Tuesday, July 16, 2024

Cybersecurity Experts Predict That The Worst is Yet to Come

“The Next 9/11 Will be a Cyberattack, Security Expert Warns” ~ CNBC

“Experts Say the ‘New Normal’ in 2025 Will Be Far More Tech-Driven, Presenting More Big Challenges” ~ Pew Research Center

“Cybercrime to Scale New Heights in 2021: What Can You do About it?” ~ InfoSecurity Group

Headlines like these are great sources of information for cybersecurity professionals, but they’re enough to put the rest of us on edge. With more than half a million new pieces of malware released daily, are such announcements merely fear-mongering that are meant to increase readership or reality-based warnings that all of us need to heed?

Latest cybersecurity Stats for 2021

Last year alone, there were nearly 4,000 confirmed data breaches that affected dozens of companies and millions of individuals. Even paragons of technology like Microsoft left more than 280 million customer records exposed to hacking and exploits. 

These are the types of attacks that all of us face exposure to on a daily basis. But what made 2020 different – and left us all a little more shaken and vulnerable – was the rise in remote work and eLearning, telemedicine, and online shopping/delivery/banking services. 

That’s in addition to the release of multiple stimuli and PPP payments, general misinformation and distrust, and the resulting scams that were created or reinvented in response by opportunists.

The nature of the current threat vectors

While you can be assured that ‘traditional’ threats like ransomware, malware, brute force attacks, and phishing/spear phishing scams are still around, new threats are emerging due to the realities of remote work, IoT, EHR, and countless COVID-related scams popping up in their thousands.

[Image: https://nsktglobal.com/static/images/Cybersecurity%20Threats%20in%202021.jpg]

So, how is the “new normal” impacting our cybersecurity and privacy?

Rising vulnerabilities putting customer financial information at risk

From inside threats due to advanced social engineering techniques to vulnerabilities brought on by telehealth systems, the threat of data breaches, leaks, and outright theft will continue to plague business owners, developers, and individuals on a scale that we’ve never experienced before.

To help avoid this, online businesses are being forced to rely on accounting or invoicing tools that are armed with an array of security features such as PCI-DSS certified encryption to keep sensitive customer financial information safe and secure. Tools such as these can offer companies much convenience since they can centralize customer data so it is both secured and easily accessible. 

“Fileless” frameworks add a new twist to ransomware attacks

This is a classic case of putting a new spin on an old exploit. While ransomware attacks were on a downward trajectory, the tech and nature of the attacks have made them more difficult to detect and prevent.

The new attacks involve ‘fileless frameworks’ that were created to bypass traditional cybersecurity measures like anti-malware/antivirus scans. This allows hackers to use tools and platforms that are already approved as ‘safe’. This results in faster attacks that traditional measures can’t detect or intercept until long after the damage is done.

Remote work increases the attack surface

Remote work and distance learning are not new, but due to the global pandemic, they have become more widespread. Companies and schools were forced to close down or transition to a virtual environment to contain the virus, and many of these changes may become permanent.

Businesses, with a little help from PPP, have generally done a great job of making sure that their workforce has the tech they need to conduct business from afar. However, the increased interconnectivity increases the likelihood of data breaches emerging on a large scale infecting entire remote corporate networks rather than individual systems and devices.

So many mobile apps – so much more crime

These days, there’s an app for everything. This means booming business for app developers and rising security concerns for the rest of us. In addition to viruses, trojans, data mining, and resource theft, financial scams promising COVID-19 stimulus and relief are on the rise and targeting vulnerable users.

Timeless cybersecurity best practices

When it comes to cybersecurity, prevention is best. However, nothing is totally foolproof. This leaves adhering to current best practices for detection and mitigation to contain the attack and limit the amount of damage.

Cyberattacks tend to recycle. Although new technologies are deployed or tweaked to reinvent old exploits like brute force attacks, phishing scams, and other old hacker favorites, we at least have a baseline to implement damage control:

Expand testing: In addition to traditional pen testing, develop with security baked into the design. Cloud-based storage and hybrid systems must also be thoroughly checked at all access points.

Beware of blind spots: The rise of third-party developers and proliferation of mobile app development/use means that cybersecurity experts are contending with blind spots in organizational architecture. Be cognizant of the need for careful integration when installing or upgrading systems.

Protect systems with bullet-proof strategies: An increase in online shopping, investments, and banking means implementing security solutions to protect data and reduce the risk of breaches, scams, and attacks with high-level encryption. Tools such as VPNs can encrypt data and keep it from being seen by hackers. Sydney-based cybersecurity expert Will Ellis from Privacy Australia argues that VPNs are a necessary cybersecurity tool in today’s world if you are serious about encrypting your data. 

“A VPN provides a much higher level of privacy and anonymity than available through your ISP,” says Ellis. “Thanks to the encryption protocol, data in transit (such as credit card or Social Security numbers) are unreadable to anyone who manages to hack the system and take a look. Think of a VPN connection as a safe tunnel through which all the information associated with an online session can travel, hidden safely from the outside world.”

Non-techies need to develop and follow better cybersecurity practices and protocols as well. Business owners should ensure that all employees are using the same apps, platforms, and devices to conduct business. They should also make sure that employees are trained and understand basic preventative measures regarding access control and separation of work/personal networks and devices. 

Ensure that they keep all systems, apps, and platforms updated, and never open unsolicited emails or links. Conduct security audits at regular intervals, and make sure to heed the advice of security experts regarding the results.

Final thoughts

Often, it seems that cybersecurity is an endless loop of ‘threat – mitigation – threat’ that never ends. While we can never have a world that is free of cybercrime completely – we need to take care of our cybersecurity strategies with diligence, foresight, and talent can decrease the risk of becoming a victim of a cyberattack and better protect our assets, both data-based and financial. 

There is never a 100% guarantee success rate, but adhering to effective cybersecurity practices and instilling cybersecurity education will actually go a long way toward managing risk and limiting exposure.


Latest articles

HardBit Ransomware Using Passphrase Protection To Evade Detection

In 2022, HardBit Ransomware emerged as version 4.0. Unlike typical ransomware groups, this ransomware...

New Poco RAT Weaponizing 7zip Files Using Google Drive

The hackers weaponize 7zip files to pass through security measures and deliver malware effectively.These...

New ShadowRoot Ransomware Attacking Business Via Weaponized PDF’s

X-Labs identified basic ransomware targeting Turkish businesses, delivered via PDF attachments in suspicious emails...

Hacktivist Groups Preparing for DDoS Attacks Targeting Paris Olympics

Cyble Research & Intelligence Labs (CRIL) researchers have identified a cyber threat targeting the...

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to...

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles