Cybercriminals have shown over the past year that sophisticated technology is not always necessary to carry out successful cyberattacks.
Several incidents in 2023 have highlighted the effectiveness of simple hacking techniques in breaching security, Bloomberg reported Wednesday (Dec. 27).
One notable trend is the use of social engineering tactics by hackers, according to the report. The hacking group Scattered Spider employed deceptive phone calls to trick customer service representatives into revealing password credentials. Resorting to aggressive tactics, such as threatening employees with termination, the group managed to breach numerous organizations, including MGM Resorts International, Caesars Entertainment and Coinbase. This straightforward approach has resulted in about 52 breaches since 2022.
Exploiting software with known security flaws has also proven to be an effective low-tech method, the report said. Hackers continued to target companies that failed to promptly update their systems, even after patches were released to fix critical vulnerabilities. Aerospace giant Boeing fell victim to such an attack after Citrix had issued a fix, emphasizing the importance of regular software updates and addressing known security flaws promptly.
The rise in ransomware attacks in 2023 further demonstrated the success of low-tech hacking techniques, per the report. Major firms, banks, hospitals and government agencies experienced a 51% increase in ransomware incidents. These attacks disrupted financial trading, caused shortages of essential products like Clorox wipes, and targeted critical infrastructure. However, due to the lack of transparency surrounding these incidents, reliable figures on the number of data breaches, the extent of the damage and the hackers responsible remain elusive.
Key lessons from post-incident reports include the importance of prioritizing cybersecurity hygiene, regularly reviewing access privileges and conducting thorough business continuity planning, Rosa Ramos-Kwok, managing director and business information security officer for Commercial Banking at J.P. Morgan, and Matanda Doss, executive director and lead information security manager for Commercial Banking at J.P. Morgan, told PYMNTS’ Karen Webster in an interview posted on Thursday (Dec. 21).
“The No. 1 thing that I would start with is good cyber hygiene,” Ramos-Kwok said, explaining that sometimes firms can fall behind on patching up legacy systems, which leaves aged software with “all sorts of vulnerabilities.”
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More