Are you a Cybercriminal’s Perfect Match?

cybelangel_cyber_risk_

Since relationships get all the attention on Valentine’s Day, CybelAngel thought you should be aware of four heartbreakers to avoid. Spoiler alert: They’re all cybercriminals. Are you the company of their dreams? Take a look below to find out.

Phishing

About me:

  • I make you think I’m someone else in my emails and texts. I might even hijack some URLs to make it seem more real.
  • If I don’t succeed the first time, I try and try again until you slip up.

What I find attractive:

  • Entities with a high volume of financial transactions such as financial services, e-commerce and retail.
  • C-level executives and high-level management in finance and IT departments who unlock privileged access.
  • Countries where English is the primary language (US, UK and Australia).
  • I’m more likely to go after companies with less <250 employees than companies with >1,000 employees but I’m happy with anyone who takes the bait. [1]

What I bring to the relationship:

  • It’ll cost you an average of $4.91M to recover from my damages. [2]
  • It’s going to cost you an average of $15M annually (about $1,500 per employee) just to keep me at bay. [3]
  • I love the holiday season and am 50% more active in December. [4]

 

Ransomware

About me:

  • I sneak into your network to encrypt your critical files and render your systems useless.
  • I just want a little payment; is that so much to ask?

What I find attractive:

  • Entities with sensitive/valuable information such as financial services, healthcare and legal.
  • Entities who I think have lower security such as education, municipal governments and utilities.
  • Entities who can afford to pay such as large companies in wealthy countries.

What I bring to the relationship:

  • Doesn’t matter—I’m attacking a business somewhere every 11 seconds; we’ll match sooner or later. [5]
  • It’s going to cost you an average of $4.54M to recover from my damages. [6]
  • I make you think you can pay me to make your problems go away, but in reality 54% who paid still could not recover everything and 80% who paid are targeted again. [7]
  • If I can’t reach you directly, I will target smaller businesses in your vendor or partner ecosystem to get to you.
  • I will get my money one way or another. If you won’t pay the ransom, I will sell your data to the highest bidder.

 

M&A Hacker

About me:

  • I keep an eye out for news of mergers and acquisitions.
  • I strike when you are most vulnerable, during the chaos of transitioning your systems and processes.

What I find attractive:

  • Companies who neglect to perform thorough cybersecurity due diligence pre-acquisition.
  • Companies who think of cybersecurity due diligence as a one-time, pre-acquisition activity.
  • Companies that let their guard down after finally completing the legal and financial part of the M&A.

What I bring to the relationship:

  • I’m clever—I can infiltrate the acquired organization (which often has weaker security) and wait patiently until I am unknowingly merged into the acquiring organization. I may leave tracks while I’m getting in, but if you don’t look too closely when vetting the cybersecurity of your acquisition target, you won’t notice.
  • I can sneak in post-acquisition, when there are gaps in your security while you are merging your IT systems.

 

Infostealer

About me:

  • I sneak information stealing malware into your systems to harvest cookie data, usernames and passwords from your web browsers.

What I find attractive:

  • I’m relatively new to the scene and don’t have a type yet, but people who reuse passwords are awesome—it makes it easy to get into all their accounts.
  • I’m opportunistic and indiscriminate in my targeting (if you can call going after everyone “targeting”).

What I bring to the relationship:

  • I’m not that technically competent but I can procure cheap Malware-as-a-Service to deliver infostealers to my victims.
  • I steal credentials in large batches and offer them up for sale on the dark web.
  • I’m a rising star and a growing concern, making up half of all malware types at the end of 2022. [6]
  • In the first seven months of 2022, I stole 50M passwords and 2.1B cookie files, with an estimated underground market value of $5.8M. [7]

 

Swipe Left on Cybercriminals

You can’t simply change your industry, your company size, or your geographic location if you are a top target for cyberattacks. And to be honest, there is no company profile that is completely safe from cybercriminals. So what can you do to make yourself a more unattractive target? Share these profiles with your colleagues and educate them on staying vigilant—you are your first defense. But if you think one or more of these cybercriminals will swipe right on you (or already has), contact CybelAngel today and we’ll help you fend them off.


CybelAngel’s proactive measures enable an organization to identify a threat before it can move across networks or devices. To quickly learn if you have exposure that are putting you at risk, request an External Exposure Scan today.