Cybersecurity threats continue to evolve, and the nature and sophistication of attacks vary widely. With more businesses moving their files to the cloud, health care organizations shifting to electronic records, and consumers making financial transactions online, you can be sure that malicious hackers aren’t far away.
The Center for Internet Security, an independent non-profit that’s building a global IT community to secure organizations against cyberthreats, has a sobering cybersecurity assessment for 2019. It says its current alert level is “guarded” because of “vulnerabilities in Google, Adobe, and Oracle products.” In particular, it says there is great concern over “multiple vulnerabilities in Google Chrome.”
With October named European cybersecurity month—designed to promote awareness around information security and protecting yourself from fraud—it’s an opportune moment to talk about relevant cybersecurity threats today.
Let’s dive right in.
1. Cryptojacking: Your machines make their money
Cryptojacking is a form of malware that’s designed to mine cryptocurrency on your system without your knowledge—and without you receiving any of the monetary benefits. It’s far more common than you might think; in one high-profile case, superstar footballer Cristiano Ronaldo’s site was planted with the malicious software. Plus, it’s designed to be subtle, so you might go months without actually detecting that you’ve fallen victim to it.
One of the easiest ways to notice the malware is to take a close look at your system resources tray. If you’re consuming more resources than you should, then something might be amiss. Other tell-tale signs include your CPU heating up more often than it should or if you experience lags despite opening minimal processes.
Guard against cryptojacking by keeping your device updated as often as possible. Don’t switch off the automatic update option, and invest in a robust antivirus software program if you can.
2. Phishing: A daily deluge of fake emails
Phishing attacks are a hacker mainstay and they aren’t going out of style anytime soon. For context, consider this: The U.S. Department of Defense thwarts nearly 36 million emails containing malware, viruses, and phishing schemes every single day. That’s more than a billion each month.
The DoD notes that the sophistication of cyberthreats as well as the frequency and potential impact are increasing dramatically. And the threat levels are likely to keep going up, considering more sensitive information is now hosted on information technology systems.
Even if you’re not as tantalizing a target as the U.S. military, the fact is that phishing is one of the easiest and most effective methods to wreak havoc. That’s because such attacks appear to be normal emails from individuals you trust, such as your family members or work colleagues. Once opened, however, phishing schemes can literally obliterate your data and reveal all proprietary information.
“Ninety percent of malware today originates in the inbox, disguised within phishing emails whose senders impersonate trusted colleagues,” asserts Dave Palmer, director of technology at cyberdefense company Darktrace.
3. The use of artificial intelligence and machine learning
The term “cyberarmy” may conjure images of state-sponsored hackers working together to inflict distributed denial of service (DDoS) attacks on enemy infrastructure, but the fact is that new threats are increasingly dictated by artificial intelligence. Hackers are, quite literally, transferring their knowledge to computers for the aim of scaling the size and sophistication of intrusion attempts.
For example, the Emotet trojan malware, which tricked users into clicking on infected emails and stole data as a result, used artificial intelligence features to impersonate real users and appear as genuine as possible.
The approach, referred to as “smart phishing,” is a troubling new trend. If machines can successfully learn the tricks of the trade and mimic humans as closely as possible, a whole new arena of cyberwarfare might be unleashed. IBM has also confirmed this possibility, by developing a “proof of concept” of intelligent malware.
4. Political moves: Hacking by governments
To say that the world is divided right now might be a bit of an understatement.
With the U.S.-China trade war, the usual battle cries from North Korea and Iran, and peace in the Middle East a far-flung dream, it’s likely that national governments will turn to their cyberarmies for more hacking and intrusion attempts.
Government data breaches are a real thing, with the Stuxnet worm that affected Iranian nuclear facilities considered to be one of the most sophisticated of its type. But government-backed hackers won’t just attack rival government installations. A recent cyberattack against Airbus was attributed to Chinese hackers, a claim Beijing strenuously denied.
Hackers associated with North Korea have tried to siphon more than US$1.1 billion from banks and financial institutions, and these attempts aren’t going to subside anytime soon. U.S. firms are constantly on the receiving end of cyberattacks, but they’re choosing to stay quiet to avoid upsetting their trading partners in Asia.
Cybersecurity is an ever-evolving space, and today’s threats might not be relevant tomorrow. Nevertheless, it’s a good idea to keep yourself updated on current risks and protect yourself and your organization.