In an age where organizations and individuals are becoming increasingly reliant on the cloud, internet of things (IoT), and workforce mobility for critical business functions, it is becoming more difficult to keep track of the threats and areas where we are most vulnerable. According to CSO Online, damages caused by cybercrime are estimated to hit the $6 trillion mark by the year 2021. Experts predict cybersecurity spending to exceed the trillion dollar threshold over the next five years. With financial repercussions reaching all time highs, it’s of utmost importance to stay ahead of the curve and take note of the new wave of cybercrime trends that are expected to blight the business landscape for years to come.
Malware and Ransomware Hacking Cloud Computing Services
Malware and ransomware remain some of the biggest cybersecurity threats in our world today. While malware and ransomware are similarly characterized by self-installing on a computer and running in the background, they differ in what they steal and how they present themselves. Malware stays hidden while stealing valuable information whereas ransomware immobilizes the victim’s machine, encrypts files, and notifies the user of a ransom demand in order to regain the key to decrypt the files.
Cybersecurity Ventures reports that a business falls prey to a ransomware attack approximately every 40 seconds, and this is expected to rise to 1 victim every 14 seconds by the year 2019. While the trend of big data breaches is set to continue, research from MIT suggests that ransomware aimed at hacking cloud services is likely to be a new development. This is due to the growing trend of adopting cloud computing services among businesses today and the large amounts of sensitive data stored by these services.
Another significant threat to cybersecurity is phishing, where an attacker disguises itself as a trustworthy entity in an attempt to obtain sensitive information such as usernames, passwords, and credit card details. As phishing is one of the easiest forms of cyber attack to carry out, Research now shows that around 1.3 million phishing websites are created every month with Google, Facebook, Dropbox, and Paypal ranking as the top disguises for hackers. Attackers have learned to design phishing attacks to play on the audience’s fear while looking 100 percent authentic. This would cause the targets to panic thinking that something is legitimately wrong, and act without following the SOP.
For example, a phishing email might claim to be from a bank and instruct users to login to their account to verify personal details in order to prevent their accounts from being closed. However, the link goes to a fake website that is difficult to distinguish from the real one where their login and personal details are then captured for malicious ends. Phishing might look like a basic form of a cyber attack, but the simple fact of the matter is that it works. Up to 90 per cent of all data breaches occur as a result of credentials stolen using a phishing attack. The FBI also suggested that phishing scams that hit thousands of US businesses amount to almost $5 Billion every year.
Recently, cyber criminals have shifted their focus to spear phishing which, instead of sending generic emails to thousands of people, contains more targeted messages to specific individuals within an organization. These specially crafted messages serve as the key of cyber criminals to initiate high profile cyber attacks which victimize even the largest organizations. To illustrate, back in 2015, Ubiquiti Networks Inc. fell prey to the destructiveness of a spear phishing attack when employees from the finance department were tricked into transferring almost $50 million in funds from a subsidiary in Hong Kong to the overseas accounts of the attackers. The employees were made to believe that they were getting instructions from their executives when, in fact, the email addresses and domains were spoofed with minor alterations.
Cryptojacking / Cryptocurrency Mining
At this very moment, your computer might be consuming valuable memory and processor power— while bumping up your electricity bill in the process—to generate money for someone else without you ever knowing. This phenomenon is called “cryptojacking”. Given the meteoric rise of cryptocurrencies like Bitcoin that rely on computing power to earn new coins, cryptojacking has become an increasingly popular way for cyber criminals to extract money from their targets.
One of the most popular ways to execute cryptojacking is to find a vulnerable website and inject a script (usually requiring only a few lines of code). This results in unwitting enslavement of unprotected website visitors to mine cryptocurrency for the hackers. The adverse effects of cryptojacking extend beyond the exploitation of one’s computer and electricity; the mining can slow down some hardware, overhead components, and in some cases render the machine unusable. Cryptojacking puts organizations’ entire networks at risk while jacking up cloud usage and operating costs.
Given the ever-increasing dependence of today’s generation on the internet for various activities such as social media, online shopping, and bank/fund transfers, more and more organizations are getting access to sensitive information of its clients. These include personal bank accounts, credit card numbers, passwords, and addresses. As such, these corporations now have the additional burden of ensuring the security and integrity of the data that they hold all while giving the cybercriminals a new and bigger target.
A recent example of this would be the Cambridge Analytica scandal which blew-up during the first half of 2018. Too make the long story short, social media giant, Facebook, developed a platform which allowed third-party developers and apps to reach out to Facebook users and request for access to a large amount of their personal information. This paved the way for Aleksandr Kogan and Cambridge Analytica to use the psychological data of over 87 million users (without consent) to help politicians such as Ted Cruz and Donald Trump to gain political advantages over their rivals. Because of this, Facebook and its CEO Mark Zuckerberg, had to endure severe public scrutiny for it lapse in data security as well as suffering losses of up to tens of billions of dollars in market cap.
This new wave of threats, coupled with increasingly strict data regulation laws, compel individuals and businesses alike to step up their security and data protection game—or fall prey to increasingly debilitating attacks. With the Internet of Things (IoT) projected to explode to 200 billion devices by the year 2020, the need to keep our interconnected networks secure has never been greater. After all, a breach in one, may lead to a breach in all.