The number of malware-attacks are still on the rise. According to a recent study by F-secure one in three internet users have been targeted with different types of cyberattacks the last year.
The threat actors are getting increasingly creative in their operations. But there are also some significant trends to be followed. The various types of malware attacks often target people's private digital environment. Outside the IT manager and the company's cyber security rules. The digital environment where it is the easy accessibility that drives the behavior, gaming, shopping, entertainment, social media or travel bookings.
A challenge for many of the CISOs of our customers is that employees bring their private digital behavior to work - and vice versa - with the hybrid working life as the new normal, many companies' IT equipment is used continuously at home, on public transport or at cafes. And during vacation.
Malware as a service
In 2022, many of the most common malware attacks were built on so-called malware as a service, which is exactly what it sounds like: offerings on the darknet where criminals with no cyber skills of their own can download and use AI to adapt malicious code to then target specific audiences, contexts or platforms and apps. All in all, it can be stated that malware as a service has made it much easier for more criminals to also step out into cyberspace. Without actually having the IT skills themselves.
We simply need to put more focus on something we can perhaps call "the 2023 cybercrime cocktail" - the combination of malicious code and the new generation of AI as an aid.
The risk assessment in cyber security is normally based on a threat actor's willingness and ability to carry out an attack. In the past, many threat actors have indeed had the will, but lacked the ability. When the same threat actors now able to use AI for help, we see a sharp increase in the number of attacks. Attacks that are also much more sophisticated and effective than before.
7 steps for protection
There are several easy steps to protect yourself against malware and entering the holiday season is a perfect time to go through them again.
- Only download official apps from official app stores.
- Compare apps even from official app stores. Check how other users rate before you download.
- Limit the permissions you give apps so they don't have more rights than necessary.
- Delete apps you no longer use.
- Update apps as soon as possible, so that cybercriminals do not have time to exploit vulnerabilities.
- Avoid unknown links, sources, attachments and apps
- Avoid auto-fill. A classic example of "digital agility", but also a common source of information theft.
This list is not unique. It is also easy to understand. The challenge is to incorporate these recommendations into your everyday digital behavior and routines. Both at work and in private life, and not least in the borderlands in between – during the worcation period.
At Junglemap, we design our cybersecurity awareness training on something we call the STAR-model. A set up designed to enhance a behaviour where we stop, think, ask and report things that look suspicious.
In this way, we help companies and organizations reach their employees with small, short reminders about information security.
That’s how we become more cybersecurity resilient. In office, working remotely or on worcation.