November 30 is World Cybersecurity Day. The date, which seeks to raise global awareness of the current risks, is a good excuse for different malware laboratories to review the main security measures that all users should take into account. And also to prepare the future ground on the global threat landscape.
The event was created by the Association for Computing Machinery (ACM), an organization that promotes computational education and research and brings together more than 110,100 students in 1988 countries. The reason has to do with the fact that, as they explain, in November <> one of the first cases of a virus was detected that affected a series of computers at Cornell University, in the USA.
And the choice of the 30th has to do with the large number of purchases that are made at that time of year in the northern hemisphere, "instead of being focused on cyber threats." Add to that the huge amount of online shopping at the end of the year, and the date makes even more sense.
From that virus to today's complex landscape, where phishing, banking Trojans and ransomware dominate the scene, here are a series of predictions from three companies dedicated to cybersecurity, as well as a series of basic awareness tips to avoid cyberscams.
Artificial Intelligence (when not)
Phishing is a technique that aims to trick people into revealing their personal information, whether it's passwords, credit card numbers, or banking information. It is one of the most widespread techniques to scam due to its enormous effectiveness: cyberattackers throw "a net" and the more they fall, the better.
In this sense, AI is making the picture very complex and everything indicates that the trend is that, by 2024, it will get worse.
"Emerging AI tools will make it easier to produce phishing messages and impersonate specific people. Attackers can devise creative methods of automation by collecting data online, in order to produce drafts of letters mimicking the personal style of someone close to the victim," predicts the Global Analysis and Research Team at Kaspersky, a Russian cybersecurity company.
This, in fact, could already be seen in 2023: voices recreated with AI to deceive users, deepfakes, and more.
Cell phone surveillance and spying
Ekoparty, cybersecurity conference in Argentina. Photo: Guillermo Rodriguez Adami
There are more cell phones than people in the world: this data should be enough to understand why they are one of the most frequent targets of attacks.
Kaspersky presented this year at Ekoparty, one of the most important hacker conferences in Latin America, a work called "Operation Triangulation" that demonstrated how malware carried out an espionage campaign against iPhone devices with particular impact in Latin America.
"Operation Triangulation is a previously unknown mobile APT (Advanced Persistent Threats) campaign targeting iOS devices. The targets are infected through zero-click exploits [i.e., without the need for the user to interact] through the iMessage platform, and the malware gains full control over the user's device and data," Fabio Assolini, director of Kaspersky's Analysis and Research Team for Latin America, told Clarín.
"Apple's concern for the security of its mobile devices is noteworthy, but the Operation Triangulation investigation serves as a reminder that there is no such thing as invulnerable security. Organizations should exercise caution when handling files contained in iMessage and keep an eye out for new discoveries to know how to protect themselves from the latest threats. It is worth remembering that the attack described in this research was not limited to Kaspersky. We have even recorded attacks in Latin America, which makes this report very relevant for the region," Assolini said.
No cell phone, at the end of the day, is safe from potential attacks. These types of campaigns denote that, for next year, this trend could increase.
"Rent-a-hacker": renting a hacker to attack
"Malware as a commodity": how it works. Photo: Shutterstock
This is related to a concept called "malware as a commodity", that is, a panorama of threats available for a low amount, very easy to configure and that are exploited by groups active in Latin America.
At the ESET Latin America Forum that took place in the middle of the month in Punta del Este, which Clarín was able to attend, the Slovakian cybersecurity company explained this point: "There are multiple vendors on different platforms where you can buy tools to hack systems, financial or personal data of users and credit card data to 'rent-a-hacker' hacking services." developed David Gonzalez, an analyst at the threat lab.
Programs to attack are also sold. "Beyond the sale of stolen information, you see cybercriminal organizations that have their own sites and sell commodity malware. That is, they sell malicious code, as can be exemplified with Mars Stealer, a type of program to steal information that is offered on the dark web on a site that has a structure very similar to that of a legal ecommerce," explained researcher Martina López in a talk on the structure and uses of the dark web.
Kaspersky and ESET agree: "On-demand hacking groups are on the rise and provide data-stealing services to customers, ranging from private investigators to business rivals. This trend is expected to grow over the next year," the Russian company said.
Attacks on the "supply chain"
IFX Networks suffered ransomware this year and its impact reached as far as Argentina. Photo: Shutterstock
"The supply chain can be breached through attacks targeting small companies to affect large ones: The motives for such attacks can range from economic gain to espionage. By 2024, further developments are expected in the Darkweb access market activities related to supply chains, which would allow for more efficient and large-scale attacks," they warn.
What does this type of attack involve? A domino effect that affects not only a company but also those who hire services from the attacked company. This is what happened with a handful of Argentine companies this year when, from the hacking of a network that provides services mainly in Colombia and Chile, it impacted even in these latitudes (IFX Networks).
"If we add to that the fact that we are talking about a segment of companies that, even when they are very large in terms of turnover and number of employees (large industries), continue to be managed like the family businesses they are, we are facing a lethal cocktail of empowered cybercriminals on the one hand, and companies without an adequate strategy implemented to defend themselves," Alan Mai, specialist and CEO of Bloka, a company that provides cybersecurity services in the Latin American region, explained to Clarín.
"As for how to counteract them, I do have a very clear position here: it's not with more tools, it's by using internal processes that guarantee the adoption of the necessary measures to have a more secure network, in the broadest sense of the term," Mai warned.
"We see a boom in the demand for SOCaaS (Security Operations Center as a Service) services, which means that companies no longer know what tools to implement to feel protected, and now they are starting to hire services that allow them to orchestrate all the information they have. Because in the middle of 2023, in most of the post-mortem analyses we do, we see that the alerts had gone off in time, the records had indicated suspicious activity and the escalation could have been prevented: the problem was that there was no one to notice it in time," he closes.
Recommendations to be vigilant
One of the star attacks, phishing, however, has certain counterpoints or measures that can be taken to reduce the attack surface. Agustín Merlo, an independent cybersecurity researcher, suggests:
- Be cautious and wary when receiving emails, messages or calls without having previously requested them.
- Do not fall into the state of "Urgency", criminals will want you to feel afraid of a possible block on your account, this is so that you take less time to analyze what is happening.
- Examine the email, who is sending the email, and whether the links in it redirect to the correct site.
- Avoid clicking on a link and opening a new tab to access the entity's website on your own.
- Before entering private information on a site, always validate that the domain is correct, that it has "https://" and is not marked in red.
- Have an antivirus installed and updated
- When in doubt, contact the company or institution directly
Finally, perhaps the most important measure of all: having a second authentication factor activated in all important services, from banking to WhatsApp and social networks.