In 2023, global cyber security firm Crowdstrike noted a 60% increase in interactive cyber security intrusions. In Australia, cyber security incidents were up by 23% – and cost businesses, on average, 14% more than the previous year.
In other words: cyber security threats are getting worse. In this article, we’ll explain the 5 types of threats businesses need to understand in 2024, and explore how they can be prevented. There’s no easy solution to cyber attacks, but good preparation and a strong security posture can go a long way to keeping your (and your customers’) data safe.
Business Email Compromise
Business email compromise (BEC) is one of the most common types of cyber attacks – especially in high-risk industries like legal and financial services. In a BEC attack, an adversary uses a compromised email account to extract information, money or goods from a target organisation.
Email accounts are normally compromised in one of two ways:
- The email account is fake and has been designed to mimic a real-world user’s account.
- The account is real and the user’s login credentials have been stolen without their knowledge; emails sent by the adversary are often hidden from the user through the use of email rules.
The most common type of BEC attack is invoice fraud. When a legitimate account with access to invoices is compromised, the adversary can change payment details on the invoice; the invoice recipient receives a real invoice for real goods or services delivered, but ends up paying the wrong account. Similar attacks are also common when one party (such as a law firm) receives funds on behalf of another party (such as a client).
How to Prevent a BEC Attack
The simplest way to protect your organisation against BEC attacks is to invest in email hardening. That can include requiring complex passphrases, implementing multi-factor authentication, and using an anti-phishing program like Defender (which comes standard with Microsoft 365 Business Premium).
End user training is also critical. Phishing ultimately relies on human vulnerabilities, so teach your employees how to spot and properly report possible phishing attempts to your managed services provider (MSP). Your IT administrator or MSP can conduct training sessions – platforms like KnowBe4 are also great ways to simulate phishing attempts.
Even with good training and security, BEC attacks can still be hard to detect. (For example, can you spot the difference between accounts@itleaders.com.au and accounts@itleаders.com.au? The second email address is fake – the ‘a’ in ‘IT Leaders’ is actually the Cyrillic letter ‘а’, which looks identical to the Latin letter ‘a’.) As part of your security protocols, make sure your accounts staff call payment recipients on previously validated phone numbers before making any payments to new bank accounts.
Network Attacks
Network attacks are a broad class of cyber security threats that include:
- DDoS attacks (where an adversary tries to overwhelm a server with huge amounts of fraudulent traffic)
- MiTM attacks (where an adversary inserts themselves as a ‘man in the middle’ within or between networks, enabling them to access and manipulate exchanged data)
- unauthorised access (where an end user’s compromised account can be used to access a network)
- SQL injections (where poor coding allows an adversary to ‘inject’ an SQL statement into an input field, like a form, that your database then automatically runs).
The common goal of all network attacks is to access an organisation’s network. Once an adversary has access, they can encrypt, modify or steal sensitive data or shut down your network.
How to Prevent a Network Attack
Because network attacks are so diverse, there’s no silver bullet for them all. Instead, there are a few best practices you can implement to reduce vulnerabilities.
One of the simplest is the principle of least privilege: all users should have minimum network access levels. Least-privilege access should be paired with just-in-time (JIT) access, under which users gain time-limited access to resources only when required (or access those resources through temporary accounts). Both least-privilege and JIT access are fundamental aspects of zero-trust architecture.
User training, MFA, and NIST-compliant passwords can all help reduce the risk of user accounts being compromised. You should also have a general cyber security solution (such as Microsoft Defender) and firewall (like Fortinet or Palo Alto) in place.
Trojans
A Trojan horse is a type of malware disguised as a legitimate app or file. End users willingly download or open the app or file, enabling an adversary to gain remote control of their endpoints. Those endpoints can then be used to gather data and spread malware to other devices in the same network.
The name ‘Trojan horse’ derives from the wooden Trojan horse used by the Greeks to secretly bypass the Trojan defences in the Aeneid. Like their eponym, modern Trojan horses are normally ‘invited in’ by users – when unsafe email links or files are clicked, HTML apps are downloaded, or browsers extensions are installed.
How to Prevent a Trojan Attack
Like most cyber threats, there’s one major vulnerability that allows adversaries to exploit Trojans: end users. That makes training the easiest way to prevent network infections. Basic security best practices include not opening emails from unknown sources, not clicking unusual links on social media, and not downloading any poorly recognised extensions or apps.
