With the increased use in digital banking, Cyber fraud has seen a recent spike and is growing in prevalence, according to Rodriguez. She says business email compromise is the most seen– where customers or suppliers receive fake communications that instruct them to change payment details so that payments are made into fraudsters accounts – is getting very specialized and much harder to spot.
Another example of business email compromise is CEO impersonation, where a scammer poses as the CEO or CFO and though a fraudulent email and asks for an urgent payment to a third party or directly to them. These fraudulent communications are getting more sophisticated and can be practically undetectable, says Rodriguez. Scammers use company details, such as email addresses or phone numbers that are almost identical to legitimate details, with just a slight change.
Charette says scams through texts, emails and links, text messages or voice calls continue to be “probably the biggest initial attack vector for any organization.” Fraudsters impersonating bank staff and telling your customers there's something wrong with a transaction and encouraging them to provide usernames, passwords and PINs are still common.
What’s more, scammers are causing damage with increasing speed, moving from an initial foothold within an environment to a lateral movement that impacts systems much faster. And malicious actors, such as access brokers, who steal people’s credentials and sell them to other attackers are relying less on malware and more on using legitimate credentials illegitimately, which leaves them to operate undetected.
Charette says that understanding these trends and threats is important, so you can build and adjust the appropriate controls to protect your business and minimize the impact, if the worst happens.
Supply chain attacks are hitting all sectors and have been particularly detrimental in recent years, says Charette. “These attacks have the potential to inflict widespread damage because they exploit trust that we have in the software and the services our businesses rely on.” With digital ecosystems so interconnected, it can be easier for attackers to exploit vulnerabilities along the chain, targeting less secure organizations earlier in the supply chain to reach their objectives further down the line, he says.
And these malicious actors are increasingly well funded, with resources to develop sophisticated, widespread breaches across multiple sectors.