13.05.2024 Law in media
Cyber Threats 2023: Phishing Dominates, AI Targeted
Krzysztof Fiedorek
The CERT Orange Polska 2023 report reveals a rapidly evolving cyber threat landscape. Phishing has taken a decisive lead, accounting for over 44% of reported incidents. Advanced social engineering techniques, deepfakes, and a surge in malicious ads lure users with promises of quick profits or easy opportunities.
Poczytaj artykuł
Cybersecurity data concerning Poles is alarming. Millions fall victim to online scammers, clicking suspicious links and sharing sensitive data. The CERT Orange Polska report highlights the scale of this phenomenon.
Phishing Takes the Lead
The most popular method of online fraud remains phishing. Cybercriminals create fake websites or emails that closely mimic those of well-known companies or institutions. Their goal is to steal personal data, credit card information, or login credentials for online banking by tricking users into downloading malicious files or clicking on links to fake websites.
In 2023, CERT Orange Polska`s security systems blocked over 360,000 fake websites, and around 5.5 million Poles clicked links leading to them. Victims lost money, personal data, and even control over their online accounts.
This marks a significant shift over the past decade. In 2014, spam—unwanted messages cluttering inboxes—was the top threat with around a 40% share, while phishing accounted for just 1% of incidents recorded by CERT Orange Polska.
- "Today, the leader is multi-vector, advanced phishing targeting both users and companies, which accounted for over 44% of reports last year," says Robert Grabowski, head of CERT Orange Polska, quoted by Newseria Biznes. - "As an operator aware of these threats, we aim to block them before users even encounter them. We do this at the network level, using CyberShield."
Social Engineering, Malvertising, and DDoS Tsunami
According to the CERT report, social engineering plays an increasingly prominent role in attacks, as cybercriminals use ever more sophisticated methods to manipulate network users.
- In 2023, scammers created over 360,000 fake websites.
- A staggering 5.5 million Poles fell victim to them.
In addition to phishing, malvertising—ads with links to malicious sites—has gained popularity. In 2023, CERT Orange Polska’s security systems blocked three times as many such sites as the previous year.
CERT Orange Polska experts point to other growing threats:
- Fake investments: Scammers lure victims with promises of quick profits, encouraging them to invest in fictitious ventures.
- Fake payment links: Cybercriminals send emails or SMS messages with links to supposedly secure payment sites where victims enter credit card details.
- Buyer scams: On auction and shopping platforms, scammers send fake messages asking for deposits or credit card details.
- Spyware: Malicious software that steals confidential data from infected devices.
- DDoS attacks: Cybercriminals attempt to paralyze websites or online services by flooding them with network traffic.
- "The number of attacks exceeding 10 Gbps has doubled (from 3.8% to 7.7%), as has the number of attacks with the smallest volume—below 0.2 Gbps (from 24.3% to 40.8%). The record-breaking 93 Gbps attack in 2014 would barely raise an eyebrow today (attacks over 100 Gbps are now routine). Last year`s record hit 543 Gbps, nearly six times stronger than a decade ago," explains Robert Grabowski, quoted by Newseria. - "We’re also seeing much more advanced attacks that are harder to defend against, such as carpet bombing, which targets entire address blocks rather than single addresses, and complex attacks like Web DDoS Tsunami."
How to Protect Yourself
To guard against cybercriminals, vigilance and caution online are essential:
- Avoid clicking suspicious links: Even if an email or SMS looks legitimate, check the sender`s address and the link`s content before clicking.
- Do not provide personal information on unfamiliar websites: Websites where you share personal data should use HTTPS protocol and have SSL certificates.
- Use strong passwords: Passwords should be unique, at least 12 characters long, and include lowercase and uppercase letters, numbers, and special symbols.
- Use antivirus software: Regularly updated antivirus software can protect against malicious software.
- Familiarize yourself with online security practices: Websites like CERT Orange Polska and other cybersecurity organizations offer valuable information and tips.
- "Last year saw critical vulnerabilities in security devices and access solutions, and that trend will continue. We`ve moved a large portion of our work into the digital realm, enabling hybrid or fully remote work, which is now a primary medium for accessing companies," explains Robert Grabowski. - "For cybercriminals, discovering such vulnerabilities is a prime opportunity, and they will continue to exploit and attack these solutions."
COMMERCIAL BREAK
New articles in section Law in media
SEO Poisoning. Hackers Use Search Engines to Target Businesses
Piotr Rozmiarek
Search engines help us quickly find information, but they can also be used by cybercriminals. SEO poisoning is a tactic where attackers manipulate search engine rankings to place harmful websites at the top of search results.
Phishing in the Cryptocurrency Industry. Fake Recruitments Steal Data
Piotr Rozmiarek
Security researchers have detected a social engineering campaign targeting job seekers in the Web3 industry. The attack aims to conduct fake job interviews via a meeting application that installs information-stealing malware.
SLAPP Lawsuits in Europe. How Journalists and Activists Are Silenced
Krzysztof Fiedorek
The number of strategic lawsuits aimed at intimidating journalists, activists, and civil society organizations is increasing in Europe. According to the CASE SLAPPs Report 2024, as many as 1,049 such cases were identified between 2010 and 2023.
See articles on a similar topic:
Children’s Online Safety. Clickmeeting Analysis
KrzysztoF
Over half of surveyed parents believe their children are aware of the dangers lurking online. At the same time, just over 40 percent of respondents admit to taking steps to protect their children’s privacy online.
Recognizing Fake News. Technologies for Creating False Information
BARD
Artificial intelligence is increasingly used to fake information. Software now allows manipulation of public appearances by politicians. Bots are also used more often in Poland, with hate speech and trolling among the internet’s biggest threats.
GDPR and Press Releases. Is Journalists' Consent Required?
BARD
After May 24, will it be possible to send press releases to journalists without concern, or is it safer to obtain their consent? Industry experts and lawyers explained GDPR regulations on this topic to infoWire.pl news agency journalists.
Sharenting, or Photos of Children Online. IRCenter Study
KrzysztoF
Parents who are internet users eagerly share information about their children online. They publish images, personal information, or life events, often unaware of the risks. Research company IRCenter examined this area of Polish internet activity.