Five Social Engineering Trends to Watch
Cybercrime continues to be a growing threat and attack methods are constantly evolving. At the core of almost every successful cyberattack, one thing remains constant: a victim is persuaded in performing the desired action.
1. Consent phishing on the rise
With Covid-19, more businesses are moving their workloads to the cloud, and attackers are coming up with ingenious ways to hijack data stored in the cloud. So-called 'consent phishing' is one such variant of social engineering that involves the use of malicious apps that seek permission from users and provide legitimate access to cloud services and applications. Such apps don't require the code to be executed on the user's machine so they can easily evade endpoint security.
2. Business Email Compromise gets costlier
The FBI considers business email compromise (BEC), a.k.a. email account compromise, as one of the most damaging online financial crimes. This is another social engineering attack where cyber criminals impersonate a trusted business contact. Then they convince targets to pay invoices, transfer funds, or give access to data or intellectual property. Currently, the average cost of a BEC attack is estimated at $80,0000. According to Gartner, BEC attacks will continue to double every year through 2023 at a staggering total cost of $5 billion to its victims.
3. Deepfakes create deeper challenges
While social media enthusiasts use deepfake videos as a form of entertainment, cybercriminals see this as an opportunity to manipulate information, destroy credibility and impersonate trusted sources. Experts recently ranked deepfake technology as the most worrying use of artificial intelligence that could have serious implications in cybercrime and terrorism.
4. Nation-state attackers with social engineering in their arsenal
Data is the new oil and that's why rogue nations are consistently upping their ante in cyberwarfare. Whether it's stealing Covid-19 research or reconnaissance on high-value targets, state-sponsored attacks are growing fast. Between July 2019 and June 2020, Microsoft reportedly sent 13,000 notifications warning account holders of state-sponsored attacks.
5. Expanding Phishing-as-a-Service market
The growth of Phishing-as-a-Service has significantly lowered the bar for anyone looking to enter cybercrime. Similar to the Software-as-a-Service (SaaS) model where consumers access cloud-based applications for a monthly or annual subscription, phishing toolkits can be rented from cybercriminals for as low as $50 a month. 2021 has seen the emergence of a new cybercrime tool, dubbed LogoKit, that can build phishing pages in real-time and has already been detected on over 700 domains.
User awareness is no longer optional – it's a strategic imperative
It's pretty clear that attackers are crafting social engineering attacks that are becoming more successful with each passing day. Now more than ever, it is of significant importance for employees to keep their guard up at all times and trust nothing at face value. Studies have shown that the probability of a social engineering attack reduces significantly if users undergo security awareness training and develop muscle memory in identifying red flags and security anomalies. The most effective means for any business to achieve cyber resilience is through building and maintaining a culture of cybersecurity.