Cybersecurity, the practice of protecting digital systems and networks, is critical to mitigate the risk of digital attacks — data breaches, financial fraud and identity theft — as emerging advances in technology like artificial intelligence, or AI, only increase ways in which cybercriminals can target victims.
Some cybersecurity experts say education and awareness should be first in the line of defense against these breaches.
Many high-profile cybercrimes involve targets like large companies or organizations, as happened recently when a May 20 cyberattack caused a systemwide technology outage at Kettering Health, fallout from which the hospital system is still recovering.
In this case, a ransomware group called Interlock claimed it stole 941 gigabytes of data, which includes more than 730,000 files, from Kettering Health’s network.
But anyone can fall victim to a cyberattack.
“If you hold personal data (online) or have an internet IP address, you are a target,” said Richard Harknett, director of the Center for Cyber Strategy and Policy at the University of Cincinnati.
Cyberattacks on the rise
Cyberattacks are escalating in speed, volume and sophistication, according to a report released this year by CrowdStrike, a global cybersecurity organization.
“As organizations work to strengthen their defenses, adversaries target their weaknesses,” the report says. “Once inside, they act within seconds, stealthily moving across networks to execute attacks.”
In 2024, CrowdStrike reported a massive increase in the number of distinct eCrime campaigns using telephone-oriented social engineering techniques to gain initial access to a network, including “vishing” and “help desk social engineering.”
Vishing, short for “voice phishing,” involves cybercriminals, often referred to in the cybersecurity world as “threat actors,” calling targeted users and attempting to persuade them to download malware, establish remote support sessions, or enter credentials to “adversary-in-the-middle” phishing pages.
“Adversary-in-the-middle” phishing pages refers to when a cybercriminal positions themselves between a user and a legitimate website, intercepting communication to steal sensitive information, according to technology experts.
These threat actors often impersonate IT support staff, calling targeted users under the pretext of resolving connectivity or security issues, according to the CrowdStrike report.
“Vishing is effective because it targets human weakness or error rather than a flaw in software or an operating system (OS),“ the report says.
“Malicious activity may not be detected until later in an intrusion ... This gives the threat actor an advantage and puts the onus on users to recognize potentially malicious behavior,” according to CrowdStrike.
Cybercriminals are increasingly cunning, according to Harknett. While law enforcement, particularly the FBI, is becoming more proactive in disrupting these operations before an attack, offenders are rarely caught.
“Ransomware gangs are becoming more sophisticated in their operations — how they exploit, negotiate and collect ransom. The number of such gangs has nearly tripled in past two years,” he said. “... Since most are overseas, you cannot rely on the threat of arresting them.”
The CrowdStrike report cites an example of this called “help desk social engineering,” which involves a threat actor calling a targeted organization’s IT help desk and impersonating a legitimate employee, attempting to persuade a help desk agent to reset passwords and/or multifactor authentication for an account.
IT help desks typically require employees in these situations to provide their full name, date of birth, employee ID or answer a previously set security question, in order to deliver any password or authentication resets.
But even these roadblocks can be overcome.
“Much of this information is not necessarily privileged and can be found in public resources and social media sites,” the report says. “Identity data that is typically confidential, such as a Social Security number, is often advertised in underground markets.”
Trends in cyberattacks
Common targets for cybercriminals are businesses and organizations that use outdated computer systems, according to JP Castellanos, director of threat intelligence at Binary Defense, a cybersecurity company in northeast Ohio.
Credit: Bryant Billing
Credit: Bryant Billing
“We see a trend of activity in threat actors targeting business sectors like consumer industrial production, manufacturing, engineering or even law services and consulting, because these types of companies often run on what we call legacy systems, which are basically computers that are very, very old,” Castellanos said.
This aged technology is often bound to older operating software systems, which can compromise business networks.
The prevalence of cyberattacks often correlates with the value of cryptocurrency, or digital currency, Castellanos said.
“It’s kind of a marker for me, when I see a sharp spike in the prices of major cryptocurrencies like Bitcoin or Ethereum, that’s when we typically see more ransomware attacks because these threat actors are trying to extort the victims for money and that money is in the form of cryptocurrency,” Castellanos said.
Cybercriminals are often seeking out the “big fish,” or the businesses and organizations that can offer the most data and highest valued return, Castellanos said.
“We call it ‘big game hunting,’ where these criminals compromise the network of a big organization so they can negotiate for payment, sometimes demanding multiple millions of dollars,” he said. “These threat actors will tell them if they don’t pay up, all that data is going onto the dark web, leaving them to deal with upset clients, locked systems and the task of rebuilding an entire digital infrastructure.”
Many of these cybercriminals operate themselves as commercial enterprises, highly organized with specific processes and operations, Castellanos noted.
“A lot of people don’t know that these criminal gangs (operate) like a business; some actually have ‘customer support’ numbers, even occasionally going so far as to speak with victims and tell them, ‘Try these settings next time, do this to your digital environment, or it’s going to happen to you again,’” Castellanos said.
Impact of breaches and how to stay safe
Data breaches can affect individuals in several significant ways, including exposure of personal information like Social Security numbers, addresses and phone numbers, all of which can lead to identity theft, financial fraud and even the potential for blackmail or extortion.
For businesses, data breaches and other cyberattacks can lead to operational disruptions, ransom demands, reputation damage, loss of customer trust and potential legal and regulatory penalties.
But the threat of fraud extends further than an initial data breach, according to Castellanos.
“Following a massive breach of any third-party company, if these threat actors don’t make a sale off of that through a ransom, they’ll typically just dump it on the dark web for anyone else to grab,” Castellanos said.
This opens up the possibility for cybercriminals to access your data at anytime. Once data is stolen, it is difficult to completely erase it, making continuous monitoring crucial.
Vigilance is key, Castellanos stressed, especially because cybercriminals are only becoming more stealthy with the use of tech like AI.
“They’re leveraging AI to build custom tools and capabilities to try to bypass certain security features, or to make their own malware tools to infect networks,” he said. “AI also offers voice-changing and deep fake technology, which just furthers the opportunities for deception.”
Castellanos recommends the use of identity theft protection and digital security services, like Aura, LifeLock or Allstate Identity Protection.
These companies monitor the dark web for your personal information, monitor your credit, alert you to fraudulent activity and provide assistance in the event of any unauthorized use.
“I also always strongly suggest that if you do find out your Social Security number has been accessed, immediately contact your credit bureaus and freeze your credit because that’s usually the best way for a threat actor to leverage your personal information,” Castellanos said.
About the Author
