© 2024 M&T Bank and its affiliates and subsidiaries. All rights reserved.
Wilmington Trust is a registered service mark used in connection with various fiduciary and non-fiduciary services offered by certain subsidiaries of M&T Bank Corporation including, but not limited to, Manufacturers & Traders Trust Company (M&T Bank), Wilmington Trust Company (WTC) operating in Delaware only, Wilmington Trust, N.A. (WTNA), Wilmington Trust Investment Advisors, Inc. (WTIA), Wilmington Funds Management Corporation (WFMC), Wilmington Trust Asset Management, LLC (WTAM), and Wilmington Trust Investment Management, LLC (WTIM). Such services include trustee, custodial, agency, investment management, and other services. International corporate and institutional services are offered through M&T Bank Corporation’s international subsidiaries. Loans, credit cards, retail and business deposits, and other business and personal banking services and products are offered by M&T Bank. Member, FDIC. 
M&T Bank Corporation’s European subsidiaries (Wilmington Trust (UK) Limited, Wilmington Trust (London) Limited, Wilmington Trust SP Services (London) Limited, Wilmington Trust SP Services (Dublin) Limited, Wilmington Trust SP Services (Frankfurt) GmbH and Wilmington Trust SAS) provide international corporate and institutional services.
WTIA, WFMC, WTAM, and WTIM are investment advisors registered with the U.S. Securities and Exchange Commission (SEC). Registration with the SEC does not imply any level of skill or training. Additional Information about WTIA, WFMC, WTAM, and WTIM is also available on the SEC's website at adviserinfo.sec.gov. 
Private Banking is the marketing name for an offering of M&T Bank deposit and loan products and services.
M&T Bank  Equal Housing Lender. Bank NMLS #381076. Member FDIC. 
Investment and Insurance Products   • Are NOT Deposits  • Are NOT FDIC Insured  • Are NOT Insured By Any Federal Government Agency  • Have NO Bank Guarantee  • May Go Down In Value  
Investing involves risks and you may incur a profit or a loss. Past performance cannot guarantee future results. This material is provided for informational purposes only and is not intended as an offer or solicitation for the sale of any security or service. It is not designed or intended to provide financial, tax, legal, accounting, or other professional advice since such advice always requires consideration of individual circumstances. There is no assurance that any investment, financial or estate planning strategy will be successful.

Learn how you can identify evolving cybercrime tactics.​

Cybercrime is always evolving.

Today, the threat environment in cybersecurity evolves nearly as quickly as technology itself.

Who is behind these continual computer intrusions? Unfortunately, there are multiple sources; they can range from computer gurus looking for bragging rights, unethical businesses seeking to gain a competitive edge, criminal rings intent on profiting from sensitive, personal information, all the way to espionage rings and terrorists looking to rob our nation of critical information.

Whether we refer to them as cybercriminals or mere hackers, they are highly-skilled computer experts with the dogged determination of gaining unauthorized access to your data. Cyber threats may originate from a variety of sources and for many reasons:

  • “Hacktivists” use the same tools and techniques as a hacker, but do so in order to draw attention to political or social causes. A typical tactic can be the complete disruption of service on government, religious and corporate websites. “Anonymous” is one of the best known hacktivist groups.
  • Cybercriminals are those who act independently or within organized crime rings to steal financial data, personal credentials and credit card information, then either sell the information on what is known as the dark web (or black market) or directly access monetary accounts.
  • Nation-states or foreign entities seek to spy, gain proprietary or classified information, or launch cyberstrikes in order to cause damage to individuals, companies or governments.
  • Malicious insiders are colleagues you may know who are looking for ways to harm their own employer, steal information or make money. A recent SailPoint Market PulseSurvey found that one in five employees would sell their passwords and business-related credentials to someone outside of the organization, many for as little as $100.
  • Bringing cybercriminals to justice can be daunting. The nature of the digital space allows for anonymity that can be challenging for law enforcement; it is difficult to find and arrest an individual identified only by a username. And, even if one is locked up, there is always another cybercriminal ready to step in and build on the foundation already laid.

Cybercrime practitioners are crafty at adapting new technologies and tactics. Phishing, for example, has been around for decades, but cybercriminals now use more targeted approaches, taking advantage of the wealth of information readily available on the web. Without careful inspection, it is difficult for the average person to distinguish a real email from a phishing attempt.

Examples of emerging cybersecurity trends:

Spearphishing & Whaling

Spearphishing attacks are conducted by emails and appear to be from a known individual or familiar business— and often include details pertinent to the recipient. Whaling attacks are similar to spearphishing except the targets are typically high-level executives, celebrities and politicians.

Gaining the information to conduct targeted phishing attacks is not difficult. A basic web search can now glean vast amounts of information about a company, including email addresses, job descriptions, office locations and current projects.

Social media sites, such as LinkedIn™ and Twitter™, hold even more specific information that can be used to spoof email addresses, create fake, intentionally malicious websites and send attachments that mimic the same files one would receive over the course of a normal work day.

Phishing attacks have different goals. Some want users to visit a site and provide information such as passwords and login credentials. Other attacks introduce malware into the network.

Ransomware

Ransomware is a form of malware that, when activated, encrypts or locks all of the files on a computer or network. To regain access to the files, the cybercriminal demands a ransom, typically paid with electronic currency such as bitcoin.

