News

img

2021 Overlooked Cyber Threats

2021 is the year of ransomware, but other malicious threats are waiting to compromise your security and steal your data.

Everyone is talking about ransomware, but did you know opening a PDF could give you malware? Here are some overlooked cyber threats your organization should not underestimate.

Smishing

Smishing scams increased by 328 percent in 2020, as cyber criminals exploited the general chaos and vulnerability during the pandemic. Hackers pose as popular banks, Netflix, Amazon, and other trusted brands and send malicious links via text (SMS) to mobile devices that they then use to compromise victims’ data and sell for profit.

To avoid this kind of scam, do not click on links sent from unrecognized numbers. If you want to verify the authenticity of a message, manually type in the URL for the business in question rather than clicking on the suspicious link. You can also register personal and business phone numbers with the Do Not Call Registry and report suspicious texts to the FTC.

PDF scams

Many of us know not to click a suspicious link in an email, but cyber criminals have adjusted to this by sending malicious PDFs instead. PDFs are associated with work, so users are more likely to open them. When they do, it exposes them to malware and/or ransomware.

Unfortunately, there is no easy way to determine when a PDF will execute malicious code. Security professionals must inspect the JavaScript to know for sure, which is not feasible for the average user.

What users can do, however, is disable JavaScript in their PDF reader, such as Adobe Acrobat Reader DC, and manage access to URLs. For enterprises, an endpoint detection and response solution is key to gaining valuable insight into network traffic and managing firewalls. Investing in AI-enhanced threat detection will also help the enterprise be proactive about detecting and mitigating threats.

Database exposure

Databases can contain vast amounts of data, making them prime targets for hackers. As more companies move business to the cloud, for example, there is more opportunity for new security vulnerabilities to manifest. For databases, this typically means a misconfiguration in the customer’s cloud environment. If a hacker can get access to primary keys, they gain full read/write/delete access to data, which will likely end up for sale on the dark web.

To limit database exposure, ensure your organization is using the principle of least privilege. Encrypting server data, keeping backups, limiting server access, and maintaining a database firewall and web application firewall will also help strengthen database security.

For more insights on how to reduce cyber risk, subscribe to our newsletter and follow us on LinkedIn.