Security experts continue to fight cyber-threats that compromise both individuals and companies. As quickly as experts can shut down one threat, another one appears to take its place. Criminals have learned to evolve their tactics in an attempt to stay one step ahead of the experts.
It can be helpful to educate your users about the types of potential threats they might face. With that in mind, let us take a look at 5 of the most common cyberattacks in 2018.
Cloud Services Infected with Ransomware
These popular and profitable attacks go after data that is then encrypted and offered back to the user or business for a ransom. Criminals have found a goldmine of data on cloud services which they can hold for ransom. Thieves have found success in attaching their attacks to cloud services because users assume a level of security and let their guard down.
In 2016, criminals used Dropbox to spread a favorite strain of ransomware called Petya. Users who assumed they were clicking on a resume stored on a Dropbox share didn’t realize they were installing a virus on their computer. It wasn’t until their machines locked up that they realized something was wrong. In some of the worst cases, entire hard drives were overwritten, and the data on those drives were destroyed.
Cloud services are not going anywhere, but it’s still a good idea to have a backup of your data stored locally or offsite at a location not connected to your cloud provider.
We covered cryptojacking a few months ago and how Tesla become a victim of it. Criminals discovered a Telsa-owned console that wasn’t password protected and were able to take control of it. It wasn’t till months later that a security expert noticed the console was being used to crypto mine on AWS.
Cryptojacking rose in popularity as the prices of Bitcoin, Ethereum, and other crypto-currencies shot into the stratosphere. Those heady days have subsided, but it’s impossible to predict when prices will rise again. Bitcoin is trading at about $6000 today, down from just over $19,000 last December and any sudden jump in price gives thieves an incentive to steal computing time.
Cryptojacking will probably fade in and out of popularity over the next few years, but it won’t go away because there’s too much money to be made. It’s also a relatively low-risk venture for criminals because the crime often goes undetected.
Socially Engineered Malware
Socially engineered malware happens when a user is tricked into installing a piece of software or opening a file from a website or sender they trust. This attack comes in many forms. Everyone knows not to click on attachments from people they don’t know. However, sophisticated criminals understand many people will open a file from a friend or family member whom they trust. New attacks include websites that inject code into the browser which can be used to collect private data without detection.
Socially engineered malware programs are responsible for hundreds of millions of successful hacks each year. This sheer quantity of hacks puts them at the top of the list regarding raw number of attacks. Companies like Microsoft have tried to thwart this type of attack by encouraging users to browse the web using accounts without higher elevated levels of security clearance.
Having good quality malware prevention programs helps, but it comes down to educating the end user so they can recognize these attacks for what they are.
Social Media Threats
We spend so much of our time on Facebook, Twitter, and LinkedIn managing our personal and business connections that it’s easy to overlook the threats on these services. The very nature of these attacks is disturbing because they take advantage of the bonds we have to friends and colleagues.
The attack starts with a friend request that includes a link to more information about the person of interest. You may be asked to install a “small” program before you view their profile. Everything may seem fine at this point, but you’ve now given up more information about yourself than you intended.
Few of these attacks get reported by the media unless the offense is particularly embarrassing. Last year, HBO had a number of their social media accounts taken over by a hacker, including their popular Game of Thrones Twitter account. These attacks are often used to embarrass companies, and it can take time to regain control of the hacked accounts.
Artificial Intelligence Weaponization
Companies like Microsoft and Amazon are using AI, machine learning and neural networks to help them better predict when and where cyber-attacks will happen. Even Visa and Mastercard are using similar techniques to recognize spending behavior and intervene when they see something out of the ordinary.
However, criminals utilize this same technology to trick users. For example, they might use machine learning to customize messages that you’re more likely to open. They do this by scanning any available information they find about you on social networks, company websites, forums and other sites where you’re likely to share details about yourself.
This type of attack is the 2018 version of spearfishing. However, it’s more successful because each message can tailor to the recipient. Security experts have created tools that recognize these attacks and “sandbox” them. However, some attack emails are so convincing they make it past the filters and into the inboxes of employees.
There’s no doubt that 2019 will bring a new collection of threats to consider. Criminals are crafty and willing to modify their behavior to exploit an opportunity. Many of today’s most popular attacks are modified as experts have invented ways to keep them at bay. It’s a game of cat and mouse.
As our computing behavior moves from desktop and laptops to mobile devices attached to cloud services, expect more attacks on our phones, tablets, and even smartwatches. It’s at least something to watch for in 2019. Make sure you are up to date on the best data backup and recovery software.