnerabilities. In other cases, cybercriminals place ads on legitimate sites to reach a larger audience.
Some examples of malvertising include:
- Fake software updates. Ads look like updates for recognized software and can automatically download themselves onto a computer.
- Scareware. Ads claim that a computer is infected with a virus or other malware and urge the user to download a program to fix it.
- Steganography. A technique used to hide malicious code inside images that are shown as ads.
Search engine optimization (SEO) poisoning is a cyberattack that manipulates search engine results to promote malicious or infected websites. Users are tricked into clicking on links that appear legitimate but lead to websites designed to harvest sensitive information or infect their devices with malware. Attackers may create fake content or backlinks, inject malicious code into legitimate websites, use popular keywords, or launch an entire site with irrelevant content or content stolen from other sites.
Cyberattacks are ever-evolving so it is important to stay up-to-date on new threats and protect your organization from them. Having a tech partner that has your back is a crucial first step. Educating all members of your organization and continually reinforcing best practices is important as well.
To learn more about how Tazergy helps organizations reduce cybersecurity risks, request a consult.