The Scary Interwebs: Top Cyber Security Threats in 2019

Big plans for Halloween this year?

The October 31st holiday is an annual pilgrimage to the Altar of the Sweet Tooth for the kids. For adults, on the other hand, the celebration is closer to a fetishization of all things horrifyingly scary.

If you’re a small business owner, or an executive tasked with keeping your company’s digital infrastructure and business data safe, however, you might be forgiven for wanting to skip the terror-fest this year. Why? Because the number and variety of cyber threats just keeps increasing exponentially, year after year, making every day Halloween.

A few obligatory frightful statistics to ponder:

  • A hacker attack on an internet-connected computer or device occurs every 39 seconds.
  • Depending on who you ask, anywhere between 43% and 50% of cyber attacks target small businesses specifically. Oh, and small business typically invest less than $500 on cyber security.
  • Despite the prevalence of cyber crimes and the attention they receive, only about 10% are actually reported – meaning that the statistics above and below may represent the low end of the possible threat spectrum.
  • Some off-the-shelf hacking tool kits are available for purchase for as little as $1.
  • Roughly three out of four organizations lack even a basic cyber security incident response plan.
  • A data breach can often go nearly six months before being detected – and this is true for your financial institutions (Capital One), credit monitoring agencies (Equifax) and even the big boys in tech (Facebook).

What new and potentially devastating cyber threat trends emerged in 2019? Let’s take a look.

Cloud Computing Infrastructure Exploitation

Over the last several years, cloud data storage has become big business, and a popular method of managing your company data. However, non-secure sign-up processes, ease of use and low costs make cloud providers targets for all sorts of nefarious actors.

“Hackers have been found using cloud services to mask their identities while carrying out attacks. We have seen hackers exploiting and abusing popular cloud-based services such as Google Cloud Platform, Microsoft Azure, Asus Cloud, Google Drive, Dropbox, and others to fool their victims. Hackers may use these services to spread malicious code or distribute macro-laden documents and spreadsheets or use them as command and control servers. Hackers were also found using cheap cloud services to host their entire DDoS and brute force infrastructure, and then targeting users and other cloud providers.” – TechGenix

Mobile Fraud

As more and more financial transactions are being initiated on mobile devices, cybercriminals have shifted their exploits to the apps supporting e-commerce.

“Today, mobile fraud is outpacing web fraud. More than 60% of fraud originates from mobile devices. It used to be mobile browsers that were fraud heavy, but now 80% of mobile fraud comes from mobile apps.” – RSA White Paper

Blockchain Privacy Poisoning

Just last year, blockchain technology was being hailed as the most secure method of encryption. How quickly things change.

Hackers have found a way to turn legislation aimed at protecting online consumers – GDPR – into an exploitation through what’s now being called “privacy poisoning.”

“The term […] refers to the insertion of personal data into a public blockchain, thereby making that blockchain non-compliant under the European General Data Protection Regulation (GDPR). According to the GDPR, all individuals have ‘the right to be forgotten,’ so you can immediately see why blockchain technology represents such a problem: by their very nature, blockchains are meant to be completely unchangeable and immutable. So this naturally creates a paradox for organizations: you have personal data ‘on chain’ that cannot be altered, and you simultaneously have the right of individuals to change, alter or delete their data at any time. Personal information cannot be deleted without compromising the chain.” – CPO Magazine

Software Supply Chain Attacks

Not only are hackers targeting cloud networks and mobile banking apps, they’re also going after the source code via software supply chain attacks.

“Attackers hunt for unsecure network protocols, unprotected server infrastructures, and unsafe coding practices. They break in, change source codes, and hide malware in build and update processes.

Because software is built and released by trusted vendors, these apps and updates are signed and certified. In software supply chain attacks, vendors are likely unaware that their apps or updates are infected with malicious code when they’re released to the public. The malicious code then runs with the same trust and permissions as the app.” – Microsoft 

DDoS

Distributed denial of service (DDoS) attacks – flooding a targeted website with an overwhelming amount of traffic – are nothing new. In fact, it’s one of the oldest methods of carrying out cyber warfare.

