Cybercriminals are getting more clever about targeting organizations and individuals. Here are three new threats you need to be on the lookout for.
Being savvy about cybersecurity doesn’t mean just knowing the big trends. You also need to stay on top of new tricks and tactics that hackers are using to target people and organizations. Study up on these three emerging threats so you can stay ahead of attempted cyberattacks.
Conversation hijacking. It may look like your colleague is engaging with you and your coworkers, but in reality, it’s a hacker taking advantage of someone who’s already been exploited to score an even bigger kill. Speaking to ZDNet, Don Maclennan, senior vice president of engineering and product at Barracuda Networks, noted that the secret to this attack is research. “Once they gain access to the account, attackers will spend time reading through conversations, researching their victims, and looking for any deals or valuable conversations they can insert themselves [into],” he said. A related tactic involves domain impersonation, in which an attacker uses a domain that looks similar to your own.
OAuth-based phishing. If you use a Microsoft-based cloud service, you’re going to want to keep an eye on this one. As CPO Magazine recently reported, such attacks look like credible add-ins to Office 365, but they allow unfettered access to an entire account until the user realizes the account has been compromised. “The usefulness of a captured Office 365 user logon to an attacker is only valuable until the logon’s owner realizes they’ve been compromised, and their password is changed,” Stu Sjouwerman, founder and CEO of KnowBe4, told the magazine.
Hyper-specific Google ad targeting. While examples of this are not yet common, there is a lot of potential for this type of attack in the future, notes Patrick Berlinquette, an expert search advertising marketer, at Medium’s OneZero vertical. He explains that the large amount of data Google has on its users makes it easier to target smaller and smaller groups of individuals—for advertising or, potentially, an attack that could lead to the public exposure of personal information, known as “doxxing.” “Clicks amass the world’s thoughts in an indelible ledger, held by a corporation,” he writes. “Clicks are packaged into more precise ad targeting tools that Google hands off to marketers. These tools help refine who sees an ad, and create ads that attract more clicks.” This risk is more hypothetical, but Berlinquette makes the case that it’s growing.