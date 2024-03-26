



According to Trustwave, rapid digital transformation and technological advances in the technology sector are expanding the attack surface for companies operating in this sector.

As the field evolves, there continues to be a proliferation of Software-as-a-Service (SaaS) providers, cloud infrastructure, and internet-connected systems and devices. This growth often outpaces the adoption of appropriate security measures, including the inability to track and remediate vulnerabilities, putting businesses and their customers at risk.

Cybercriminals use AI to create multichannel attacks

Innovation fuels the technology industry, but it comes at a cost. This sector is rich in valuable data and intellectual property, making it a prime target for cyberattacks. These attacks can be devastating, exposing sensitive information and wreaking havoc on businesses.

In most cases, technology companies are third parties and can be the root cause of most supply chain attacks. Additionally, certain technology subsectors, such as software companies and infrastructure providers, have complex supply chains that make it difficult to ensure the security of all components and services. These third-party vendors are attractive targets because they may have weaker cybersecurity defenses.

The technology industry's constant pursuit of innovation can come at a cost to security. Rushing new capabilities like AI to market can lead to shortcuts such as integrating untested components. These components have not been rigorously evaluated for vulnerabilities and may represent a backdoor for attackers.

Cybercriminals are using AI to create multichannel attacks that start with emails that link to deepfake videos as a ploy to make their scams even more convincing. One example is an email that uses a deepfake video of Elon Musk as a means to further deceive people by offering recipients an opportunity to make money through the purported stock trading platform Quantum AI.

Smart technologies like Ring doorbells, which are meant to protect your home, are actually exposed to a variety of cyber-attacks.

Technology companies face growing cyber threats

Modern ransomware gangs are stepping up their extortion game. They steal sensitive data before deploying ransomware and publicly release it to pressure victims into paying.

Three ransomware groups (LockBit 3.0, Cl0p, and ALPHV, also known as BlackCat) account for over 60% of reported attacks against technology companies. Phishing remains the biggest threat, with approximately 40% of malicious PDFs impersonating well-known brands such as Geek Squad, PayPal, and McAfee.

Although there are no universal rules, it is often observed that individuals working in the technology sector are more likely to use cryptocurrencies compared to people in other industries. Phishing attacks are increasingly targeting cryptocurrency users to obtain sensitive information about their digital wallets.

Technology companies such as telecommunications companies, SaaS providers, and hosting companies are prime targets for cyber threats because they possess large amounts of sensitive and valuable data. This high-value data is attractive to attackers for financial gain, espionage, or other nefarious motives.

In the technology field, malware is often encountered through email attachments. HTML files are particularly common and are used for credential phishing and redirects to malicious sites.

“Continuous innovation that advances technology can be a double-edged sword,” said Kory Daniels, Trustwave CISO. ” Our new research reveals the complex web of dangers facing the technology industry. Even a minor security breach can cripple a company and disrupt the critical infrastructure we rely on, including internal business operations, the software and products our customers trust, and the infrastructure that supports our supply chain. This can cause cascading disruption throughout the system. To stay ahead of threats and minimize exposure to risk, security must be built in at every stage of the technology lifecycle.

