How cyber-aware are you?

It’s no longer a secret that as the construction and transport industries increasingly adopt digital technologies, automation and interconnected systems, they become more susceptible to cyber-threats.

Photo: Reuters Igor Stevanovic Alamy

Within that reality cybercriminals continually adapt their tactics, techniques and procedures so staying informed is crucial for individuals and organisations alike.

As 2024 unfolds, some of the latest hacking schemes to keep an eye on might comprise a modified take on some of the classics, while others are newly minted debut efforts.

AI chatbot

On the newer side, ChatGPT has become a legitimate tool for businesses, as well as hackers. Cybercriminals can use the AI chatbot to draft phishing emails and codes, generating multiple scripts easily with slight variations on wording. Researchers are also seeing AI-generated malware that is much harder to detect.

Post-Covid, we’ve all got used to the QR code, but QR codes and cashless payments are giving cybercriminals an open invitation to steal sensitive data. All they need is a company flyer or related document. From there, they switch the existing QR code with their own infected one. You can imagine the rest.

Moreover, last year, the cybercrime industry saw the emergence of SaaS-based (Software as a Service) phishing, whereby hackers hijack legitimate software and create a credential-stealing page that looks like an authentic login page (for emails, calendars and all types of computer office tools). A typical scheme might involve sending a fake invoice or other document as a pdf. Once there, malware is used to record keystrokes to collect login data. And then they’re off and running.

It’s also important to remember that, as we become more digital, and thus work more with developers, they too are being targeted by hackers. We tend to trust developers and give them broad access to our systems. All the more reason to vet like crazy, but also ensure they’re complying with strict industry best practices.

Juice jacking

Awareness being what it is, many SC&RA members travel. Juice jacking has become more widespread in recent years and can affect anyone sitting in a public place such as an airport or coffee shop. Be very careful about charging your device through an unfamiliar public USB port. Juice jacking is where cybercriminals load malware onto the charging stations. Once a person uses the charger, he or she is unintentionally exporting personal data and passwords directly to the hacker.

Similarly, if your company posts information on a social media site discussing signing up a new client, making someone a partner or even developing business with a new supplier, that information is available for all to see. Be aware that, using the information provided, bad actors can create a social media profile pretending to be a senior official from that partner, etc., requesting data that they claim they need for their own purposes.

Overall, remember that in almost every hacking case, the criminals were inadvertently let into the data without you or your employee suspecting a thing. This is why making cyber-training an essential part of your company practices and protocols is paramount. Anyone can be the entry point that cybercriminals are looking for.

As a result, staying on top of the latest trends and best practices in the cybercrime space could ultimately prove to be the best investment your company ever makes.