Pub. 2 2021 Issue 3

cbak.com 14 In Touch O ver the past year, cybercriminals have proven they are adept at taking advantage of the vulnerabilities stemming from changing work environments and increased usage of digital channels. As institutions continue navigating the risks and challenges of remote workforces, it is imperative to stay informed of existing and emerging cybercrime trends. A variety of scams have made recent news, many of which opportunistically seize upon pandemic-related topics. Your institution must be prepared to recognize and mitigate evolving cyber threats, including: • Social Engineering: We’ve seen a stark increase in social engineering campaigns as cybercriminals leverage the hardships of the pandemic, including increased levels of stress among employees. Many of these campaigns masquerade as being related to stimulus checks, unemployment benefits, or even vaccines. CSI’s 2021 Banking Priorities Executive Report revealed more than 80% of bankers identified some form of social engineering as the top cybersecurity threat of 2021. • Ransomware: Once installed, ransomware locks out the authorized user and encrypts the available data to hold for ransom. Since ransomware attacks pose little risk to the hacker, provide a speedy payout for criminals, and are perpetuated with relative ease and anonymity, institutions should remain on high alert to identify and combat these attacks. Ransomware can be crippling for institutions, especially if regular data backups are not maintained. Because this type of malware continues to be an attractive method of extortion, incidents of ransomware are growing — along with the maliciousness and sophistication of attacks. • Increased Surface Area for Attacks: Due to the size of today’s remote workforce, attackers are targeting home networks — which are typically much weaker than in-office networks — to gain access to corporate data. Employees’ personal devices are also often targeted, providing attackers with a base to operate from within home networks and allowing them to monitor or intercept secure traffic. • Credential Stuffing Attacks: In this type of attack, botnets conduct brute-force password attacks using compiled lists of stolen credentials against login interfaces. Recently, the FBI reported that credential stuffing accounted for 41% of financial sector cyberattacks. • Point of Sale (POS) Skim Attacks: POS skim attacks occur when a criminal copies card payment information using POS processing devices, which are used everywhere from ATMs to gas station pumps. Despite the massive transition to e-commerce during the pandemic, these types of attacks have continued as criminals use digital skimmers to steal payment information from e-commerce websites. Emerging Cybercrime Trends for 2021 Although the threats discussed above indeed pose a risk to financial institutions and other organizations, there are several emerging cyber threats to consider as well. Institutions must stay vigilant, especially as many employees continue working remotely. • Supply Chain Attacks: This attack occurs when a bad actor targets a software vendor to deliver malicious code through seemingly legitimate products or updates. The recent SolarWinds breach is an example of a supply chain attack, which is becoming an increasingly popular method to distribute malware. • Virtual Private Network (VPN) Attacks: As remote work becomes the norm for many organizations, cybercriminals will likely continue VPN attacks in an attempt to gain access to corporate networks and data. Many home networks do not have proper passwords set up or lack security protocols, presenting vulnerabilities for criminals to target. Strengthening Your Defenses Against Emerging Cyber Threats BY TYLER LEET, CSI A s s o c i a t e M e m b e r A s s o c i a t e M e m b e r