3 Unexpected Ways You Might Get Hacked

Anyone Could Become a Target—Including You

“I know I need to protect my company’s data—but from whom? And from where?”

As a business, you’re constantly bombarded with instructions to “protect yourself,” but you often don’t have enough clear information about what hackers are doing and how your business might get caught up in it.

The most important thing to remember?

It’s not about you.

You, as a specific company, are very unlikely to be a specific target for hackers (also known as threat actors or cybercriminals). In the same way average petty criminals or cat burglars commit crimes of opportunity, hackers do the same: they exploit the vulnerabilities they see, not caring who’s behind the desk.

This doesn’t mean you’re not a target; it just means there’s probably nothing special about you above any other potential victim. Maybe the thought is comforting to some extent, but really, it’s just a bit more accurate.

There are three common yet unexpected ways you might end up in a hacker’s crosshairs.

1. Supply Chain Attacks

A supply chain attack is a cybersecurity breach targeting an organization by compromising the security of its suppliers or service providers. Threat actors exploit vulnerabilities in the network of suppliers to gain unauthorized access to the target organization’s systems. By compromising a trusted link in the supply chain, attackers can infiltrate systems, manipulate products or services, and potentially compromise the integrity and security of the final deliverables.

Supply chain attacks might come in the form of malware installed on software your company uses, like Quickbooks or Adobe. When a software update is pushed, and your company installs it, you might fall victim to the same malware. The key to avoiding this is to use vetted software providers with strict security policies. Using random, knockoff, or cheap software can mean the code isn’t secure—which, in the supply chain reaction, means you aren’t either. Ask us about the vetted software.

2. Internet of Things (IoT) Device Attacks

IoT devices include smart thermostats, multifunction copiers/printers, security cameras, cars, and even smart refrigerators in the office. While these amazing connected tools can improve efficiency for a company as well as for home life, they’re also juicy targets for threat actors.

Most often, threat actors don’t care about what’s in your fridge, but they’re thrilled by the idea of your password being the same for all your home and professional accounts… which means they can access your network and all your other connected devices and accounts.

The security of IoT devices can vary, and vulnerabilities may exist across different types of devices. However, some common targets for hacking include:

  • Smart Home Devices: Devices such as smart cameras, thermostats, and door locks are often targeted due to their widespread adoption and potential for unauthorized access to personal spaces.
  • Routers and Networked Devices: Hacking routers can provide access to an entire network, making them attractive targets for cybercriminals seeking to compromise multiple devices or move laterally into a professional network.
  • Medical IoT Devices: With the increasing use of connected medical devices, there’s a concern about the security of patient data and the potential for unauthorized access to medical IoT devices.
  • Industrial IoT (IIoT) Devices: Critical infrastructure and industrial systems connected to the internet are potential targets for hackers aiming to disrupt operations.
  • Wearable Devices: Fitness trackers, smartwatches, and other wearable IoT devices may be targeted for their data, often through unsecured Bluetooth connections.

Just a reminder: these types of attacks have very little to do with you, the number of steps recorded on your Fitbit, or your indoor security camera footage. Hackers often use IoT devices as easy entry points into a network, then they move laterally and escalate privileges.

And we’re making it easy for them. The most common way people get hacked through IoT devices is through weak or default passwords. Many users either don’t change the default credentials of IoT devices or choose weak, easily guessable passwords (like “admin” or “password1”). This creates a straightforward entry point for hackers using automated tools to exploit these vulnerabilities. Once they gain access, hackers can manipulate the device, steal sensitive information, or use it as a pivot point to compromise other devices on the network.

Therefore, ensuring strong, unique passwords and regularly updating them is a crucial step in preventing common IoT-related hacks.

3. Voice Phishing (Vishing)

Vishing, short for “voice phishing,” is a cyberattack technique where attackers use voice communication, typically phone calls, to trick individuals into divulging sensitive information or performing actions to compromise their security. Just like email phishing, in a vishing attack, the perpetrators often impersonate legitimate entities, such as banks, government agencies, or tech support. They purposefully create a false sense of urgency or importance to manipulate the intended victim.

Vishing attacks aim to deceive the person answering the phone and get them to provide personal information, such as their passwords or credit card details. Vishing exploits human psychology and the trust associated with voice communication to orchestrate fraudulent schemes—it’s another example of social engineering.

With the rise of more Generative AI tools, voice simulation has also become more widely available. Hackers look to use a voice you might already be familiar with to increase trust.

To guard against vishing, it’s crucial to verify the legitimacy of unsolicited calls and refrain from sharing sensitive information over the phone unless you’re certain of the caller’s authenticity. Don’t be afraid to ask questions or just say you’re uncomfortable sharing information. Use a call screening service if you have one. Try not to pick up the phone and say “Hi, [your name] speaking” as you’re handing the threat actor a nice convenient piece of information right at the top of the call.

With cyber threats constantly surrounding us, it’s normal to feel uneasy. Knowing you’re very rarely a direct target will hopefully ease some of the concern, while still allowing you to keep a keen eye out for ways to dodge danger. By reading an article like this, you’re already doing a great job of staying on top of contemporary attack types.

For more personalized tips and to get your cybersecurity questions answered, contact the Stratti team. Although anyone can fall victim to these intelligent hacking strategies, we’ll do everything in our power to keep you from being one of them!