What are the biggest cybersecurity threats right now?

Without question, wire transfer fraud and ransomware headline the most critical threats facing organizations.

Wire transfer fraud occurs when a manual bank transfer occurs to transfer funds between entities. Attackers compromise an organization’s email system and start looking for finance and payment-related employees. Our Incident Response team sees attackers lurk in the email for months waiting for a payment to compromise. Then the two entities exchange emails with payment info, they will insert a second email making it seem like there was a transcription error and to please use the new account number (or take the exchanged credentials and attack the bank account directly). They then divert the transferred money out of the fake destination before anyone notices. There are other flavors of this type of attack, but this example demonstrates the need for authenticated verification of wire transfers that use multiple mechanisms to prevent this type of theft.

Ransomware is a flavor or malicious software (malware) that encrypts data and critical system files, rendering computers and data unusable without decryption. Decryption is only possible with a key that is only provided if a ransom is paid to the attacker. These ransoms are paid using cryptocurrencies like Bitcoin and range from hundreds to millions of dollars in value. The attacks have gotten quite sophisticated in their methods for attacking and infecting organizations (while attacks against home users is down, targeted attacks against companies and municipalities is sharply increasing) have evolved to include sophisticated and difficult to discern emails (phishing) or using other malware to spread their ransomware payloads (the Emotet virus is currently the most common).

These ransomers have developed into sophisticated operations with help desks, 24×7 technical support, and trained negotiators. They make every attempt to encrypt during off hours and target backup mechanisms to make recovery without paying the ransom very difficult – as a result many organization pay the ransom to recover their systems and data in days rather than weeks or months (or not at all). Ransomware-infected companies have even had to go out of business because of the cost of recovery.