Mergers, acquisitions or takeovers all provide fertile pretexts for hackers. All of which introduces changes to processes which can be exploited. Moreover, they love it when an organisation migrates to new IT systems because unfamiliar technology means users are less effective at spotting anomalies. And as for a global pandemic where the majority of an organisation’s workforce is working from home – well that’s manna from heaven.
2) Hackers love innovation.
While your organisation probably talks about the need for innovation so too do the hackers! Just when a certain type of phishing or spear-phishing campaign is becoming a tad predictable, they will introduce a new innovative twist which will surprise everyone.
3) Hackers love the way users can be easily misdirected.
Like that street urchin which pours ketchup on an unsuspecting tourist to relieve them of their wallet, hackers love using clever misdirection tricks like “captchas” to avert attention from their real trick of persuading users to click on a malicious attachment or hyperlink.
4) Hackers love the power of co-incidence.
Ever wonder why those Amazon, UPS and DHL phishing emails keep on being used by hackers? It’s because of the co-incidence factor. Hackers know that there is a high-probability that one of their targets will have recently used one of these services. Ditto for services such as Office 365, Dropbox, SharePoint and GSuite.
5) Hackers love multi-taskers.
Hackers just love it when employees try to juggle tasks such as Zoom calls, RFPs, report writing, phone calls and emails all at once. Truth be told, a multi-tasking employee is much more likely to open up a dodgy attachment or URLs than an employee that performs one task at a time.
6) Hackers love curious users.
Hackers love users who open up email attachments and links willy-nilly. Curiosity is the secret-sauce in many a successful phishing campaign and helps keeps click rates high.
7) Hackers love organisational silos.
Departments or teams which suffer from poor communication or which are not on the best terms with each other can provide hackers with a great opportunity. Your accounts department, for example, might be on frosty terms with the sales department. This means that a dodgy macro-laden Office document is much more likely to get opened because Sales is not really sure what Accounts is up to these days. Such interdepartmental unfamiliarity breeds some great hacking opportunities.
8) Hackers love the “we’re-not-a-target” mindset
Hackers love it when employees think their organisation or industry would never be an attractive target for hackers. The “we’re-not-a-target” mindset makes their job a lot easier.
9) Hackers love users who place a lot of trust in their organisation’s firewall or end-point security software.
There is nothing like a false sense of security imbued by firewalls and end-point security software to lull users into the belief that all the nasty stuff gets filtered out before it reaches their inbox.
10)Hackers love exploiting false trust cues.
Humans can be suckers when it comes to falling for false trust cues. Remember, it’s easier for a burglar to break into a house with a high-viz jacket than it is with a tracksuit. Experienced hackers know this too. If a trust entity can be piggybacked on, the travails of a hacker can be much more successful. That is why you’ll often see
Microsoft domains (such as Microsoft.net or forms.office.com) exploited for phishing purposes. That’s why so many malicious apps can be found on the Google Play Store. It is also why hackers love using hijacked “trusted” email accounts (such as from suppliers) to execute campaigns.