Research confirms that 71% of cyberattacks in 2022 didn't involve malware. Adversaries spend more time studying the company and social engineering. Let's walk through one of many cases outlined by the researchers. First, the attacker initiates an in-depth intelligence-gathering effort. The threat actor spent more than an hour on the phone with the victim company's help desk, trying to get any insights that could fuel the next phase of social engineering. Once they had a specific user in their sights, the attacker initiated a voice call informing the user their credentials had been compromised. Victims are then sent a malicious link and prompted to enter not just their login details but also their multifactor authentication (MFA) data. The adversary is off and running once the user is tricked into handing those over.In the next step, the hacker sets up a Remote Access Sofware (AnyDesk is one of the popular) that they remotely control. Once inside corporate walls, attackers set up and hide the tool, many of which end users and IT use daily for legitimate reasons. This setup allows hackers to monitor the activities and exfiltrate the data.
WOW. Thank you for sharing!!
The criminals are working harder and using new tools, including AI, to target people. There is money to be made and it's the business they have chosen. There was a great story on CBS 60 Minutes Sunday night which focused on scams directed at older people but the stories and lessons apply to people of all ages. The story also shows how technology can be used to spoof the voice of a specific person.
Video (appx 15 minutes): Watch 60 Minutes: Cyber scammers stealing from grandparents - Full show on CBS
1800 M St. NW, Ste 300SWashington, DC 20036
Phone+1 202 296 3671
Join ALTAMembership BenefitsLearn More