We are halfway through Q1 of 2023. Every new year marks a time of renewal as we plan for the possibilities and goals we want to achieve for our businesses. It’s also a time when you need to plan for resiliency in the face of ever-present and growing cyberattacks.

According to Cybersecurity firm Varonis, 68% of surveyed business leaders feel that security risks are getting worse – and their concerns are well grounded. Attacks are growing in both number and in the level of sophistication. They are also often perpetrated by large criminal organizations who, treat these attacks like a business – because it IS a business – as much as any enterprise ever run by Al Capone or John Gotti.

In 2021, the average number of global cyberattacks increased by 15.1%.

Watching attack trends is of prime importance to protecting your business. What new methods are hackers using? What types of attacks are increasing in volume? Knowing these things is important. It helps you better update your IT security to mitigate the risk of a data breach or malware infection.

This is a good time for a discussion with your It people – whether an in-house IT services team or an outsourced Managed IT Services provider. If they are worth their salt, they will know what’s new on the threat matrix and inform you what steps they are taking to ensure that your Cybersecurity is staying ahead of the game.

Here are the attack trends that you need to watch out for:

Attacks on 5G Devices

5G has been a major buzz around the world for a few years and is finally beginning to fulfill the promise of lightning-fast internet. As providers continue to build out the infrastructure, you can expect this to be a high-attack area.

Hackers are looking to take advantage of the 5G hardware used for routers, mobile devices, and PCs. New technologies like 5G invariably have some code vulnerabilities - exactly what hackers are looking to exploit.

Prepare for these eventual attacks by being aware of the firmware security in the devices you buy. This is especially true of those enabled for 5G. Some manufacturers build better firmware security into their designs than others. Be sure to ask about this when purchasing new devices.

One-Time Password (OTP) Bypass

This is an alarming new trend that is designed to get past one of the best forms of account security. Multi-Factor Authentication (MFA) is well-known as very effective at preventing fraudulent sign-in attempts. It can stop account takeovers even in cases where the criminal has the user’s password.

There are a few different ways that hackers try to bypass MFA. These include:

  • Token reuse: Gaining access to a recent user One-Time Password (OTP) and trying to reuse it.
  • Unused token sharing: The hacker uses their own account to get an OTP. Then attempts to use that OTP on a different account.
  • Leaked token: Using an OTP token leaked through a web application.
  • Password reset function: A hacker uses phishing to dupe the user into resetting a password, then tricking them into handing over their OTP via text or email.

Attacks Based on World Events

Just like that Rahm Emanuel quote about politics, hackers “never let a crisis go to waste.” During the pandemic, the cyberattack volume increased by approximately 600%. Large criminal hacking groups have realized that world events and disasters create emergency measures and an amount of initial chaos – a perfect Petri dish for spawning a new attack matrix.

Cyber criminals unerringly launch phishing campaigns in response to world events – from the war in Ukraine to the recent (and ongoing) environmental disaster in East Palestine Ohio, and every hurricane, flood, or tornado that comes down the pike. Unsuspecting people who would like to help often fall for these scams – many of which center around donations. People are likely to be distracted by the crisis and lower their guard.

Everyone needs to be especially mindful of scams surrounding events like these. They will often use social engineering tactics, such as sad photos, to play on the emotions.

Smishing & Mobile Device Attacks

Mobile devices go with us just about everywhere these days. Remote connections are typically one of the first attack points hackers go after, because they are often vulnerable. Look for more mobile device-based attacks, including SMS-based phishing (smishing).

People are less likely to expect fake messages to their personal numbers, but cell numbers are no longer as private as they once were. Hackers can buy lists of them online – often on the regular web, not the ‘Dark Web’. They then craft convincing fake texts that look like shipping notices or receipts – just like an email phishing attack. One wrong click is all it takes for an account or data breach.

Mobile malware is also on the rise. During the first few months of 2022, malware targeted to mobile devices rose by 500% and it’s still growing. It’s important to make sure that you have good mobile anti-malware as well as other protections on your devices, such as a DNS filter.

Elevated Phishing Using AI & Machine Learning

These days, phishing emails are not as easy to spot as they once were. It used to be that they nearly always had spelling errors or grainy images. While some still do, most don’t. Hackers have cleaned up their act.

Criminal groups use Artificial Intelligence (AI) and machine learning to elevate today’s phishing. Not only will it look identical to a real brand’s emails, but it will also come personalized. Hackers use these tactics to capture more victims. They also allow hackers to send out more targeted phishing messages in less time than in years past.

Frequently Asked Questions

Q: How common are cyber attacks?

A: This is a constantly changing matrix, but according to Norton back in September 2022, and attack happens every 44 seconds throughout the day.

Q: Can the 5G network be hacked?

A: Anything can be hacked by hackers smart enough to figure out how. 5G is especially vulnerable because of its dependency on cloud technology. According to Karsten Nohl, founder of Security Research Labs, “A lot of telecom companies don’t have much experience in protecting their systems.

Q: Is there a way to stop phishing?

A: Criminals always find a way, but you best protection is ongoing Security Awareness Training for all employees. After that, next-generation Firewall and Antivirus (AV) should be in place and whatever IT services you use need to set the anti-spyware and AV scanning to their highest level – and the programs should be regularly updated.

Q: How do smishing attacks work?

A: They work just like phishing attacks, but they use text messages on smart phones rather than emails.

How secure is your network?

As a reputable member of the IT Support Los Angeles community since 2002, IT Support LA offers a FREE, no-risk network and security assessment. It is a non-intrusive scan that allows us to deliver a comprehensive report that is yours to keep. No strings, and no obligation to ever use our Managed IT Services.

The best defense is the best Cybersecurity to protect your data from theft, and a top-notch Managed Services Provider (MSP) to ensure continued reliability and defenses against newly emerging threats.

With our 100% Money Back Guarantee in writing, we offer a risk-free way for prospective clients to try us out. Because we do not require a ‘hard’ contract, our clients can fire us at any time with 30 days’ notice. We have to be good.

Need Help Reducing Offboarding Security Risk?

When you proactively address digital offboarding, the process is easier and less risky. Contact us today for a free consultation to enhance your Cybersecurity.

Among the Managed IT services we provide:

IT HelpDesk Service
Onsite IT Support
Cybersecurity
Cloud migration and management
Email migration services
Backup and disaster recovery
VoIP phone systems
IT disposition and recycling
Office moves
White label services (IT to IT)

IT Support LA an award-winning Managed Services Provider (MSP):
o  3 Years awarded Best IT by the Small Business Expo
o  Awarded 2nd best company of any type in the US by the Small Business Expo SB100
o  Awarded Best IT in California by Channel Futures
o  Winner of Best IT Support in Los Angeles 2021 by Channel Futures
o  Listed as one of the world’s Top 501 Managed Services Providers by CRN and in the top 250 in the ‘Pioneer’ listing
o  4 years listed as one of the Top 501 MSPs in the World by Channel Futures
o  Globee 2021 Bronze Award winner for Chief Technology Officer of the Year
o  Globee 2022 Gold Award winner for Chief Technology Officer of the Year
o  Named one of 2022’s 50 ‘Best’ businesses in California by UpCity
o  Named Best of IT winner for 2021 by UpCity
o  Winner of Local Excellence Award for 2021 by UpCity
o  Named Best of Cloud Consulting winner for 2021 by UpCity
o  Certified as Top MSP and Cybersecurity Pro for 2021 by UpCity
o  Named Best IT Support in Los Angeles for 2021 by Expertise.com.

For more information, or to receive your FREE no-risk network and Cybersecurity assessment, just fill out the form on this page or call us at:
818-805-0909