13.05.2024 Law in media
Cyber Threats 2023: Phishing Dominates, AI Targeted
Krzysztof Fiedorek
The CERT Orange Polska 2023 report reveals a rapidly evolving cyber threat landscape. Phishing has taken a decisive lead, accounting for over 44% of reported incidents. Advanced social engineering techniques, deepfakes, and a surge in malicious ads lure users with promises of quick profits or easy opportunities.
Cybersecurity data concerning Poles is alarming. Millions fall victim to online scammers, clicking suspicious links and sharing sensitive data. The CERT Orange Polska report highlights the scale of this phenomenon.
Phishing Takes the Lead
The most popular method of online fraud remains phishing. Cybercriminals create fake websites or emails that closely mimic those of well-known companies or institutions. Their goal is to steal personal data, credit card information, or login credentials for online banking by tricking users into downloading malicious files or clicking on links to fake websites.
In 2023, CERT Orange Polska`s security systems blocked over 360,000 fake websites, and around 5.5 million Poles clicked links leading to them. Victims lost money, personal data, and even control over their online accounts.
This marks a significant shift over the past decade. In 2014, spam—unwanted messages cluttering inboxes—was the top threat with around a 40% share, while phishing accounted for just 1% of incidents recorded by CERT Orange Polska.
- "Today, the leader is multi-vector, advanced phishing targeting both users and companies, which accounted for over 44% of reports last year," says Robert Grabowski, head of CERT Orange Polska, quoted by Newseria Biznes. - "As an operator aware of these threats, we aim to block them before users even encounter them. We do this at the network level, using CyberShield."
Social Engineering, Malvertising, and DDoS Tsunami
According to the CERT report, social engineering plays an increasingly prominent role in attacks, as cybercriminals use ever more sophisticated methods to manipulate network users.
- In 2023, scammers created over 360,000 fake websites.
- A staggering 5.5 million Poles fell victim to them.
In addition to phishing, malvertising—ads with links to malicious sites—has gained popularity. In 2023, CERT Orange Polska’s security systems blocked three times as many such sites as the previous year.
CERT Orange Polska experts point to other growing threats:
- Fake investments: Scammers lure victims with promises of quick profits, encouraging them to invest in fictitious ventures.
- Fake payment links: Cybercriminals send emails or SMS messages with links to supposedly secure payment sites where victims enter credit card details.
- Buyer scams: On auction and shopping platforms, scammers send fake messages asking for deposits or credit card details.
- Spyware: Malicious software that steals confidential data from infected devices.
- DDoS attacks: Cybercriminals attempt to paralyze websites or online services by flooding them with network traffic.
advertisement
- "The number of attacks exceeding 10 Gbps has doubled (from 3.8% to 7.7%), as has the number of attacks with the smallest volume—below 0.2 Gbps (from 24.3% to 40.8%). The record-breaking 93 Gbps attack in 2014 would barely raise an eyebrow today (attacks over 100 Gbps are now routine). Last year`s record hit 543 Gbps, nearly six times stronger than a decade ago," explains Robert Grabowski, quoted by Newseria. - "We’re also seeing much more advanced attacks that are harder to defend against, such as carpet bombing, which targets entire address blocks rather than single addresses, and complex attacks like Web DDoS Tsunami."
How to Protect Yourself
To guard against cybercriminals, vigilance and caution online are essential:
- Avoid clicking suspicious links: Even if an email or SMS looks legitimate, check the sender`s address and the link`s content before clicking.
- Do not provide personal information on unfamiliar websites: Websites where you share personal data should use HTTPS protocol and have SSL certificates.
- Use strong passwords: Passwords should be unique, at least 12 characters long, and include lowercase and uppercase letters, numbers, and special symbols.
- Use antivirus software: Regularly updated antivirus software can protect against malicious software.
- Familiarize yourself with online security practices: Websites like CERT Orange Polska and other cybersecurity organizations offer valuable information and tips.
- "Last year saw critical vulnerabilities in security devices and access solutions, and that trend will continue. We`ve moved a large portion of our work into the digital realm, enabling hybrid or fully remote work, which is now a primary medium for accessing companies," explains Robert Grabowski. - "For cybercriminals, discovering such vulnerabilities is a prime opportunity, and they will continue to exploit and attack these solutions."
COMMERCIAL BREAK
See articles on a similar topic:
How #MeToo Changed Journalism. Report by Reporters Without Borders
Krzysztof Fiedorek
The #MeToo movement has turned the media world upside down, creating new spaces to fight for women’s rights and confronting journalists with challenges they hadn’t previously faced. From new editorial roles to increasing cyberbullying threats, journalism is undergoing a revolution, and feminist media is gaining strength to openly address violence and discrimination.
GDPR and Press Releases. Is Journalists' Consent Required?
BARD
After May 24, will it be possible to send press releases to journalists without concern, or is it safer to obtain their consent? Industry experts and lawyers explained GDPR regulations on this topic to infoWire.pl news agency journalists.
Quishing. How to Protect Yourself from QR Code Scams
Krzysztof Fiedorek
According to analysts from Keepnet Labs, quishing will be one of the most serious threats to businesses and individuals in 2024. In 2023, the number of data or money theft cases using this method increased globally by 587%.
Cyberwarfare on the Internet. The ESET Report
KF
Governments, corporations, and even the education sector are becoming targets of advanced cyber attacks. The report for the period from October 2023 to March 2024, prepared by ESET, sheds light on the intensification of activities by Advanced Persistent Threat (APT) groups, which conduct espionage, sabotage, and destabilization operations in key sectors on behalf of states.
Local Media in Poland - Announcements
Bartłomiej Dwornik
Research by ComPress Agency, conducted among journalists in 2001, indicates that only 7 percent of them believe that PR specialists and press spokespeople understand journalists' needs well.
How to Detect Pegasus on Your Phone and Protect Against Spying
RINF
The nature of spyware is to remain as hidden as possible, making it difficult to detect on a device. However, some mechanisms can help verify if a smartphone has been compromised.
Deepfake. A Powerful New Weapon in The Information War
Krzysztof Fiedorek
One of the newest threats to the credibility of information is deepfake technology. Deepfake is a type of false video or audio material where the person in the recording appears to speak or behave in a way that does not align with reality.