The Scary Interwebs: Top Cyber Security Threats in 2019

Published October 24, 2019 | Categories: Computer Related , IT Services

Big plans for Halloween this year?

The October 31st holiday is an annual pilgrimage to the Altar of the Sweet Tooth for the kids. For adults, on the other hand, the celebration is closer to a fetishization of all things horrifyingly scary.

If you’re a small business owner or an executive tasked with keeping your company’s digital infrastructure and business data safe, however, you might be forgiven for wanting to skip the terror-fest this year. Why? Because the number and variety of cyber threats just keep increasing exponentially, year after year, making every day Halloween.

A few obligatory frightful statistics to ponder:

  • + A hacker attack on an internet-connected computer or device occurs every 39 seconds.
  • + Depending on who you ask, anywhere between 43% and 50% of cyber attacks target small businesses specifically. Oh, and small businesses typically invest less than $500 on cyber security.
  • + Despite the prevalence of cyber crimes and the attention they receive, only about 10% are actually reported – meaning that the statistics above and below may represent the low end of the possible threat spectrum.
  • + Some off-the-shelf hacking tool kits are available for purchase for as little as $1.
  • + Roughly three out of four organizations lack even a basic cyber security incident response plan.
  • + A data breach can often go nearly six months before being detected – and this is true for your financial institutions (Capital One), credit monitoring agencies (Equifax) and even the big boys in tech (Facebook).

What new and potentially devastating cyber threat trends emerged in 2019? Let’s take a look.

Cloud Computing Infrastructure Exploitation

Over the last several years, cloud data storage has become a big business and a popular method of managing your company data. However, non-secure sign-up processes, ease of use, and low costs make cloud providers targets for all sorts of nefarious actors.

“Hackers have been found using cloud services to mask their identities while carrying out attacks. We have seen hackers exploiting and abusing popular cloud-based services such as Google Cloud Platform, Microsoft Azure, Asus Cloud, Google Drive, Dropbox, and others to fool their victims. Hackers may use these services to spread malicious code or distribute macro-laden documents and spreadsheets or use them as command and control servers. Hackers were also found using cheap cloud services to host their entire DDoS and brute force infrastructure, and then targeting users and other cloud providers.” TechGenix

Mobile Fraud

As more and more financial transactions are being initiated on mobile devices, cybercriminals have shifted their exploits to the apps supporting e-commerce.

“Today, mobile fraud is outpacing web fraud. More than 60% of fraud originates from mobile devices. It used to be mobile browsers that were fraud heavy, but now 80% of mobile fraud comes from mobile apps.” RSA White Paper

Blockchain Privacy Poisoning

Just last year, blockchain technology was being hailed as the most secure method of encryption. How quickly things change.

Hackers have found a way to turn legislation aimed at protecting online consumers – GDPR – into an exploitation through what’s now being called “privacy poisoning.”

“The term […] refers to the insertion of personal data into a public blockchain, thereby making that blockchain non-compliant under the European General Data Protection Regulation (GDPR). According to the GDPR, all individuals have ‘the right to be forgotten,’ so you can immediately see why blockchain technology represents such a problem: by their very nature, blockchains are meant to be completely unchangeable and immutable. So this naturally creates a paradox for organizations: you have personal data ‘on chain’ that cannot be altered, and you simultaneously have the right of individuals to change, alter or delete their data at any time. Personal information cannot be deleted without compromising the chain.” CPO Magazine

Software Supply Chain Attacks

Not only are hackers targeting cloud networks and mobile banking apps, they’re also going after the source code via software supply chain attacks.

“Attackers hunt for unsecure network protocols, unprotected server infrastructures, and unsafe coding practices. They break in, change source codes, and hide malware in build and update processes.

Because software is built and released by trusted vendors, these apps and updates are signed and certified. In software supply chain attacks, vendors are likely unaware that their apps or updates are infected with malicious code when they’re released to the public. The malicious code then runs with the same trust and permissions as the app.” Microsoft 

DDoS

Distributed denial of service (DDoS) attacks – flooding a targeted website with an overwhelming amount of traffic – are nothing new. In fact, it’s one of the oldest methods of carrying out cyber warfare.

DDoS attacks were on the decline as recently as 2018. But that trend appears to be over, as Kaspersky Lab notes:

“Last year the number of DDoS attacks was constantly falling, leading Kaspersky Lab experts to assume that cybercriminals who had been conducting DDoS attacks for financial gain had shifted their attention to other sources of income (such as crypto-mining). However, statistics for Q1 2019 contradict this trend and show that the number of DDoS attacks blocked by Kaspersky DDoS Protection has actually grown by a staggering 84%, when compared to Q4 2018. This figure could indicate that such attacks were still in demand, despite being inaccessible when popular DDoS marketplaces were taken down. Once new DDoS-for-Hire websites launched, the number of attacks grew exponentially as a result.”

Beacon Knows Cyber Security

Want to make sure your business is protected from the latest hacker exploits? Beacon is here to help. Give us a call today.

 

Technology is changing constantly. Please note that technical information posted in the BITS blog may be inaccurate if published prior to 2022.