Hackers continue to improve their methods and pull off increasingly sophisticated attacks. IBM data shows ransomware as the most popular form of attack for over three years, making up 21% of all attacks. Businesses with deep pockets aren’t the only targets. Hackers are also going after less traditional victims.
The Los Angeles Times reports that the city’s school district, the second largest in the nation, recently fell victim to a ransomware attack. Meanwhile, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warn that ransomware attacks against school districts could increase due to the sensitive nature of student data.
Hackers understand how to humanize attacks that few shed tears over when corporate entities are the victim. By targeting delicate information about a loved one, people are more easily coerced.
Simply put, hackers are waging psychological warfare to get the money they seek, and technology isn’t enough to stop them from accomplishing their end goal. To keep your business safe from a ransomware attack, you must also address the human issue.
Here are the top ways hackers use psychological warfare to find their targets and successfully coerce them into meeting their ransom demands.
Social engineering gives hackers a direct way to install harmful malware on unsuspecting devices. According to Arkose Labs, fake account attacks increased by 300% in 2021 alone. The primary way those accounts gained privileged access was through phishing.
These dangerous emails or text messages are becoming more personalized to target each unsuspecting human. IBM reports that the click rate for an average targeted phishing campaign is nearly 18%. When phone calls were added to the mix, click rates jumped to just over 53%. The more personalized the attack, the more likely humans will fall victim.
Social media, specifically LinkedIn
The rise of social media platforms gives hackers another source to glean sensitive information about potential ransomware targets.
One of the most popular platforms for ransomware hackers is LinkedIn. Check Point researchers found that 52% of all phishing attacks attempted in the first three months of 2022 leveraged LinkedIn.
The professional development site has also become the perfect spot for hackers to identify their targets. They can see the different roles a specific employee has and determine the kind of technologies each department within the company uses to figure out what might be possible to infiltrate.
Many will follow a playbook to pull off a successful attack: First, the hackers find a business they want to attack. In a simple search, they can find who works in that company’s IT department. Once they have that list, they can figure out who might need money or who might be the weakest link. By researching Facebook and Instagram profiles, the hackers gather personal information that helps them answer these questions. The hackers will then reach out to that person and offer them large amounts of money to install malware on company devices. By targeting a specific person with personal information, these hackers are often successful.
Through the front door
It might sound ridiculous, but hackers are literally walking through businesses’ front door to carry out ransomware attacks. It works!
They tailgate outside the front door. When someone needs an extra hand to open the door, the hacker is right there to get inside and physically access company devices. In this face-to-face interaction, many employees are unaware of the damage being done.
What might seem like a harmless exchange is the very thing that can put your organization at risk. Hackers will strike up a conversation, build trust, and, ultimately, take advantage of your kindness.
Through friendly interaction, hackers are using psychological warfare to get where and what they want. It’s a bold method, but it still works.
Ransomware attacks are up, and threat actors are using a multitude of methods to trick you into giving up your most sensitive data. By staying abreast of the latest trends — and ensuring your employees do the same — your organization will be better positioned to thwart potential threats and keep your crown jewels secure.