In 2017, the intensity and number of cyberthreats facing the world exploded with some attacks becoming known as the worst in recent history.
The Equifax breach in July of last year saw the personal data of over 145 million people stolen and distributed among cyber criminals worldwide, while the WannaCry ransomware worm infiltrated systems running outdated Microsoft Windows software in 150 countries.
“We’re living in the beginning of an era of mass targeted attacks,” says Nate Fick, CEO of security firm Endgame. “Things are bad and they’re going to get worse.”
This spate of large-scale cyberattacks comes as tools used by hackers under government employ become public – last year the NSA’s hacking tools leaked online, making malware, ransomware, and data theft software easier to develop and mimic.
And with the Internet of Things (IoT) growing globally, the scope for hackers to use new avenues to hack systems and data is greater than ever before. The IoT refers to the ever-expanding network of everyday devices and appliances which are data-transfer capable, such as the recent boom in Smart Homes, wearables like the Apple Watch, and connected cars like those provided by AT&T.
In light of these recent events, experts predict that the number of cyberthreats is only set to increase this year. Here’s the Sprout Team’s roundup of the five latest cybersecurity threats for 2018.
Threat 1 – Cryptojacking
As the public profile (and equivalent value) of cryptocurrencies such as Ethereum and Bitcoin continue to rise, so will the number of ‘miners’ cryptojacking into their own wallets.
To mine a cryptocurrency, a computer user runs a script which uses ‘hash power’ to solve equations in order to receive the relevant cryptocurrency block reward. This puts strain on the CPU, meaning that some people will choose to host their mining scripts elsewhere – this is known as cryptojacking.
Though this type of hacking doesn’t involve theft of sensitive or personal data, it’s still using the CPU power of the device owner without their permission. And yet, some big companies with significant website traffic are buying mining scripts from providers such as CoinHive in order to provide alternative revenue.
As cryptojacking spreads into businesses, it will become much more difficult to control.
Threat 2 – Supply Chain Management
As the Internet of Things (IoT) expands to include ‘smart’ tracking and data capture/management systems within the supply chain, those failing to update their processes will find themselves posing a security risk to the rest of the chain.
Being able to transfer data and unique information between companies needs to be simple, quick, and secure – once information leaves one business and enters the systems of another, it can fall foul to ineffective data protection, as direct control is lost.
Secure tracking solutions such as Radio Frequency Identification (RFID) tagging have been used by the US government to keep a constant eye on valuable or protected items being transported cross-country or arriving at military docks.
Companies at all stages of the supply chain must provide a scalable, repeatable method for tracking goods and sensitive data, in order to decrease security concerns, increase financial health and competitiveness, and even ensure business longevity and survival following a breach.
Threat 3 – Cybercriminal Corporations and Crime-As-A-Service (CaaS)
Though it sounds like a fanciful notion straight out of a sci-fi film, the reality that cybercriminal organisations are forming hierarchical structures mimicking large private sector companies is not something to be laughed at.
The global pool of cybercriminals is growing as the knowledge threshold for simple cybercrimes becomes lower and lower, and the availability of cybercrime tools increases.
We’re likely to see an increase in those at the top of the cybercrime game starting to ‘defend their territory’, so to speak – this could escalate into real-life violence as they take other people into their employ and stake out areas of operations or particular revenue streams.
As these multinational organisations grow, there may even be the chance of mergers or the implementation of acquisition strategies as they begin to interact and grow their connections. This broadens the scope for evermore devastating attacks on businesses and organisations across the world, and they’ll likely start to wear away at the public’s trust in security software and data protection.
Threat 4 – Security Software
Anti-virus and anti-malware software has been touted as an all-encompassing security solution for home computer users and businesses alike for many years now. However, trusted programs are easily targeted by hackers, and their place in the software and hardware supply chains mean devices can easily be compromised, and users manipulated.
Hackers can redirect cloud traffic to their own access points, intercepting vital information and creating pathways into supposedly protected devices. By leveraging security and exploiting their widespread usage, cybercriminals will start to reveal to the public that their security software isn’t as safe as they initially thought.
Threat 5 – Worms
A computer worm is a program capable of copying itself across a network. This is where it differs from a virus, which needs a host program to work. They spread through vulnerabilities in network services, and work much faster than other automated hacking methods.
Last year, WannaCry and Trickbot both used worm functionality to spread ransomware globally. The WannaCry attack affected 81 NHS trusts across England alone, and 595 GP Practices found their systems encrypted and subject to a ransom note demanding payment.
Because worms are so good at amassing large numbers of victims so quickly, they’re likely to be used increasingly over the next few years to host ransomware or malware, which in itself is a growing market.
Cybersecurity with Sprout
As internet capability spreads from computers and phones into everyday devices, we urge you to keep an eye on your online security protocols and protection packages. Make sure your systems are periodically updated, and that you install patches as and when they’re released.
This list isn’t an exhaustive one by any means, and it will only continue to merit additional points as the year goes on. However, awareness is half the battle against cybercrime. Our global security solutions need to evolve as threats increase in sophistication and calibre.
Ensure your IT staff are trained to spot potential security risks, and that their knowledge is substantial enough to prevent company downtime – the more they know, the better you’re protected.
Got questions? Get in touch. We’d love to hear your take on your cybersecurity precautions. Send us an email at firstname.lastname@example.org and we’ll be sure to get back to you.
If you are interested in learning about Sprout IT's cyber security and resilience program, Cyber Aware, click on the link below.