Are companies falling behind on cyber security awareness training?
New data from a Waterloo-based cyber security service suggests hackers have shifted their tactics and companies may not be keeping up.
Ryan Westman, senior manager of threat intelligence at eSentire, says spam emails and attachments have been the preferred route for sneaking malware into a target’s computer for many years.
“In 2020, email really dominated as the initial access factor at 66 per cent,” said Westman.
But it seems cyber criminals have found new attack methods.
“So in Q1, Q2 and Q3 in 2023, we’ve seen that browser-based initial access has really exploded to 47 per cent,” he said.
That accounts for nearly half of how all cyber attacks are making their way inside a computer. It comes as hackers have created millions of dangerous links that lead to fake websites.
“So what they’ll do is they’ll poison search engine results and it’ll basically result in someone searching for something like a legal document [being led to a fake site],” Westman said.
He adds that browser-based attacks can be trickier because they’re mimicking things like a Google ad, downloading a Zoom meeting or downloading a program like Adobe.
It seems companies are not keeping pace with these tactics as most continue to focus on identifying phishing emails.
“That’s actually one of the areas that I think the user awareness training needs to improve, is around the browser-based threats,” said Westman.
Some industries are more at risk of having sensitive information sold to other hackers on the dark web.
“Specifically in the case of what we’ve observed over the past year is a group referred to as the Gootloader malware group, they’ve specifically targeted the legal industry by poisoning search engine results for legal documents,” he said.
Just as companies begin learning of these new threats, another one is on the way. Westman said the rise of artificial intelligence could pose significant cyber security risks by 2025 – only adding to the constant game of digital cat and mouse.
HOW TO PROTECT YOURSELF
As simple as it sounds, Westman says an easy way someone can validate the information they’re seeing on a webpage is by reviewing the link they’ve visited.
“A really common thing would be to switch out an ‘E’ for a ‘3’ or a ‘1’ for an ‘L’ and it's very trivial, but it's very easy for a threat actor to stand up a page that looks and feels very similar to something like Adobe or a Zoom,” said Westman.
He also says a straightforward approach would be for companies to update their user awareness training to include browser-based threats.
It’s not the first time CTV News Kitchener has spoken with eSentire about cyber security.
They’ve offered tips for creating a strong password, maximizing cyber security, and even staying cyber safe during the Super Bowl.
CTVNews.ca Top Stories
Canadian family stuck in Lebanon anxiously awaits flight options amid Israeli strikes
A Canadian man who is trapped in Lebanon with his family says they are anxiously waiting for seats on a flight out of the country, as a barrage of Israeli airstrikes continues.
Suspect in shooting of Toronto cop was out on bail
A 21-year-old man who was charged with attempted murder in the shooting of a Toronto police officer this week was out on bail at the time of the alleged offence, court documents obtained by CTV News Toronto show.
Scientists looked at images from space to see how fast Antarctica is turning green. Here's what they found
Parts of icy Antarctica are turning green with plant life at an alarming rate as the region is gripped by extreme heat events, according to new research, sparking concerns about the changing landscape on this vast continent.
DEVELOPING 2 dead after fire rips through historic building in Old Montreal
At least two people are dead and others are injured after a fire ripped through a century-old building near Montreal's City Hall, sources told Noovo Info.
Yazidi woman captured by ISIS rescued in Gaza after more than a decade in captivity
A 21-year-old Yazidi woman has been rescued from Gaza where she had been held captive by Hamas for years after being trafficked by ISIS.
A 6-year-old girl was kidnapped in Arkansas in 1995. Almost 30 years later, a suspect was identified
Nearly 30 years after a six-year-old girl disappeared in Western Arkansas, authorities have identified a suspect in her abduction through DNA evidence.
Dolphins 'smile' at each other when they play and to avoid misunderstanding, study finds
For humans, flashing a smile is an easy way to avoid misunderstanding. And, according to a new study, bottlenose dolphins may use a similar tactic while playing with each other.
Pit bulls in B.C. pet mauling tested positive for meth, cocaine, says city
Three pit bulls involved in a deadly attack on another dog last month in Kamloops, B.C., tested positive for methamphetamine and cocaine, and the city is going to court to have them put down.
Tax rebate: Canadians with low to modest incomes to receive payment on Friday
Canadians who are eligible for a GST/HST tax credit can expect their final payment of the year on Friday.