Are companies falling behind on cyber security awareness training?
New data from a Waterloo-based cyber security service suggests hackers have shifted their tactics and companies may not be keeping up.
Ryan Westman, senior manager of threat intelligence at eSentire, says spam emails and attachments have been the preferred route for sneaking malware into a target’s computer for many years.
“In 2020, email really dominated as the initial access factor at 66 per cent,” said Westman.
But it seems cyber criminals have found new attack methods.
“So in Q1, Q2 and Q3 in 2023, we’ve seen that browser-based initial access has really exploded to 47 per cent,” he said.
That accounts for nearly half of how all cyber attacks are making their way inside a computer. It comes as hackers have created millions of dangerous links that lead to fake websites.
“So what they’ll do is they’ll poison search engine results and it’ll basically result in someone searching for something like a legal document [being led to a fake site],” Westman said.
He adds that browser-based attacks can be trickier because they’re mimicking things like a Google ad, downloading a Zoom meeting or downloading a program like Adobe.
It seems companies are not keeping pace with these tactics as most continue to focus on identifying phishing emails.
“That’s actually one of the areas that I think the user awareness training needs to improve, is around the browser-based threats,” said Westman.
Some industries are more at risk of having sensitive information sold to other hackers on the dark web.
“Specifically in the case of what we’ve observed over the past year is a group referred to as the Gootloader malware group, they’ve specifically targeted the legal industry by poisoning search engine results for legal documents,” he said.
Just as companies begin learning of these new threats, another one is on the way. Westman said the rise of artificial intelligence could pose significant cyber security risks by 2025 – only adding to the constant game of digital cat and mouse.
HOW TO PROTECT YOURSELF
As simple as it sounds, Westman says an easy way someone can validate the information they’re seeing on a webpage is by reviewing the link they’ve visited.
“A really common thing would be to switch out an ‘E’ for a ‘3’ or a ‘1’ for an ‘L’ and it's very trivial, but it's very easy for a threat actor to stand up a page that looks and feels very similar to something like Adobe or a Zoom,” said Westman.
He also says a straightforward approach would be for companies to update their user awareness training to include browser-based threats.
It’s not the first time CTV News Kitchener has spoken with eSentire about cyber security.
They’ve offered tips for creating a strong password, maximizing cyber security, and even staying cyber safe during the Super Bowl.
CTVNews.ca Top Stories
'Some structural damage' from wildfire near Fort Nelson, B.C., mayor confirms
More than one home has been damaged or lost due to a massive wildfire outside of the B.C. community of Fort Nelson, the mayor confirmed Wednesday.
'Very expensive lunch': Sask. driver says he got a cellphone ticket for using his points app in the drive-thru
A warning from a Saskatoon driver about using your fast-food app while in the drive-thru line — a trip to get some free lunch cost him a lot more than he bargained for.
B.C. YouTuber ordered to pay $350K for 'relentless' online defamation campaign
An 'unrepentant' YouTuber has been ordered to pay $350,000 in damages as compensation for a 'relentless' campaign of defamation waged online against a business owner and his company, the B.C. Supreme Court has ruled.
Chief says grave search at B.C. residential school brings things 'full circle'
Chief Robert Michell says relief isn't the right word to describe his reaction as the search begins for unmarked graves at the site of a former residential school he attended in northern British Columbia.
'Endless Shrimp' just one misstep for Red Lobster as it eyes bankruptcy protection
While it's unclear what these closures might mean for the 27 restaurants in Canada, Red Lobster is expected to file for bankruptcy protection in the U.S. this month.
B.C. man shot sex worker in the back during drug-fuelled birthday, court hears
A man from B.C.'s Lower Mainland has been sentenced to four years behind bars after shooting a sex worker in the back during a drug-fuelled 43rd birthday.
'Inhumane conditions': 68 dogs pulled from Winnipeg home
Nearly six dozen dogs were seized from a home Wednesday morning by the Winnipeg Humane Society. It is the largest known seizure of animals in the city’s history.
Ontario's 'Crypto King' Aiden Pleterski arrested
Of the $40-million Aiden Pleterski was handed over two years, documents show he invested just over one per cent and instead spent $15.9 million on "his personal lifestyle." The 25-year-old Oshawa, Ont. man was arrested and charged with fraud and money laundering on Tuesday.
Driver said he smoked pot oil, took medication before Florida crash that killed 8 Mexican workers
A man with a long record of dangerous driving told investigators he smoked marijuana oil and took prescription drugs hours before he sideswiped a bus, killing eight Mexican farmworkers and injuring dozens more, according to an arrest report unsealed Wednesday.