As cybercrime increases amid the COVID-19 chaos, companies are struggling to protect their customers’ data, putting many at risk of becoming victims of credential and identity theft.
A password system alone isn’t enough to keep your organization safe from hackers, who have become much more skilled and sophisticated than ever before. Learn more about two-factor authorization systems and the extent to which they can significantly strengthen your data security in our article below.
Understanding the current state of cybercrime
As a result of the COVID-19 pandemic, financial institutions have been forced to make adjustments to their operations. Cybercriminals were quick to take advantage of the wider attack surface that resulted from a larger remote workforce. Funding extended to small businesses in need provided opportunities for cyber fraud as well.
For example, credential malware has been growing at an exponential rate, including mobile malware such as Cerberus and EventBot. Collectively, this malware is capable of stealing customer credentials from over 200 financial institutions. The leading seller of Cerberus saw a dramatic increase in sales in early April 2020, generating more profit in one week than the previous four months combined.
Many of the employees of financial institutions have become reliant on mobile devices since they started working from home. There are claims that cyber threat actors managed to install Cerberus almost one million times. Subsequently, intrusions and fraudulent activities rose significantly and put a great deal of pressure on security teams. Financial institutions continue to adjust to new technologies and working conditions.
The growth of credential theft during the COVID-19 outbreak comes on the heels of an increase in cyber threats in recent years. In July 2019, actors launched a targeted credential theft campaign against more than 100 organizations across the globe. According to security researchers, the goal of the actors was probably to deploy a famous malware called LokiBot to exfiltrate credentials and other sensitive data. An alert was issued to organizations in the financial sector in late 2019 after cybercriminals used a LokiBot variant to make a spear-phishing attempt on a bank in the Middle East.
Identity theft also grew last year as governments and financial institutions established financial relief programs to provide assistance to individuals and businesses that were struggling as a result of COVID-19. Cybercriminals started COVID-19 channels on criminal forums and marketplaces and peddled information to facilitate identity theft activities. These channels overshadowed recent identity theft news during the tax season as they provided opportunities to commit stimulus fraud using similar fabricated and stolen data.
Cyber threat actors have great flexibility when it comes to using identity theft-related resources through a variety of mechanisms. As organizations invest more in cybersecurity to prevent identity theft, actors are able to stay one step ahead with sophisticated tools.
Examples of cybercrime
One example of this is the rapidly growing digital fingerprint marketplace on a major criminal forum. Actors are able to sell, purchase, and exchange a wide range of compromised data on the forum, such as IP addresses, cookies, login credentials, user agents, locations, and operating systems. These digital fingerprints can be used to bypass anti-fraud measures.
Specific organizations may experience data exfiltration attacks or ransomware infections soon after the digital fingerprints for their security infrastructures appear on criminal forums. The multidimensionality and availability of digital fingerprints and other types of compromised data make it possible for actors to defraud banks’ customers on a continual basis. Organizations need to keep improving their anti-phishing and security education programs to prevent cybercriminals from capturing their customers’ identities and credentials.
The activities of cyber threat actors go beyond identity and credential theft. In a number of recent cyberattacks, data wasn’t only copied but also changed or destroyed. In 2019, cybersecurity researchers found a vulnerability called BlackDirect in Microsoft Azure. If not remediated, this vulnerability allows actors to steal and manipulate sensitive data, compromise production servers, and even encrypt an organization’s data to obtain a ransom. This disclosure came at a time when financial institutions and regulators were carefully examining cloud security vulnerabilities and other cyber threats following a massive data breach at a leading financial institution in the United States.
Cybercriminals have combined data theft and data extortion to expand their arsenal for ransomware attacks. They realize that they can launch multi-pronged attacks against businesses as a way to sustain ransomware as a profitable long-term approach. Actors may threaten to release stolen data or “name and shame” their victims, making the process of dealing with ransomware infections very challenging.
Recently, a group of ransom actors claimed they carried out a successful attack on a state-run bank in Central America, stealing millions of credit card records. This occurred at a time when cyber threat groups are collaborating with one another, making a quick shift from commodity malware attacks to targeted campaigns. In some cases, it only takes hours for ransomware to infiltrate a system. In the future, the collective effort of cybercriminal groups can be a dangerous threat to organizations across all industries.
Why 2-factor is no longer an option
As cybercriminals continue to devise new methods to infiltrate security systems, cybersecurity experts also need to develop more sophisticated data protection systems and features. These days, passwords no longer cut it. Cyber threat actors have hacking software and techniques that can easily break these codes. Using only passwords to protect your customers’ accounts is similar to locking your front door but leaving your back door open. All that a skilled hacker needs to do to breach your security system is to take a few extra steps.
How to protect your organization
One way to protect your sensitive data more effectively is to install a two-factor authorization system to augment passwords. Such a system requires the user to provide a second piece of information to confirm their identity. The two-factor authorization process may involve answering a secret question, entering a code sent via text or voice messaging, responding to a push notification, or using a hardware or software token that provides a new code for every login attempt. A two-factor authorization system may make the login process more inconvenient, but it works wonders in keeping your customers’ data secure.
If you’re looking for a truly well-thought-out data security solution that can help you stay ahead of cybercriminals, you should try Polymer for Enterprise software. This data governance software is specially designed to enable you to manage, monitor, and protect data exchanged on dozens of collaboration apps, such as Slack, Zapier, Dropbox, and GitHub. Contact us today to learn more about Polymer for Enterprise.