The increase in virtualization that followed the pandemic has widened the potential surface area for attack for criminals. Various references show significant growth Cybercrime Which affects both companies and end users.

According to a recent Fortinet report, Last year, 87% of Latin American companies experienced cyber security breaches. The economic loss of these attacks was $ 1 million or more than 63% of the affected units.

How do these attacks occur?

Attacks can occur through Various Malware (Malware)how is he Ransom program. But they can also occur as a result of attacks Phishing Or Social Engineering Which does not involve the installation of malicious software, but is caused by the theft of confidential data by various tricks.

Ransom program

Ransomware is a malicious program that steals files or data and encrypts it to make it inaccessible to the victim. To make this information available again, criminals are demanding a ransom. This is a modality that is growing in the region.

“The percentage of organizations that became victims of the ransom and paid the ransom increased from 45% to 57.5% in 2021.”, Distinguished from BTR Consulting. For its part, Accenture has published a report concluding that this type of attack has increased by 107% worldwide over the past year.

Malware combinations

When cybercrime types are analyzed through malware, various reports conclude that the ransomware is one of the most common. While it should be noted that there are other types of malware that have also grown like trojans that seem to be a legitimate program for the user, while performing it opens a back door that gives the attacker remote access. Infected computer.

And first of all, it is important to emphasize that many times a combination of malicious programs affects users. “In the past, malware was often created to perform a single malicious action. Nowadays, malware resembles the knives of the Swiss Army, “It can take more than one malicious action and is often designed to deliver more malware, which can cause even more damage,” said Jakub Kroustek, Avast’s director of malware research, in a recent report.

Social Engineering or Phishing

As mentioned above, not all cybercrime is committed using malware, it can also be done through social engineering techniques. This indicates that Fraudulent methods used by criminals to provide users with access certificates (username and password) Bank accounts, email, profiles on social networks and even WhatsApp.

According to a recent IBM report, In 2021, 29% of cyber attacks in the region were caused by stolen credentials.. And this is closely linked to phishing attacks, which, according to the same report, have seen a significant increase in the region.

Two main factors that occur in the case of phishing:

“It was established that Phishing is presented as a route of stable infection over time, with an average detection time of approximately 10,000 days.“- Sol Sol Gonzalez, Eset’s cybersecurity specialist, said when asked about the issue.

1. Hooks: Fashion themes, gifts and investment promises. In orchestrating such deception, cybercriminals try to create an attractive hook. Thus, they will send an email, message or even a phone call (this type of technique is called Vishning) to their potential victim and say that they are likely to be from a recognized entity and that they intend to offer benefits to them. .

They can say, for example, that they are representatives Any government agency And that they were contacted to give them access to social benefits; Or They are from the bank ი That a person was selected to receive a loan, e.g. At a time when there is a lot of talk about NFT and cryptocurrencies, many scammers are using these themes to carry out cyber fraud. As Eset warned; Or even to do Pyramidal diagrams.

2. Ask the user to give their passwords. Once cybercriminals gain the attention and trust of potential victims, they ask for their access codes. Sometimes they can be ordered directly, but in others they use slightly more sophisticated gadgets. for that WhatsApp account hijacking For example, they may notify the victim that an advertising code has been sent to them via SMS and should share it to receive the expected benefit. If the victim shares this information, he or she risks losing access to the profile because the requested information is an account validation code.

In other cases, it is sent to the customer via email or notification, A fake page link that pretends to be a real site (such as a bank, company, social network, etc.) And you will be asked to enter your username and password to update the information or complete the probable process to receive the promised benefit. In this way the offender gets this data.

Recommendations to protect yourself from cyber attacks:

1. It is important to be aware of how phishing campaigns work So as not to become a victim of fraud and identity theft.

2. Do not download attachments received by mail or notification with potential benefits. Nor offer confidential data over the phone.

3. Avoid clicking on links Which come through various communication services as it is possible that these are fake pages requiring access certificates that will later be used to access other user accounts.

4. Have strong passwords And do not use the same in all accounts. Having a key manager can be helpful for this.

5. Activate Authentication of the second factor On every account that allows this.

6. Avoid posting sensitive data on social media Or photos that help cybercriminals in their conclusion.

7. Remember security codes Received via SMS or email should never be shared with anyone.

8. Update the operating system And has a security solution.

Continue reading: