9 Hidden Threats Of Cyber Attacks In The US To Avoid!

What are the chances of a cyber attack in your business in 2022? There is a 60% chance of your company not only becoming a victim of an attack, but going out of business due to a security breach. Cyber attacks are increasing in data breaches across the United States. In this article, we will take a look at 9 stats of cyber attacks in the US to avoid!

What is a Cyber Attack?

A cyber attack is a crime performed by a cyber criminal that targets you or your company. The scope of the attack can range from infrastructure to computer networks and its connected systems. These endpoints consist of servers, desktops, laptops, tablets, and mobile computing. Cyber attacks in the US are done by a single hacker or process, a group of hackers, or state sponsored cyber criminal organizations in foreign countries.

Their malicious aim is to take control of your computer or network; to steal and sell your sensitive data in the black market; to hold ransom your computer(s) until payment is made; or to disrupt and take out your business. Your security preparedness and defense posture will make all the difference. You will determine the level of disruption to your organization, how much the business reputation is tarnished, and whether your business will survive a security breach.

What is a Hacker?

There are several types of hackers that exist in cyber space today and fall into one of two categories - ethical and non-ethical hackers. The white hat hacker is known as an ethical hacker while the black hat hacker engages in criminal activities. Whether a white or black hat hacker, hacking a company's infrastructure, computer network, and/or connected endpoints without consent by the owner is illegal and therefore a crime.

White Hat Hacker

This type of hacker is hired by a corporation to do penetration testing of the company's security measures to discover security vulnerabilities. He or she uses their information technology (IT) skills and security experiences to proactively test for security weaknesses. Their primary objective is to discover security issues that need to be addressed and fixed them before they are exploited by a malicious or black hat hacker.

Black Hat Hacker

This type of hacker is a malicious hacker that exploits security vulnerabilities and engages in criminal activities for personal gain. His intention is to gain access to your system, disrupts your organization, and inflict financial loss.

A ransomware attack is used to take your computer hostage until a payment is made. An access code is provided in exchange for payment that gives the computer owner access again. The owner risks data loss if payment is not made.

Grey Hat Hacker

This type of hacker engages in both tactics of a black hat and a white hat hacker. They leverage their hacking skills in an unethical manner to try and help a company in exchange for payment. This involves hacking the company without permission in order to reveal security holes. This person acts on their own and is not hired by the company at the time of the activities.

How Many Cyber Attacks In The US?

How many cyber attacks in the US happen every day? There are between 20,000 - 30,000 cyber attacks in the US that happen in a day with a new company falling victim to a ransomware attack every 11 seconds. Here are nine statistics that will affect your business if no proper security measures are in place.

Ransomware and phishing attacks are two of the major methods used today in cyber attacks in the US. More businesses from different industries in the United States are being targeted by hackers.

According to PURPLESEC:

• 92% of malware is delivered by mail.
• 43% of cyber attacks target small businesses.
• 47% of small businesses had at least one attack in the past year.
• 60% of small businesses go out of business within 6 months of a cyber attack."
• Businesses lost around $8,500 per hour due to ransomware-induced downtime.
• The average cost of a ransomware attack on businesses was $133,000.
• 34% of businesses hit with malware took a week or more to regain access to their data.
• 25% of business executives willing to pay from $20,000 - $50,000 to regain access to encrypted data.
• A new organization will fall victim to ransomware every 11 seconds by 2021.

What You Need to Know

• Cyber attacks in the US are getting more sophisticated.
• At least 75% of targeted cyber attacks used phishing email techniques.
• Over 100% increase in cyber attacks using ransomware.
• Expect to see broader cyber attacks in the US and across other industries such as healthcare.

Cyber criminals are getting bolder and launching attacks beyond government agencies and businesses to healthcare and energy infrastructure industries. Click on FBI Director to read about cyber attacks in the US in our energy infrastructure that forced a shutdown and caused a spike in gas prices.

Ransomware and phishing security breach remain at the top for the most used methods in launching an attack. According to Norton, one in three users fell victim to a cybercrime in 2021 with a rise in attacks. Click here to learn more about cyber attack trends.

Ransomware Attack

A ransomware attack is a program released by a hacker that exploits a security vulnerability using a malicious link that runs upon clicking on it. The hacker then access your computer system remotely. Once inside, the cyber criminal moves to infiltrate the rest of your computer network. Ransomware, just like other cyber attacks in the US, rely on the end user being fooled.

To avoid a computer security breach, stay current with the latest security updates as your first line of defense.

Phishing Attack

A phishing attack is a widely used method by a hacker to fool a user to click on a malicious link in an email. Once the user clicks on the link, a program runs that grants the hacker remote control of the computer system. Phishing attacks make it possible to attack more computers in less time.

