Are companies falling behind on cyber security awareness training?
New data from a Waterloo-based cyber security service suggests hackers have shifted their tactics and companies may not be keeping up.
Ryan Westman, senior manager of threat intelligence at eSentire, says spam emails and attachments have been the preferred route for sneaking malware into a target’s computer for many years.
“In 2020, email really dominated as the initial access factor at 66 per cent,” said Westman.
But it seems cyber criminals have found new attack methods.
“So in Q1, Q2 and Q3 in 2023, we’ve seen that browser-based initial access has really exploded to 47 per cent,” he said.
That accounts for nearly half of how all cyber attacks are making their way inside a computer. It comes as hackers have created millions of dangerous links that lead to fake websites.
“So what they’ll do is they’ll poison search engine results and it’ll basically result in someone searching for something like a legal document [being led to a fake site],” Westman said.
He adds that browser-based attacks can be trickier because they’re mimicking things like a Google ad, downloading a Zoom meeting or downloading a program like Adobe.
It seems companies are not keeping pace with these tactics as most continue to focus on identifying phishing emails.
“That’s actually one of the areas that I think the user awareness training needs to improve, is around the browser-based threats,” said Westman.
Some industries are more at risk of having sensitive information sold to other hackers on the dark web.
“Specifically in the case of what we’ve observed over the past year is a group referred to as the Gootloader malware group, they’ve specifically targeted the legal industry by poisoning search engine results for legal documents,” he said.
Just as companies begin learning of these new threats, another one is on the way. Westman said the rise of artificial intelligence could pose significant cyber security risks by 2025 – only adding to the constant game of digital cat and mouse.
HOW TO PROTECT YOURSELF
As simple as it sounds, Westman says an easy way someone can validate the information they’re seeing on a webpage is by reviewing the link they’ve visited.
“A really common thing would be to switch out an ‘E’ for a ‘3’ or a ‘1’ for an ‘L’ and it's very trivial, but it's very easy for a threat actor to stand up a page that looks and feels very similar to something like Adobe or a Zoom,” said Westman.
He also says a straightforward approach would be for companies to update their user awareness training to include browser-based threats.
It’s not the first time CTV News Kitchener has spoken with eSentire about cyber security.
They’ve offered tips for creating a strong password, maximizing cyber security, and even staying cyber safe during the Super Bowl.
CTVNews.ca Top Stories
DEVELOPING Gunman at large after UnitedHealthcare CEO fatally shot in apparent targeted attack, law enforcement official says
The CEO of UnitedHealthcare was shot and killed in midtown Manhattan Wednesday morning in an apparent targeted attack as he was about to attend the company’s annual investor conference, a law enforcement official tells CNN. The gunman remains on the loose.
Trump considers DeSantis for the Pentagon with Hegseth under pressure over allegations: AP sources
The nomination of Pete Hegseth, U.S. president-elect Donald Trump's choice to lead the Pentagon, is under pressure as senators who would need to confirm him weigh a series of allegations that have surfaced against him.
VPD issue public warning after random sucker punch at bus stop
Vancouver police have released security video as they seek witnesses to an unprovoked assault in the downtown core.
$80-million jackpot: 2 winning tickets sold in Canada
There are two winners of the $80 million Lotto Max jackpot, Ontario Lottery and Gaming (OLG) has announced. The prize will be split between two tickets sold in Quebec and Alberta, respectively.
2 Quebec men top BOLO program's latest Top 25 list of Canada's most wanted
Two men believed to be central figures in Quebec’s violent and ongoing drug conflict topped the Bolo Program's latest Top 25 list of Canada's Most Wanted fugitives.
Mexico president says Canada has a 'very serious' fentanyl problem
Foreign Affairs Minister Mélanie Joly is not escalating a war of words with Mexico, after the Mexican president criticized Canada's culture and its framing of border issues.
Mexican troops seize a record fentanyl haul days after Trump threatened tariffs
Mexican soldiers and marines have seized over a ton of fentanyl pills in two raids in the north, with officials calling it the biggest catch of the synthetic opioid in the country’s history.
Transgender rights case lands at U.S. Supreme Court amid debate over ban on medical treatments for minors
The U.S. Supreme Court is hearing arguments Wednesday in just its second major transgender rights case, which is a challenge to a Tennessee law that bans gender-affirming care for minors.
Calls for Ottawa to end Canada Post strike mount as businesses face challenges
As the Canada Post strike nears its three-week mark, stores across the country have turned to alternate measures to send products to paying customers and keep operations running smoothly.