Are companies falling behind on cyber security awareness training?
New data from a Waterloo-based cyber security service suggests hackers have shifted their tactics and companies may not be keeping up.
Ryan Westman, senior manager of threat intelligence at eSentire, says spam emails and attachments have been the preferred route for sneaking malware into a target’s computer for many years.
“In 2020, email really dominated as the initial access factor at 66 per cent,” said Westman.
But it seems cyber criminals have found new attack methods.
“So in Q1, Q2 and Q3 in 2023, we’ve seen that browser-based initial access has really exploded to 47 per cent,” he said.
That accounts for nearly half of how all cyber attacks are making their way inside a computer. It comes as hackers have created millions of dangerous links that lead to fake websites.
“So what they’ll do is they’ll poison search engine results and it’ll basically result in someone searching for something like a legal document [being led to a fake site],” Westman said.
He adds that browser-based attacks can be trickier because they’re mimicking things like a Google ad, downloading a Zoom meeting or downloading a program like Adobe.
It seems companies are not keeping pace with these tactics as most continue to focus on identifying phishing emails.
“That’s actually one of the areas that I think the user awareness training needs to improve, is around the browser-based threats,” said Westman.
Some industries are more at risk of having sensitive information sold to other hackers on the dark web.
“Specifically in the case of what we’ve observed over the past year is a group referred to as the Gootloader malware group, they’ve specifically targeted the legal industry by poisoning search engine results for legal documents,” he said.
Just as companies begin learning of these new threats, another one is on the way. Westman said the rise of artificial intelligence could pose significant cyber security risks by 2025 – only adding to the constant game of digital cat and mouse.
HOW TO PROTECT YOURSELF
As simple as it sounds, Westman says an easy way someone can validate the information they’re seeing on a webpage is by reviewing the link they’ve visited.
“A really common thing would be to switch out an ‘E’ for a ‘3’ or a ‘1’ for an ‘L’ and it's very trivial, but it's very easy for a threat actor to stand up a page that looks and feels very similar to something like Adobe or a Zoom,” said Westman.
He also says a straightforward approach would be for companies to update their user awareness training to include browser-based threats.
It’s not the first time CTV News Kitchener has spoken with eSentire about cyber security.
They’ve offered tips for creating a strong password, maximizing cyber security, and even staying cyber safe during the Super Bowl.
CTVNews.ca Top Stories
Russian state news agencies say ousted Syrian leader Bashar Assad is in Moscow and given asylum
Ousted Syrian President Bashar Assad fled to Moscow on Sunday, Russian media reported, hours after a stunning rebel advance took over the capital of Damascus and ended the Assad family's 50 years of iron rule.
Baby found dead in south Edmonton parking lot: police
Police are investigating the death of an infant in south Edmonton.
Trump calls for immediate cease-fire in Ukraine and says a U.S. withdrawal from NATO is possible
Donald Trump on Sunday pushed Russian leader Vladimir Putin to act to reach an immediate ceasefire with Ukraine, describing it as part of his active efforts as U.S. president-elect to end the war despite being weeks from taking office.
Quebec Premier meets with Trump, Zelenskyy and Musk during Paris trip
Quebec Premier François Legault met up with Ukrainian President Volodymyr Zelenskyy, U.S. president-elect Donald Trump and billionaire Elon Musk while visiting Paris this weekend.
A man, a bike and a gun: Police search for evidence to solve the killing of UnitedHealthcare’s CEO on the streets of New York
As the investigation into the fatal shooting of a health care executive in Manhattan enters its fifth day, New York City police are missing key pieces of evidence.
Foreign Affairs Minister Melanie Joly focused on re-election, doesn’t explicitly rule out future Liberal leadership bid
Foreign Affairs Minister Melanie Joly insisted she supports Prime Minister Justin Trudeau and is focused on her own re-election, but wouldn't explicitly rule out a future Liberal leadership bid, in an interview on CTV's Question Period airing Sunday.
‘Moana 2’ cruises to another record weekend and US$600 million globally
The Walt Disney Co.'s animated film 'Moana 2' remained at the top of the box office in its second weekend in theatres as it brought in another record haul.
Trump says he can't guarantee tariffs won't raise U.S. prices and promises swift immigration action
Donald Trump said he can't guarantee that his promised tariffs on key U.S. foreign trade partners won't raise prices for American consumers and he suggested once more that some political rivals and federal officials who pursued legal cases against him should be imprisoned.
Updated advisory urges Canadians to avoid all travel to Syria, leave if possible
Ottawa is urging Canadians to avoid all travel to Syria and to consider leaving the country if it's safe to do so.