It's important not to click on a link or download an attachment from an unsolicited email. You can hover your mouse over the link to see if it goes to a secure (https) site. However, more than 70% of phishing techniques now use a secured link.

Phishing and spearphishing (normally involves spoofing email address) remain popular forms of attacks. Click here to read our article on five steps to test email security using a free phishing tool.

Recent Cyber Attacks in The US

Earlier this month, the Center for Strategic & International Studies (CSIS) announced the latest cyber attack incident around the Log4j vulnerability. Cyber security firms identified hackers from foreign countries attempting to exploit the Log4j vulnerability. This Apache vulnerability allows an attacker to run malicious code remotely.

The month before, CSIS reported that after CISA publicly shared details on a vulnerability, "Chinese hackers targeted nine companies and 370 servers between September and October using the same vulnerability." Later in the same month "A Russian-speaking group targeted the personal information of around 3,500 individuals, including government officials, journalists, and human rights activists. The group obtained access to private email accounts and financial details, and operated malware on Android and Windows devices."

Click here for more information on incidents from the Center for Strategic and International Studies.

Is Your Business Prime for A Cyber Breach?

If you think your company is off limits when it comes to cyber attacks, think again. No business or industry is off limits to cyber attacks. Attacks such as ransomware and phishing as noted above remain a great and costly threat to your organization. Below are just four reasons why your business is a target of cyber attacks in the US.

1. Your business exposure to an attack will increase as hackers increase their cyber attacks in the US.
2. Your business exposure to an attack will increase as hackers cover more industries.
3. Your business is more likely to end up as one out of three victims to an attack.
4. Your business is more likely to bare the financial burden a data breach and loss of data.

How To Protect Your Business

1. Security Assessment

Don't wait until a security breach occurs to invest in proper security measures for your company. The easiest target of a hacker is the end user! They like their odds of targeting a user. The user is the easiest to get fooled by a hacker and the weakest link in the security chain.

2. Security Training

Proper security training is needed to educate users in the dos and don'ts of security. For example, how to respond to social engineering techniques to what to do if they receive a spoofed email.

3. Penetration Testing

In addition to training, the company should hire a security firm to do penetration testing against current security measures. The objective is to expose security holes that need to be fixed. This coordinated effort needs to be approved by upper management. This article is in no way promoting any type of criminal activity.

4. Social Media Training

It seems a new social media platform is being released several times per year. As you create profiles across these platforms, make sure that you don't share any company or personal sensitive data or patterns (e.g., when you travel, at work, etc.) that can tip someone as to your schedule.

One of the fastest ways we have seen an attack spread is through social media. Someone you know shares a funny message with you with a link. Since you know the sender, you click on the link.

A few days later, you get a call or text from your friend that their page has been hacked. You realize that you too have been hacked. Be aware of any persistent requests from strangers even if they are common friends within your network.

5. Implement 2 Factor Authentication (2FA)

2FA provides an added security measure that requires a code to complete login. An example of this is Google Authenticator (GA) which generates a code. The binding between 2FF and GA is possible through a QR code that is scanned into GA. Without this generated code, it is not possible to log in.

Other forms of added security is a code to text on your phone or in email, depending on which method you selected.

6. Implement Next Generation Anti-Virus (NGAV)

NGAV such as SentinelOne uses Artificial Intelligence (AI) to handle attacks in real-time without human intervention. The security capabilities go beyond the level of protection of traditional AV solutions. Click here to learn more.

7. Domain Spoof Test

What is spoofing? It's when someone outside your company domain sends email pretending to be from your domain. They appear to be authenticated using a forged email address that appears to be valid to users.

Make sure that an SPF TXT and a DMARC CNAME record exist in your Domain Naming System (DNS) zone. While an SPF won't completely protect against spoofing a domain, it will greatly reduce it from spammers.

• Sender Policy Framework (SPF) TXT Record
  • This record allows & authenticates users of your domain to send email.
  • An example is: "v=spf1 include:spf.protection.outlook.com -all"
• DMARC CNAME Record
  • This record supports 3 policies other mail servers that support this implementation adhere to.
  • The policy allows you to reject, approve, or quarantine emails.

8. Phishing Security Test

This is a proactive measure to see how many of your users are fooled by an unannounced security test. One of the available phishing test tools is by KnowBe4.com. You can run this security phishing test directly their website.

As your IT Wingman, we can get your business to a secure place with our managed support and security services.

About us

Everything IT Pros is a Managed Services Provider that provides managed services to businesses. We offer a monthly subscription-based support model. We require no long-term agreements to do business. We earn your business every month.

If your company is looking for better IT support and security, considering outsourcing IT, or looking to augment internal IT, we can help you get there! Let us help protect your business from cyber attacks in the US.