printer friendly version

Cybercriminals eye passwords and cloud vulnerabilities

Carey van Vlaanderen.

“The cybercriminal is relentless, often sophisticated, and extremely persistent. In a constantly evolving threat landscape in which cloud adoption continues to grow and passwords are highly coveted by nefarious actors, attacks are expected to increase sharply in the coming year. However, this is being met with incredible advances and innovation from the cybersecurity industry,” says Carey van Vlaanderen, CEO of ESET South Africa.

Microsoft published its Digital Defence Report for 2022, which found a 74% increase in password attacks resulting in approximately 921 attacks per second. “Passwords remain an easy win for threat actors, but that is often because users give this attack vector to them on a plate. Attackers are cleverly compromising business networks prior to their phishing campaigns in order to look authentic, and even when victims believe they are carrying out their due diligence on a site, they can still be duped into believing they are in communication with the real deal,” Van Vlaanderen explains.

While nearly 1000 attacks per second is an astonishing amount, people and businesses can do much more to reduce this number. “Passwords continue to be something of an inconvenience in people’s lives, which is often down to not knowing or even trusting the free security layers on offer. Implementing password managers, on personal and work devices, can help force unique and strong passwords for all accounts applicable. Most importantly, introducing two-factor authentication on every account will hugely help reduce the impact of phishing campaigns,” she adds.

The past year has seen a tremendous increase in businesses and consumers embracing cloud and in 2023, this space will yet again, be the target of cybercriminals. Van Vlaanderen says the seismic shift from traditional on-premises to cloud hosting applications and infrastructure elevates cybersecurity risk.

While cloud services offer incredible benefits, it is imperative, from a risk mitigation perspective, to assign thought and attention to the following:

• Using a reputable cloud service provider – a fundamental first step

• Optimising and configuring using best practices

• Making use of best-of-breed cybersecurity software

• Multi-factor authentication (which should be standard)

• Encryption (which should be employed wherever possible)

• Strong password policies

• Assigning credentials and rights only to those that require access

• Redundancy is essential, backup and a disaster recovery plan should be enforced

• Test for vulnerabilities timeously

In 2022, spoof emails and ransomware defined the year and look set to remain a leading concern for people, businesses, and cybersecurity teams in 2023. “The damage caused by emails sent by cybercriminals that convincingly look like they originate from people within an organisation is real and extensive. These types of fraud usually try to create a sense of urgency, or employ scare tactics to coerce the victim into complying with the attacker’s requests. Emails with requests for quick payment should be handled with caution as emails can be spoofed with legitimate invoices but using cybercriminal banking details,” says Van Vlaanderen.

Despite ransomware reaching record levels this year, Van Vlaanderen says many organisations still do not understand where their most valuable data and systems lie, and therefore have inadequate data and protection. “A good starting place is to build an understanding of exactly all the data points that exist in your business. This enables clear strategy formulation on the data collected and stored. Irrespective of the size of your organisation, data protection is essential, and can be in the form of staff training, following compliance guidelines, utilising appropriate software, as well as ensuring data storage security combined with backups. There should always be a data or disaster recovery strategy in place.”

Van Vlaanderen predicts the continued innovation and adoption of smart technologies, IoT devices, car connectivity and infotainment, will present new attack vectors for cybercriminals in 2023. “Given the reality of attacks becoming more sophisticated and personalised, people and organisations cannot afford to be without some form of a protective solution in place, regardless of where the infrastructure is located or what device it is on.”

Share this article:

Further reading: