Despite the development and deployment of sophisticated cyber security solutions, patches, and updates, there has been a continuous increase in the number of cyber attacks. In 2017, we witnessed a number of high-profile attacks, including Uber, Deloitte, WannaCry ransomware attack, and the infamous Equifax breach. The Equifax data breach, which resulted in the theft of names, addresses, birth dates, and Social Security numbers of nearly half the U.S. population, underscored the increasing threat of cybercrime.
In 2018, a string of attacks from a group called ‘Magecart’ took place. This group was responsible for publicized breaches, including Ticketmaster and Feedify. The Magecart script was malicious and it was able to exfiltrate data by skimming form submissions, then sending the data to a server controlled by the hackers. With this, in addition to the recent spate of ransomware attacks on other targets such as FedEx, San Francisco’s light-rail network, and Britain’s National Health Service, it’s clear that hackers are upping the ante and perpetrating more daring large-scale attacks. Today’s hackers are constantly developing and refining the sophisticated tools they use to break into the networks and databases of their targets. As such, enterprises should be on the lookout for these attacks while taking proactive steps to protect themselves from such breaches.
Let’s take a look at some of the top cyber threats that enterprises should watch out for in 2019.
The weaponization of AI
Due to recent breakthroughs in the field of AI, security experts and firms have been using neural networks, machine-learning models, and other AI technologies to detect and anticipate cyber attacks.
According to a Webroot report, 87 percent of cybersecurity professionals in the U.S. leverage AI capabilities when developing security measures. However, 91 percent of these professionals also believe that technology is a double-edged sword since hackers can use it to launch even more sophisticated cyber attacks.
Hackers may be able to use machine-learning algorithms to code self-mutating viruses and ransomware that can bypass AV, firewalls, sandboxes, and other endpoint security solutions. Hackers also leverage AI in spear phishing exploits to create carefully targeted messages that trick people into sharing sensitive data and installing malware.
Attackers use the capabilities of machine-learning models to automatically craft and send out convincing phishing messages to unsuspecting victims. AI can also be used to collect information about a target organization from across the internet.
The information, which is usually sourced from social media platforms, code repositories, support forums, and more, can be used to obtain information that enables hackers to instigate detailed and targeted APT exploits.
The collated information can also be used to crack user passwords by narrowing down the number of possible passwords based on factors such as demography, geography, browsing history, and so on.
Hackers are increasingly targeting transportation systems, electrical systems, and other critical infrastructure. Although these attacks are usually designed to cause immediate disruption of services, a growing number of attacks now use ransomware to hijack critical systems.
The attackers then threaten to wreak havoc and disrupt essential services if their ransom demands are not met. Cybersecurity experts worry that hackers are beginning to detect vulnerabilities in the cyber defenses of ships, trains, and older commercial planes — making them potential targets for future cyber attacks.
Mining cryptocurrencies — crypto jacking
Several hackers have begun targeting individuals who hold bitcoin and other forms of cryptocurrency. Although the theft of cryptocurrency is a significant threat, even more worrisome is the popularity of crypto jacking — a new form of cybercrime where attackers hijack the processing power of victims’ digital devices to mine cryptocurrency.
Mining cryptocurrency, especially Bitcoin, requires miners to solve incredibly complex mathematical problems, a task that requires vast amounts of computing capacity. Once the problems are solved, the blockchain network rewards the miners with predetermined volumes of cryptocurrency.
To obtain these rewards, “crypto jackers” compromise millions of computers and other digital devices and channel a significant amount of their computing capacity toward solving these complex mathematical problems.
In the process, the users of such compromised computing devices experience significantly slower performance. The potential fallout can be huge if crypto jackers begin to compromise systems used in very sensitive areas such as hospitals, airports, hotels, nuclear reactor control systems, and so on.
Recent crypto jacking attacks include the use of computing systems at a Russian oil pipeline company and the hack of a public Wi-Fi in an Argentinian Starbucks cafe. The problem is compounded by the increasing value of cryptocurrencies, which also increases the rewards hackers are likely to gain from crypto jacking exploits — making it one of the more lucrative cybercrimes.
In recent years, sandbox has become one of the more popular endpoint protection solutions favored by cybersecurity experts. Sandboxes detect and prevent malware from entering and compromising endpoint computing systems.
However, hackers have found ways to develop this technology. New strains of malware are able to recognize whether or not they are inside a sandbox. If they are, they immediately become inert and cease all malicious code execution — forcing the sandbox solutions to regard them as harmless. Once they are outside of the sandbox environment, they re-commence their exploits.
According to MIT, ransomware is one of the six biggest cyber threats. Both enterprises and individuals can be targeted by a ransomware attack. The ransomware encrypts user data on compromised systems, connected devices, and databases, halting all computer-related operations in that environment. Users have to pay the ransom demands of the attackers to get back access to their data.
The effects of a ransomware attack can be mitigated if users constantly back up their data to the cloud. However, newer forms of ransomware now target data stored on the cloud — meaning that victims of successful ransomware attacks have no other choice but to pay the ransom demanded by the attackers.
Though ransomware attacks populated the news in 2017, incidents dropped significantly in 2018 and they are continuing to trend down, replaced by the much more profitable crypto-jacking.
How to Proactively Protect Against Cyber Threats
Enterprises who want to protect themselves from the increasing number of cyber attacks must become more security conscious. To start, they need to implement a systematic application security program in their organization and promote a security culture amongst employees. Since many sophisticated cyber attacks use social engineering tactics instead of brute force techniques, enterprises should institute strict cybersecurity policies and organize security awareness seminars for their employees.
To learn more about Security Compass's enterprise application security products and services, contact us here.