As the clock ticked in 2023, we’re sure your business’ cybersecurity was the furthest thing from your mind, but now the celebrations are over and we’re all back to work it’s time to look at how to protect your business against cybersecurity threats in the coming year.
68% of businesses surveyed in 2022 feel that cybersecurity risks are increasing, and they have good reason to be concerned. Cyberattacks are getting more sophisticated, and they’re evolving all the time.
To keep your business protected in the coming year it’s important to understand the methods cybercriminals are using. Understanding the threats will help you to keep your IT security up to date to minimise the risk of a data breach or malware infection.
Here are the attack trends cybersecurity experts are suggesting we look out for in 2023:
Attacks on 5G devices
5G is finally beginning to fulfil the promise of lightning-fast internet, and as providers build out the infrastructure, this is expected to be a high-attack area.
Any time there is a new technology, there are always code vulnerabilities, and this is what hackers are looking to exploit. Cybercriminals are looking to take advantage of the 5G hardware used for routers, mobile devices, and PCs.
You can guard against this by making sure your firmware is up to date across all devices.
One-Time Password (OTP) Bypass
One-time passwords are a well-known, incredibly effective method of securing accounts, and preventing account takeovers even if a hacker managed to gain a user’s password.
However, cybercriminals are beginning to try and find ways to bypass this barrier. There are a few different methods hackers are attempting to use to get around OTPs, including:
- Reusing tokens – Gaining access to an old OTP and trying to reuse it
- Sharing unused tokens – The hacker uses their account to create an OTP and then attempts to use that token on a different account.
- Leaked tokens – Using an OTP leaked through a web application
- Password reset scams – A hacker uses a phishing attack to trick a user into resetting their password and then uses a scam text to fool the user into handing over their OTP.
The best way to protect yourself against this kind of attack is to ensure you never give out OTPs to anyone if you’re not 100% sure of their identity, and use an app like Microsoft Authenticator or Authy, where OTPs expire and are re-generated every 30 seconds.
Attacks surrounding world events
Large cybercriminal organisations have realised that global events and disasters are lucrative. During the pandemic, cyberattacks increased by roughly 600%. This is because cybercriminals use phishing campaigns for world events, whether it’s a hurricane, natural disaster or the war in Ukraine, and unsuspecting people fall for these scams, often because they are distracted by the crisis. These scams can come in the form of fake news articles, or even fake charity emails asking for donations. Often, they will use social engineering techniques such as including sad or harrowing images to play on people’s emotions.
It is important to be mindful of the source of any emails you receive, and never click on links or open attachments on an email unless you are 100% sure of the identity of the sender.
Elevated phishing using AI and machine learning
It’s getting harder to spot phishing emails. It used to be that they nearly always had spelling mistakes or grainy images, nowadays that is rarely the case. Criminal groups today use machine learning and AI to send out far more convincing emails that are not only personalised but are also identical to a real brand’s email. If you click on a link in one of these emails, the page it takes you to will also be identical to what you are expecting to see, making it easier for cybercriminals to dupe you into giving over your personal information. Therefore, it is important to only click on links and open attachments on emails where you are 100% of the source.
Smishing and mobile device attacks
We take our mobile devices everywhere with us nowadays, and we store a wealth of personal information on them. This direct connection to potential victims is not lost on cybercriminals. In 2023, expect to see a rise in mobile-based attacks, including SMS-based phishing – “smishing”.
Many people aren’t expecting to receive fake messages to their phone numbers, but mobile numbers aren’t as private as they used to be. Hackers can buy lists of them online and then craft fake messages that look like shipping notices or receipts. From here all it takes is someone to trust the link and enter their details and the hacker has access to their information.
Mobile malware is also on the rise. During the early part of 2022 malware targeted at mobile devices rose by 500%. It’s important to make sure you have anti-malware protection on your business mobile devices, as well as other protection such as DNS filters.
Schedule a cybersecurity check-up today.
Is your business prepared for the cyber threats coming in 2023? Don’t wait to find out the hard way, contact us and schedule a cybersecurity check-up to stay one step ahead of the digital criminals.