As cybercriminals turn their attentions to new ways to achieve their malicious ends, South African businesses can expect to see a surge in a variety of attacks. But what do the terms mean and how do they differ?

By Simon Campbell-Young, CEO of Intact Software

Phishing, and vishing – in other words phishing over the phone where fraudsters use social engineering tactics to defraud customers or to collect personal identifiable information – attacks are getting increasingly sophisticated, as cyber crooks invent new and better ways to trick their victims. These attacks will also become more automated, and the appearance of new phishing kits with an automated billing system and payment confirmation will significantly increase the efficacy of these attacks across the globe.

In addition, DDoS-attacks with the purpose of extortion will be growing in frequency, but as the majority of the attackers do not own botnets, they will be relatively ineffective. Cyber criminals that do own botnets will widen them by harnessing Internet of Things (IoT) devices, which will be used for DDoS-attacks, as well as fraudulent schemes, such as redirecting traffic to phishing websites, search advertisements with hidden trojan downloads, and modified exploit servers. As IoT-devices grow in popularity and ubiquity, we will see cyber criminals looking for various ways to their vulnerabilities.

We will also see more events involving encryption-based ransomware. Attacks on organisations will be more focused and targeted, which will in turn see the average ransom amount increasing. Ransomware will also become more targeted at specific market sectors such as call centres, outsourcing accounting firms the day before the reporting date, and similar. In this way, it will be easier for attackers to encrypt sensitive information and demand a ransom. We can also expect an increase in ransomware targeting mobile devices.

In terms of these attacks becoming increasingly automated, criminals are using several SMS services to send mass fake notifications about the user’s bank card blockage, late loan payment, or other important bank information in order to make their targets dial a specific number. The criminals use a remote server with interactive voice response (IVR) software installed, which allows them to perform automatic communications with the victim in a pre-designated scenario.

The victim is then asked to pass a standard authorisation process; entering their bank card data via key pad, or say a code word or other information of interest. However, when the victim provides their bank card data using the keypad on their phone, a malicious server in the IVR saves it to a specific log. The victim’s voice is also recorded, which enables criminals to get their hands on code words. Once the necessary information is received, the crooks can easily withdraw money from their victims’ accounts.

There are some cases where an SMS code is needed to confirm the transaction, and in this case the hackers, much like the phishing scheme already mentioned, will launch an automatic procedure of money transfer and ask the victim to provide a verification SMS code sent by the bank at the time of conversation.

Because the number of devices under attack is set to grow exponentially, as is the number of encryption-based ransomware attacks on mobile devices, the cyber insurance industry will also grow rapidly. However, cyber insurance will lead to an increase in cases where a victim will pay an attacker, which in turn will encourage further attacks, which in turn, will stimulate the insurance market.