Cybercrime has penetrated deep into the corporate world. Even though corporate organizations and enterprises are doing their best to keep hackers at bay, the threat actors somehow manage to stay one step ahead.
Leveraging tools like those available in Kali Linux for open source security can significantly enhance an organization’s ability to detect and respond to phishing attempts, a critical defense measure considering over 90% of modern cyberattacks start with a phishing email.
No amount of vigilance and expensive security measures are enough to steer clear of these phishing actors. This is because they always adapt to modern technology and are swift enough to learn about the existing loopholes in the system.
To everyone’s dismay, threat actors are now attacking the children of corporate executives. The moment they realize that the cyber defense mechanism at the organization is too hard to bypass, they decide to shift the focus to the innocent kids who are completely unaware of these intricate cybercrimes.
So, how are they targeting naive kids for their monetary gains? Let’s have a look!
Innocent Kids On The Radar Of Threat Actors!
Threat actors are getting more creative than ever. In order to bypass the strong cybersecurity systems, they have now shifted their focus onto the children of corporate executives. Basically, the phishing actors leverage the SIM swapping technology so that they can call the corporate executives while pretending to be their kids.
SIM swapping is the technique using which threat actors can gain access to your phone remotely. Then, they can easily control the outgoing and incoming calls, as well as the messages in that device, even from a distance.
Hackers use multiple tactics to gain remote access to a device, such as a fake caller ID.
Image sourced from wmot.org
The key is to force the corporate executive to make a choice- a choice between his clients and his family. A threat actor would call the corporate executive from his child’s smartphone. When the executive hears someone else’s voice from his child’s number, it can be a bewildering experience. Also, the personal and professional dilemma that they have to go through is simply unimaginable.
The threat actors are now planning “psychological attacks” to mint money at any cost!
From SIM Swapping To Ransomware Attacks!
By gaining remote access to children’s phones, these hackers influence corporate executives to give up on sensitive work data such as customer details and employee data. The threat actors resort to blackmailing so that they can gain access to the precious data. They can also demand a hefty amount from the victim against the stolen information. Until and unless the specified amount is paid, the victims have zero control over their sensitive data.
Ransomware attacks have been on the rise globally. For instance, a Russian ransomware attack created ripples across the USA when it targeted a 5,000-mile-long gas pipeline. Similarly, the ransomware attack on Chain Healthcare put the staff and patients in panic mode, as the prescription insurance claims were sent to the back burner.
Recently, at the RSA Conference held in San Francisco, Charles Carmakal, the CTO of Mandiant, talked about the vile attempts made by ransomware attackers to extort money from victims. These attacks can get very ugly, for example diverting ambulances in emergency situations to prevent critical patients from accessing healthcare facilities. They don’t hesitate to stoop as low as leaking nudes of cancer patients!
Some threat actors and their groups have no rules and conscience, and they can go to any extent to coerce victims to part with their hard-earned money.
Carmakal believes that the strategy has shifted from pure extortion to psychological tactics. It is no longer about whether or not to cater to the demands of the hackers. Now, it is right away about the difficult choice between the employees, customers, and the family.
John, the Chief Analyst at Mandiant believes that cybercrime is no longer restricted to just the finance and retail industry. Rather, it has spread across each and every economic sector.
As per the Google-Mandiant team, biotech firms, high-end hospitals, and other top-of-the-art healthcare facilities are now the premium targets of these extortionists. This is precisely because of the IT departments of these healthcare organizations, which serve as the treasure trove of sensitive information for the threat actors.
Sandra Joyce, the head of global intelligence at Mandiant, mentioned this dilemma as an “impossible choice.” If any organization goes on to pay the ransom to the hackers, then it is considered to be a violation of law. On the other hand, if they fail to pay the ransom, they are literally compromising their personal and private data online.
Wrapping Up!
The only way to prevent such a scary situation is to stay vigilant all the time! Companies should organize executive awareness training sessions at regular intervals. Also, the executives should be encouraged to communicate openly with their family members about the lurking digital threats. Cyber awareness backed by a robust phishing protection setup can for sure prevent such mishaps in the future.