What shape will phishing attacks take in the future? How will hackers adapt to a new-found business world emerging from the COVID-19 pandemic?
In the wake of the COVID-19 pandemic, hackers took to the confusion and chaos like fish to water. Phishing attacks evolved to take advantage of the pandemic and the glut of provably false information circulating the Internet. Attacks took the form of CDC information sheets, vaccine sign-up sheets, and more. Trying to get employees to recognize these threats before clicking on them proved a challenge.
Now, as the world slowly but surely begins to recover from the pandemic, and businesses begin to consider what might come next, phishing attacks will evolve. In fact, that might be the perfect summation of hackers and their threats. They’re never static but constantly working to find new ways to penetrate defenses and cause damage. You need the right cybersecurity to protect your business and employees.
So phishing attacks in the future will look different. But how so?
What Shape Will Phishing Attacks Take in The Future?
One possible strategy hackers might employ in their phishing tactics is to use the same tactics but with different subjects. Unfortunately, disinformation sells, as do “click-bait” formatted attacks. Employees, just like anyone else, are susceptible to clicking interesting-looking attachments from legitimate-seeming sources.
What form might this disinformation take? Possibly in the form of COVID-19 “facts” but more likely focused on proclaiming the next “big threat.” Remember, we as a nation and a species went through a collective trauma, regardless of whether each person was personally affected by it. Most likely, as normal life returns, we might end up more on edge than we realized, and thus more vulnerable.
As we return to workflows after over a year of separation and anxiety, how we communicate to one another is going to take some time to adjust. Are we going to focus more on email or will we value more face-to-face interactions? How will we do announcements? Perhaps most importantly, how ingrained will be the behaviors learned over a global pandemic?
So we can imagine that new spear-phishing campaigns will find ways to exploit these ambiguities and disconnections. Imagine your employee receiving an email from you asking to make a purchase from X website with the company card. Will the employee recognize the email as suspicious after a year of perhaps making these kinds of purchases? Or what if “IT services” ask them for their credentials to help with a project to fortify the network now that everyone has returned?
What You Can Do Now
Phishing attacks in the future could take multiple forms and could evolve beyond recognition. For right now, your enterprise needs phishing protections such as email security to prevent the majority of phishing attacks from ever reaching your employees in the first place.
Also, SIEM solutions provide user and entity behavior analysis (UEBA), a capability that can help discover hackers posing as legitimate users through credentials theft.
- More Expert Commentary and Coverage of the GetHealth Exposure - September 14, 2021
- GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records - September 13, 2021
- Panther Labs Releases State of SIEM 2021 Report - September 13, 2021