Organisation-level defences, like SentinelOne and a firewall, are also critical for preventing initial access. Once a Trojan has breached your defences, though, you’ll generally need an EDR solution to detect it (which, if you aren’t using Defender, could include apps like BlackPoint or Cortex XDR). Your MSP can also help you implement more advanced solutions like honeypots.
It’s worth noting that, as of July 2024, Office applications will automatically block macros from internet-originated files. Macros are often used by staff who work with Excel, but are often exploited by adversaries to spread malware – the recent change should help prevent that.
Ransomware
Ransomware is one of the most prominent cyber security threats facing organisations. Last year, for example, Caesars Entertainment paid $15 million to a cybercrime group that disrupted its systems – just days before the same group launched a socially engineered attack on MGM Resorts, costing the company over $100 million (and sensitive customer data).
Most ransomware works by restricting access to data or systems, often by disabling certain functions or encrypting data. Once the ransomware is in place, the adversary will typically contact the victim and request that a financial ransom be paid. In some cases, like Caesars’, paying the ransom can lead to access being restored – but, often, insurance and international sanctions considerations can complicate that process.
How to Prevent a Ransomware Attack
The risk of ransomware attacks can be reduced through a generally strong cyber security posture (like user training, strong defences, high network visibility, and a capable MSP). But, ultimately, it’s impossible to reduce that risk to 0% – even the world’s largest organisations are vulnerable to ransomware.
You can mitigate the impact of potential attacks by investing in cyber insurance and having both a clear ransomware playbook and a disaster recovery plan. If an attack occurs, what happens? Who needs to be contacted? What processes should be followed?
Keep in mind that, although your MSP or internal IT team may be responsible for drafting your ransomware playbook, decision-making responsibility during a crisis ultimately rests with your executive team. They need a minimum level of cyber education to ensure that, if something does happen, they can make informed decisions that support the best interests of your organisation.
Generative AI Attacks
Since 2022, generative AI tools and large language models (LLMs) like ChatGPT have become widely available – to the general public, and to threat actors. Those tools aren’t sophisticated enough to disrupt the existing threat landscape, but they do pose two major problems:
- LLMs like WormGPT can essentially amplify current phishing threats, allowing adversaries to send out highly personalised, fluently written messages at scale. That makes it harder for end users to detect threats based on poor English, spelling errors, and other ‘spam giveaways’.
- Generative AI can be used to create fraudulent voice and video calls (known as ‘vishing’). Previously, vishing was easier to detect and harder to execute at scale; today, adversaries can automate authentic-sounding phone conversations – and, potentially, even create deepfakes of real people known to end users.
How to Prevent a Generative AI Attack
Generative AI attacks can be prevented in the same way as other types of cyber attacks: good user training, good cyber defences, and good security protocols. Currently, adversaries’ use of generative AI hasn’t evolved to the point where extra standards are necessary.
Yes, LLMs can democratise high-quality phishing – but end users spotting typos should be your last line of defence anyway. And, yes, AI-driven vishing has the potential to be a serious threat, but most adversaries don’t have the skill or resources to generate believable deepfakes (yet).
Our advice: maintain a good cyber security posture, partner with a capable MSP, and keep an eye on the horizon – but don’t be distracted from existing threats by the glitter of AI-enhanced adversaries. For most organisations, decades-old threats like bad endpoint security and poorly defended networks are the biggest concerns.
Next Steps
By now, you should have baseline understanding of the most common cyber security threats in 2024 – and the actions you need to take to address them. Keep in mind that everything we’ve discussed in this article is general information. Each organisation’s cyber vulnerabilities are different, and its security responses need to reflect that. The type of defences that are appropriate for a large manufacturing business, for example, aren’t necessary (or viable) for a 15-person professional services firm.
To develop a robust security posture, talk to your managed service provider. They should be able to build on the information in this article and provide technical recommendations (including for cyber security strategy and governance). One of our specialties, for example, is helping Australian organisations develop and maintain an appropriate Essential Eight maturity level – a security hardening process that focuses on 8 federal government mitigation strategies.
If you aren’t currently working with a security-focused MSP, or if you’d like a second opinion on a strategic or technical problem, schedule a consultation with one of our specialists.
