Cyberattacks are getting more and more sophisticated by the minute. There has been a staggering 102% increase in the number of organizations affected by ransomware attacks this year compared to the beginning of 2020, and there are no signs of this trend slowing down, according to Check Point Research (CPR).

CPR found that the American healthcare and utilities sectors have been the most targeted sectors since the beginning of April 2021 – as the recent Colonial Pipeline cyberattack has demonstrated. According to the FBI, the professional cybercriminal group DarkSide was responsible for the ransomware attack on the pipeline network. Working in a Ransomware-as-a-Service (RaaS) model, DarkSide leverages a partner program to execute cyberattacks. 

While accelerated cross-industry digitalization has brought about myriad economic benefits, it has also revealed more vulnerable entry points into multiple sectors’ IT systems and data networks.

Cybersecurity experts predict that this year, there will be a cyberattack every 11 seconds, with financial damages from cybercrime expected to reach $6 trillion. That’s nearly double what it was in 2019 (every 19 seconds) - and quadruple the rate in 2016 (every 40 seconds).

Consequently, cybersecurity and protecting against cybercriminals are high on the agenda for both private sector businesses and public sector organizations. It is more critical than ever to prioritize fixing vulnerabilities to combat such attacks and preserving valuable data by using advanced comprehensive technologies and solutions.

Recognizing evolving risks

Despite increased awareness and technical innovations, malicious attacks are still proving successful. In the past, the biggest cyber threat was the theft of credit card information; now, the risk has evolved, thanks to increasingly sophisticated methods used by attackers.

Take phishing emails as an example. As of February 2021, there have been more than 2.168 million websites marked as phishing sites, according to Google Safe Browsing. Furthermore, ESET’s Threat Report reveals that there has been a 9% rise in malicious email detections between the Q2/Q3 periods  compared to Q1/Q2 in 2020.

It's easy to see why organizations have become focused on avoiding damaging attacks. Although security teams can offer some protection, when it comes to emails sent to a corporate inbox, cybercriminals continue to find new ways around IT defenses and protocols. Highly specialized attacks can be planned through spear phishing and social engineering, which focus on targeted individuals and enable emails containing malicious links to look as legitimate as possible.

So, amid this constant game of cat and mouse between security teams and cybercriminals, what can be done to fight back against attacks that involve malicious links?

Analyzing security threats and vulnerabilities – enter online data collection platforms

Collecting publicly available online data enables security teams to build multiple layers of data when checking for malware being distributed via links within emails or by other fraudulent means. More importantly, online data collection allows for the creation of what’s known as a “secure sandbox environment,” which catches the fraudster deploying the malware and detonating the link within it. As such, if there is cause for concern, it is contained and dealt with, posing no threat to the wider IT environment. However, data doesn’t just help to expose malicious links – it also allows teams to test their infrastructure when going through "red teaming" or user emulation procedures. Red teaming allows organizations to perform comprehensive tests that help expose potential vulnerabilities on every attack level. It also offers a better understanding of how to respond to potential cyberattacks, levelling the playing field against attackers.

Data collection can be deployed to reveal potential vulnerabilities and risks within hardware and software-based systems such as networks, applications, routers, switches, and appliances. By collecting publicly available data, red teams have a better picture of the current delivery networks and cybersecurity landscape. As a result, they’re better informed and can perform focused and realistic exercises and updates that wouldn’t be possible without the added benefit of data. This further allows them to review and analyze log data and to utilize security information and event management (SIEM) platforms for visibility and detection of live intrusions. They are also able to triage alarms in real time. In short, the extra level of intelligence-led security assessment that data enables allows teams to thoroughly test organizations’ cyber resilience, as well as threat detection and incident response capabilities.

Exposing malicious sites at the core

One non-profit organization focused on exposing malicious sites and sharing the information globally is  abuse.ch. They believe that there are millions of fraudulent sites emerging and the only verified way to detect them is by using an online data collection platform. Without data collection, these sites can easily conceal their tracks and appear legitimate. Onceabuse.ch identifies a website that is causing harm, they immediately publish the information on the project website where security researchers, security solutions vendors, or law enforcement teams can take action. This data is universally available for free and used broadly by open-source tools. For example, many Domain Name System (DNS) service/software providers like regularly access this list of sites  – using these datasets protects millions from cybersecurity threats.

Data collection platforms to the rescue

Regardless of size or sector, all organizations are prime targets when it comes to cyberattacks. It’s therefore important that they remain one step ahead of those looking to break into their systems. To achieve this, they need to access the latest technologies available – this is where online data collection can provide the upper hand. Being well-informed and tested is the only way to comprehensively secure an organization’s systems. Knowing your threat landscape as well as verifying it means taking full control of your safety, always.