DDoS attacks were on the decline as recently as 2018. But that trend appears to be over, as Kaspersky Lab notes:

“Last year the number of DDoS attacks was constantly falling, leading Kaspersky Lab experts to assume that cybercriminals who had been conducting DDoS attacks for financial gain had shifted their attention to other sources of income (such as crypto-mining). However, statistics for Q1 2019 contradict this trend and show that the number of DDoS attacks blocked by Kaspersky DDoS Protection has actually grown by a staggering 84%, when compared to Q4 2018. This figure could indicate that such attacks were still in demand, despite being inaccessible when popular DDoS marketplaces were taken down. Once new DDoS-for-Hire websites launched, the number of attacks grew exponentially as a result.”

Beacon Knows Cyber Security

Want to make sure your business is protected from the latest hacker exploits? Beacon is here to help. Give us a call today.

By | 2019-10-24T08:43:03+00:00 October 24th, 2019|Computer Related, IT Services|

What is Blockchain… And So What?

Let’s be honest… blockchain is a confusing concept. Even for people who understand exactly how blockchain technology works, providing an easy to understand explanation is challenging.

There are a couple of reasons for this. First, blockchain is relatively new tech, and new tech always takes a little while to sink into the public consciousness. We didn’t really know what the internet was for, or how transformative of a force it could be, back in the 90s. Mostly, because we didn’t understand how it could be applied.

Secondly, the technology itself – blockchain – is closely associated with its application – a cryptocurrency called Bitcoin. But they are not the same thing. The sometimes-negative association with Bitcoin specifically, or cryptocurrencies generally, tends to muddy the waters for many.

Before we confuse you further and tell you more about what blockchain isn’t, let’s outline what it actually is. There are three important elements of blockchain technology:

  1. large, peer-to-peer network of computers dedicated to processing and recording digital activity
  2. decentralized database of all recorded activity called a Distributed Ledger (there are several key aspects to this, including “decentralized” and “all recorded activity”)
  3. encryption

It’s definitely more complicated than that. There’s a lot that’s packed into the application of these three concepts. But, boiled down, blockchain combines these elements to provide a secure platform that allows any two parties to engage on the web without the need for a third-party authenticator. Blockchain cuts out the need for a middleman in any digital interaction (including financial transactions) by providing a peer-to-peer network that’s safe, trusted and transparent.

The first intended application of blockchain technology – Bitcoin – was financial in nature. The creator/creators set out to develop an entirely new currency – one that is not reliant on or backed by any government. But, it’s the system that was developed to enable a digitally-based currency that may be end up being much more transformative.

“The blockchain is an incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value,” say Don and Alex Tapscott, authors of the 2016 book Blockchain Revolution.

If it sounds like there could be thousands of applications for blockchain technology, you (and a few dozen million people) are probably on to something.

Blockchain Application in IT & Data Security

So, can blockchain disrupt the IT and data security industries? It sure seems to have the potential to do so. In fact, it may already be doing so.

The following attributes and capabilities make the blockchain particularly appealing to data security professionals:

  • Decentralized and unhackable
  • Encryption and validation
  • Public or private

The data that’s stored on a blockchain doesn’t reside on any one computer (or, node) – it is distributed across all the nodes on a blockchain network. Once a record is added to a blockchain database, it is encrypted and cannot be accessed or altered unless the user provides the correct access key. This makes a blockchain pretty much impervious to hacking.

Because there’s no centralized location for the data, hackers would need to gain access to more than 50% of the network nodes in order to access or overwrite a saved record. Depending on the size of the network, that proposition falls somewhere between extremely unlikely to darn-near impossible.

Further, while blockchain was initially created to enable anonymity in a very public setting, a private blockchain network that restricts access to just a few users can easily be created.

All of this means that blockchain technology is highly amenable to the data security needs of businesses, large and small.

Beacon Knows Data Security

Not sure if you’re doing enough to protect your sensitive business data? BITS can help. A free audit of your network by our security experts can help put your mind at ease. Request one today.

For a deeper understanding of blockchain technology, check out additional information here, here and here.

By | 2018-11-29T09:21:50+00:00 November 27th, 2018|Computer Related, IT Services|