10 April 2019

Top 5 potential cybersecurity threats of 2019

Last year we saw our fair share of cyber-attacks, but unfortunately, it was only be the beginning.

With the Digital Age ever-expanding and cybercriminals becoming more intuitive in their hacking abilities, we list the top 5 cyber threats that could catch you out this year.

1. Phishing attacks

Phishing emails are still one of the most common methods to conduct a cyber-attack, but they are becoming more sophisticated. The emails are becoming much more convincing and hackers can steal more personal information than ever, including gaining access to private databases.

One example is the Gaza hackers used a phishing attack to target individuals and corporations in 39 countries. A cyber consultancy published its findings on the cyber espionage operation known as ‘SneakyPastes’, The cybercriminals made use of disposable email addresses to spread the virus through phishing attacks before downloading the malware in chained stages using multiple free sites.

The cybercriminals included the more advanced ‘Operation Parliament’ and ‘Desert Falcons’ as well as the less sophisticated ‘MoleRats’, which was responsible for launching SneakyPastes.

2. Ransomware

Ransomware attacks can be the most costly type of cyber-attack for organisations, with billions of dollars every year being obtained in this way. Hackers deploy technologies that allow them to gain full access to an individual or organisation’s databases and hold the information for ransom. The rise of bitcoin and other cryptocurrencies means the demands are paid anonymously.

Back in November last year multiple different ransomwares were discovered such as cmdRansomware that utilises batch files and GPG to encrypt a computer. Read more here.

3. Cryptojacking

To know what cryptojacking is, you first need to know about cyrptocurrency. Cryptocurrency is a form of digital currency that can be exchanged for goods, services and in some cases, real money. Users can ‘mine’ cryptocurrencies on their computers by using special programmes to solve complex, encrypted maths equations in order to gain a piece of the currency.

Cyrptocurrrncies, such at bitcoin, only have a finite number that have not been ‘mined’.  Cryptojacking is a way for cyber criminals to make free money (with minimal effort). They can simply hijack a machine with a few lines of coding. One of the ways to install the code can be via phishing attacks.

When the victim opens up what seems to be a harmless email, the cybercriminal can run the coding in the background without the victim noticing.

2018 saw a big rise in cryptojacking. A cloud monitoring and defence firm revealed in February that Tesla’s Amazon Web Services cloud infrastructure was running mining malware thanks to an inconspicuous, but extensive cryptojacking campaign.

4. IoT Attacks

The ‘Internet of Things” (IoT) is becoming the way of life. Laptops, mobiles, tablets, webcams, smart watches and even household appliances are all starting to be connected to the internet. As handy and useful as IoT devices are for companies and individuals, they gather an immense amount of data.

This process causes the IoT network to become more vulnerable to cyber-attacks as they hold a wealth of information. Hackers can cause havoc, overloading networks or attempting to lock-down essential equipment for their financial gain.

The major devices targeted will range anywhere from consumer-based routers to home-based nanny cams. One industry that showcases vulnerability is the automotive sector—as more cities allow self-driving cars, there could be a major accident as a result of a hacker taking over the controls.

5. Third parties

Third parties such as contractors and vendors can pose a huge risk on a corporation. A high percentage of third parties have little to no secure systems or teams in place to protect themselves. Hackers take advantage of these smaller parties to gain access to the corporate network.

As well as the high risk associated with third parties, there is usually a lack of resource within cyber teams to management third party risks. This includes a lack of continuous monitoring, consistent reporting and other blind spots that could be leaving organisations vulnerable to cyber-attacks or data breaches.

A couple of examples of the recent third party data breaches come from organisations like:

  • MyHeritage Genealogy Site
  • Universal Music Group
  • Corporation Service Company

For information on their attacks and others read here.

At IRM, we focus on keeping your organisation safe against cyber-attacks by giving you the tools to obtain and maintain compliance. With our knowledge and expertise, our services help organisations capitalise on digital opportunities whilst meeting compliance standards and mitigating potential risks. Our award winning GRC platform SYNERGi will not only help you, but also your third parties. For more information, contact us.