Ransomware is pretty straight-forward: pay the ransom and get the files back. However, cybercriminals see a huge market in this malware and are changing their tactics. In some cases, the cybercriminals are returning only a portion of the files and then demanding a second ransom be paid in order to release the remaining files.

It appears the next generation of ransomware is even more Machiavellian as it enables the software to be installed, the data encrypted even when the computers are offline and then the software targets data stored in the cloud.

Mobile Malware

Mobile devices are ubiquitous both at the workplace and in personal use, and cybercriminals have taken note. Malware designed for Android™ and Apple™ devices is embedded into popular apps or can masquerade as “legitimate” third-party downloads. For example, GM Bot is a new malware attacking Android devices.

Today, the threat environment in cybersecurity evolves nearly as quickly as technology itself. Creating proactive security systems that will protect against the most popular attacks of today and anticipate those of tomorrow is no small task and can only be achieved through constant vigilance, information gathering, and education.

Begin today, and you may thwart the cyberattack of tomorrow. Malware tricks users into entering their login credentials in fake screens, where the credentials are harvested. It can also intercept SMS codes and call backs from targeted financial institutions.

Social Networks

Cybercriminals love social networking sites. There, among the “Shares” and ”Likes,” exists an abundance of unique personal information ripe for exploitation as well as multiple “attack vectors,” the alternative paths the hacker can use to gain access to a victim’s computer or network.

Using the algorithms in popular sites like Facebook™, they’ll plant malicious videos, hoping the user will be interested enough to click on them or use baiting techniques – posts that encourage users to share so they can get a free smartphone, free gift card or a portion of someone’s lottery winnings. They’ll also play off trending topics to promote article links and websites loaded with malware.

These techniques, like phishing, are known as “social engineering” in the context of information security and rely on human curiosity, fear or trickery to elicit a response.

Thwart the next cyberattack

Today, the threat environment in cybersecurity evolves nearly as quickly as technology itself. Creating proactive security systems that will protect against ever-evolving attacks is no small task and can only be achieved through constant vigilance, information gathering and education. Be ever mindful, and you may thwart the next cyberattack.

To learn more, contact your local M&T Bank Relationship Manager or M&T Bank’s Commercial Service Team.​

Cybersecurity and You

Protecting your information is one of our top priorities, which is why we at M&T Bank and Wilmington Trust (part of the M&T family), maintain an Enterprise Information Security Program.

But there are some things you can do to identify and manage cyber risks at home, in the office or on the go.

Learn More >

Disclosures

This article is for informational purposes only. It is not designed or intended to provide financial, tax, legal, investment, accounting, or other professional advice since such advice always requires consideration of individual circumstances. Please consult with the professionals of your choice to discuss your situation.

All trademarks, servicemarks and trade names referenced in the above are the property of their respective owners.

Disclosures:

    • © 2024 M&T Bank and its affiliates and subsidiaries. All rights reserved.
    • Wilmington Trust is a registered service mark used in connection with various fiduciary and non-fiduciary services offered by certain subsidiaries of M&T Bank Corporation including, but not limited to, Manufacturers & Traders Trust Company (M&T Bank), Wilmington Trust Company (WTC) operating in Delaware only, Wilmington Trust, N.A. (WTNA), Wilmington Trust Investment Advisors, Inc. (WTIA), Wilmington Funds Management Corporation (WFMC), Wilmington Trust Asset Management, LLC (WTAM), and Wilmington Trust Investment Management, LLC (WTIM). Such services include trustee, custodial, agency, investment management, and other services. International corporate and institutional services are offered through M&T Bank Corporation’s international subsidiaries. Loans, credit cards, retail and business deposits, and other business and personal banking services and products are offered by M&T Bank. Member, FDIC. 
    • M&T Bank Corporation’s European subsidiaries (Wilmington Trust (UK) Limited, Wilmington Trust (London) Limited, Wilmington Trust SP Services (London) Limited, Wilmington Trust SP Services (Dublin) Limited, Wilmington Trust SP Services (Frankfurt) GmbH and Wilmington Trust SAS) provide international corporate and institutional services.
    • WTIA, WFMC, WTAM, and WTIM are investment advisors registered with the U.S. Securities and Exchange Commission (SEC). Registration with the SEC does not imply any level of skill or training. Additional Information about WTIA, WFMC, WTAM, and WTIM is also available on the SEC's website at adviserinfo.sec.gov. 
    • Private Banking is the marketing name for an offering of M&T Bank deposit and loan products and services.
    • M&T Bank  Equal Housing Lender. Bank NMLS #381076. Member FDIC. 
    • Investment and Insurance Products   • Are NOT Deposits  • Are NOT FDIC Insured  • Are NOT Insured By Any Federal Government Agency  • Have NO Bank Guarantee  • May Go Down In Value  
    • Investing involves risks and you may incur a profit or a loss. Past performance cannot guarantee future results. This material is provided for informational purposes only and is not intended as an offer or solicitation for the sale of any security or service. It is not designed or intended to provide financial, tax, legal, accounting, or other professional advice since such advice always requires consideration of individual circumstances. There is no assurance that any investment, financial or estate planning strategy will be successful.

    Stay Informed

    Subscribe

    Sign up here to receive insights designed to help you succeed.

    Sign Up Now

    WTU Newsletter Card
    WTU Newsletter Handler