Call-Back Phishing, Ransomware and Challenges to Mid-sized Companies [Weekly Cybersecurity Brief]

It is true that cybersecurity should be a concern for all organizations. No matter the sector, industry, etc., preparing for a potential breach is both smart and necessary in today’s digital landscape. However, the ability to do so comes easier for some than others. Much of this boils down to the resources that are available such as money and staff. A new study shows that mid-sized companies are struggling to keep up with these growing demands, which is critical as persistent threats like ransomware and new threats like “call-back phishing” expand.

According to Cybersecurity Dive, a recently commissioned survey of 400 C-level executives representing companies ranging from 100 to 1,000 employees concluded that a majority face challenges like “limited IT security staff, smaller budgets and a lack of awareness.” Considering these shortages, less than two-thirds of the entities were able to put together formal incident response plans, as the article describes. This puts the remaining portion at an extreme disadvantage. Not having proper preparation, monitoring and guards in place exposes them to risks like ransomware, which can impact both operations and income.

The risk around ransomware is specifically important to evaluate because it is such a prevalent issue. In 2021, 60% of organizations were hit with ransomware. On top of that, ransomware-as-a-service (RaaS) is becoming increasingly popular. Lindy Cameron, CEO of the UK’s National Cyber Security Centre (NCSC), addressed this challenge during CyberWeek 2022 in Tel Aviv. Cameron stated that as factors such as the war in Ukraine continue to fuel this growing cybersecurity threat environment, it will be crucial to further emphasize collaborative efforts to combat it. As reported by VentureBeat, Cameron noted that this type of approach would “make ransomware an unprofitable and unattractive business.” 

Ransomware is far from the only threat out there, though. A new phishing campaign was just uncovered in which cybercriminals are posing as cybersecurity companies attempting to help people through feigned breaches. ZDNet reports that the perpetrators send targets a message notifying them that they have been hit with a cyberattack requiring them to respond to resolve the problem. When recipients do respond, they open themselves up to the hackers. In some cases, the recipient is given a phone number to call connecting them to operators that then trick them into installing remote administration tools. CrowdStrike, which calls this “callback phishing,” is one of the companies that cybercriminals are impersonating. The company’s researchers have since examined and shared details of the malicious campaign.

Key Takeaways:

“Mid-sized companies grapple with response to cyber crises” – David Jones, Cybersecurity Dive

https://www.cybersecuritydive.com/news/SMB-incident-response-cyber-insurance-hikes/626887/

  • A recently commissioned survey of 400 C-level executives representing companies ranging from 100 to 1,000 employees concluded that a majority face challenges like “limited IT security staff, smaller budgets and a lack of awareness.”
  • Less than two-thirds of the entities were able to put together formal incident response plans.
  • This exposes them to risks like ransomware.

“Ransomware is still cybersecurity’s biggest challenge” – Kolawole Samuel Adebayo, VentureBeat

https://venturebeat.com/2022/07/11/ransomware-is-still-cybersecuritys-biggest-challenge-warns-uks-ncsc-ceo/

  • In 2021, 60% of organizations were hit with ransomware.
  • On top of that, ransomware-as-a-service (RaaS) is becoming increasingly popular.
  • Lindy Cameron, CEO of the UK’s National Cyber Security Centre (NCSC), addressed this challenge during CyberWeek 2022 in Tel Aviv. Cameron emphasized the importance of a collaborative effort.

“Brazen crooks are now posing as cybersecurity companies to trick you into installing malware” – Danny Palmer, ZDNet

https://www.zdnet.com/home-and-office/smart-office/this-stuff-is-better-than-compressed-air-for-cleaning-your-dirty-tech/

  • A new phishing campaign was just uncovered in which cybercriminals are posing as cybersecurity companies attempting to help people through feigned breaches.
  • The perpetrators send targets a message notifying them that they have been hit with a cyberattack requiring them to respond to resolve the problem.
  • When recipients do respond, they open themselves up to the hackers.
Share

You Might Also Like...