Haunted houses may be closed this Halloween season, but plenty of scares are still lurking around dark corners — and most of them aren’t the fun kind, this is still 2020 after all.
As a tech pro, you know the interwebs are chock-full of dangerous, eerie, and downright annoying hacker schemes. And this year, there’s no shortage of IT nightmares and cybercriminal activity to keep you and your team on your toes.
Is your company safe? To help you stay in-the-know — and ensure your workforce and users are prepared to help identify and avoid new threats — here are some frightening hacks and cybercrime trends IT pros need to be wary of in the weeks and months ahead:
The internet is home to billions of websites, and this staggering number grows by an estimated 500,000 per day. But while the lion’s share of these new sites consists of company websites, blogs, retailers, and content aggregators, many URLs are unsafe. In fact, even good domains sometimes (unknowingly) host spammy links.
According to data from Webroot, a shocking 40 percent of malicious URLs were found on legitimate sites — linking to everything from crypto-jacking schemes to viruses, adware, pornography, and more.
Be sure everyone in your organization exercises extreme caution when navigating the web. Ask them to stop and think before clicking something that seems out-of-place, and, if they do mistakenly click something spammy, to report it to your team immediately.
iPhones have long been touted an “unhackable” device, but, earlier this year, cybercriminals finally found a way to exploit a software flaw, according to the New York Post.
Unlike more traditional hacks that require victims to take action (like clicking a link or manually downloading a file), this malware infects the device when the phone automatically downloads incoming email messages.
Apple released an iOS patch that should have fixed the bug, and there’s been little coverage since. To play it safe, encourage all iPhone users within your company to consistently update to the latest version of iOS.
We’ve all seen the more obvious examples of fraudulent emails — supposed Nigerian princes asking recipients to wire money and poorly-written messages with sketchy attachments. But newer phishing scams are becoming more difficult to recognize.
Social engineering schemes that use real employee names and titles are tricking well-meaning employees left and right — especially since the pandemic forced millions of people into new ways of working. For example, someone may not think twice if they receive an email that appears to be from the company’s CEO, asking them to download a new program or file for remote work purposes.
Remind employees that, if someone asks them to take action via email, it’s critical they double-check by contacting the sender by phone or text first. Additionally, ask them to always be wary of emails from public email domains like “@gmail” or “@yahoo” instead of a legitimate company domain.
One of the newest cybercrime trends this year is a little something called “Spectra.” Essentially, it works by breaking the separation between Bluetooth and WiFi tech running concurrently on one device — like a smartphone or laptop. (It gets much more technical, so check out this article on ZDNet if you’re interested in the finer schematics.)
Unfortunately, there’s not much you can do right now about this one, other than stay aware of Spectra and routinely check for new developments.
If you have a visceral reaction to the term “ransomware,” then you’re not alone. For tech pros, this isn’t just a nightmare incident — it can also be one of the biggest headaches of your career. (Let’s take a moment of silence for every IT employee left to pick up the pieces after WannaCry.)
Once again, your organization’s workforce can be your best defense against an attack, so ensure everyone takes care not to open any unknown attachments or download suspicious files. And, of course, be sure to backup your data.
In Hollywood and real life, law enforcement agencies use devices to track cell phones via International Mobile Subscriber Identity (IMSI) catchers, which mimic cell towers. These tools are usually used to track and intercept data from bigtime criminals, like terrorists — but sometimes catchers fall into the wrong hands. Hackers can use IMSI catchers to deliver spyware or extract sensitive information, and it’s almost impossible to detect when it’s happening.
Thanks to the widespread disruption and confusion caused by the pandemic, hackers are having a field day this year — and it’s projected to get worse in 2021. But, by staying up to date on these spine-tingling cybercrime trends and educating your organization on how to mitigate hacker mayhem, you can reduce your chances of becoming the next victim.
What are you doing to protect your business from these spooky cyber attacks?