Like many other criminal activities, cybercrime thrives under the cover of uncertainty, fear, and confusion. The COVID-19 pandemic and the resulting economic strife, as well as civic unrest in the United States, has certainly offered cybercriminals this cover. 

When I step back from our day-to-day efforts to keep our clients’ organizations safe, it is clear that we are facing a rapid evolution of cybercriminal sophistication.  When I consider some of the themes we are confronting in our fight against cybercrime, four issues come to the top of my mind—the frequency of cyberattacks, the sophistication of attack targeting, the increasing use of artificial intelligence to perfect attacks, and the challenge of a work-from-home workforce.

Cybercriminals Increase Frequency of Attack

Typically, we see a downturn in cyberattacks after the winter holidays. Cybercriminals develop new versions of their technology tools, just as reputable companies do, and frequently use January and part of February to perform these updates. At some point in February, cyberattack activity usually accelerates again. However, rather than a lull, the first quarter of 2020 featured a profound increase in activity.

Leveraging the COVID-19 pandemic was an ideal opportunity for cybercriminals, and as we moved into March, phishing attempts increased by over 600%. Additionally, SilverSky and other cybersecurity companies across the industry were seeing four-to-six times the number of attacks we normally see during the first five months of the year. 1

So a major theme of 2020 so far has been the large increase in the frequency of attacks, and although we may experience letups in activity here and there, I believe the increased frequency of attacks is likely here to stay.

Sophisticated Targeting of Attacks

Not so long ago, cyberattacks were primarily a game of brute force. Cybercriminals launched attacks on as many targets as possible, and by their sheer numbers, some attacks succeeded. As the cybersecurity industry became much better at detecting, preventing, and remediating these attacks, criminals have become much better at targeting in hopes of evading detection.

One key method cybercriminals are using to accomplish this is to spend more time researching and identifying targets. This research allows them to determine the likely job functions of their targets, the type of information the targets probably have access to, and the impersonation messaging and keywords most likely to elicit the desired response.  

For example, malware might be effectively distributed in resumes when targeting HR professionals. Or perhaps an accounts payable professional can be tricked into making an illicit payment. 

While brute force social engineering attacks are likely to be easily detected by today’s technology, well-researched and targeted attacks can more effectively evade detection. 

Artificial Intelligence Facilitates Ongoing Improvement

Just as cybersecurity companies are increasingly incorporating AI into their technology to detect and prevent attacks, hackers are utilizing AI to improve success on their end. For example, criminals can use AI to conceal malicious codes in everyday applications. Hackers could program the codes to execute at a specific time or based on specific criteria—maybe after the application has been installed for a specified period of time or maybe after a set number of users have subscribed to the application. Concealing malicious code and triggering code in these ways requires AI models and private keys to control the place and time the malware will execute.

Because AI-driven technology is designed to acquire data and intelligence and adapt accordingly, by utilizing well-constructed AI models, hackers can conceal malicious code for a long time without detection. All the while, AI algorithms are gathering insights that allow the hackers to strike when the application is most vulnerable. 

Also, criminals are increasingly using AI to execute intelligent attacks that self-propagate over a system or network. AI-fueled malware can exploit unmitigated vulnerabilities leading to an increased likelihood of inflicting maximum damage. For example, if an AI-driven attack encounters a patched vulnerability, it will automatically adapt to try either a different kind of attack or to seek different vulnerabilities.

Ongoing Work-from-HomeCUNA Business Continuity Issues

Everything that I am hearing from our credit union customers suggests that working from home will be a long-term and perhaps permanent proposition. Therefore, credit unions must move beyond thinking about working from home, and the resulting security challenges, as a state that will end any time soon.

We must recognize that we cannot control workers’ home networks. We have no idea what IoT devices are connected, what neighbors are in proximity, what guests may be logging onto their networks, and what outdated equipment may be in use.

Training and education are musts, along with establishing work-from-home agreements and procedures. In addition, the utilization of VPNs, multifactor authentication, effective endpoint management, and many other measures are a must. In short, credit union cybersecurity procedures, efforts, and technology will need to adapt quickly to the new environment. 

 

These are daunting times, requiring a great deal of thought and many technological resources. Additionally, the road ahead defending against cybercriminals will only become more complex. If you need help, SilverSky is here for you. Don’t hesitate to reach out to us at 1-800-234-2175 or learn@silversky.com.

 

  1. Cyber-Attacks Up 37% Over Past Month as #COVID19 Bites,” Phil Muncaster, InforSecurity, April 1, 2020

Managed Security Services

Your around the clock SOC.

Managed Endpoint Detection and Response

Some attacks will succeed. Don’t worry—we have you.

Managed Detection and Response

Augment your IT team using our expertise and the latest technologies.

Email Protection Suite

Defending against the leading attack vector.

Cloud Email and Collaboration

More than ever, the cloud is essential.

Incident Response Readiness

When a breach occurs, you’ll be ready.

Compliance & Risk Services

Take the next steps on your cybersecurity maturity journey.

Trusted Cybersecurity for an Uncertain World

Understand, detect, and effectively respond to threats, reduce business risk and improve the return on your security investment.

Financial Services

We comply with the same regulations you do.

Healthcare

Affordable defenses for a sector under attack.

Retail

SilverSky stands between cybercriminals and your customers’ data.

Benefits of a Single Vendor Relationship

The Cooperative Bank of Cape Cod found itself especially appreciative of SilverSky’s comprehensive solution set—particularly as they rapidly, but securely, enabled employees to work remotely.

ACET

Automated Cybersecurity Examination Tool

HIPAA

Health Insurance Portability and Accountability Act

PCI DSS

Payment Card Industry Data Security Standard

FFIEC

Federal Financial Institutions Examination Council

GLBA

Gramm-Leach-Bliley Act

ACET Helps Credit Unions Further Their Missions

Learn how going all in for ACET protects customers and the health of community-based financial services.

Resources

Articles, guides, ebooks, tools, on-demand webinars, case studies, and more. Explore a range of topics.

Press & Events

Press releases, upcoming conferences and trade shows, and future and on-demand webinars

Revisiting Cybersecurity’s Delicate Balance

Learn how CISOs are rebalancing prevention, detection, and response for stronger cyber defenses.

About Us

Trusted cybersecurity for an uncertain world.

Careers

Looking to join the fight against cybercriminals?

Security Management Console

Comprehensive customer portal for state of devices, reports for compliance, support tickets, and more.

Transforming Cybersecurity Culture from Corner Offices to Cubicles

Executives are increasingly thinking about cybersecurity management in a similar manner as they would any other risk assessment. This guide is here to help.