Moving into the fourth quarter of 2019, it’s a great time to reflect on the current cybersecurity landscape and the major events and trends which have happened this year. Almost everybody understands what cybersecurity means in the most basic sense, as the majority at least have some experience with anti-virus software.
But as we increasingly rely on computing systems to power our day-to-day lives, our cybersecurity software and processes have to become more sophisticated. With each new piece of technology, software, hardware, or device, there’s a new and increasingly complex way for our data to be accessed or stolen.
As every piece of technology we use is ultimately created by human developers, there are invariably some aspects of every technology which aren’t flawless. Each piece of technology calls for a unique way of exploiting its specific weaknesses – a flaw in its design which allows hackers to gain access.
Usually, hackers will deploy certain attacks to test computer systems, to try and identify these weaknesses. There’s not just one or two attack vectors which cyber-criminals and hackers use to compromise systems. Instead, hackers may deploy several attacks in tandem to gain access to a system.
From the widespread implementation of blockchain and internet of things (IoT) technologies to completely new threats on the horizon, Blokt explores how 2019 has shaped the cybersecurity space.
IoT Devices Present New Challenges
IoT devices are growing in popularity, used in home, office, and industrial situations for a range of use cases. But connecting a greater range of devices to our internet systems means a greater risk that they will become compromised. Connected devices, like internet routers or sensors, can be hijacked by hackers and used to send out spam mail, or incorporated into a botnet.
The National Institute of Standards and Technology (NIST) published updated guidelines in mid-2019 for the use of IoT devices, citing that the diverse range of IoT devices makes it difficult to protect and police. Among other things, NIST recommended that IoT devices keep logs of all potential cybersecurity events, however minor, to protect against them becoming part of a larger network of malicious bots.
Business Owners Bear Largest Costs of Attacks
Cyber attacks on small and medium businesses are increasing. In 2018, 61% of small to medium business owners reported that they had been victims of attacks, a 9% increase from 2017. In 2019, this figure is expected to increase further.
Each attack costs businesses an average of $383 thousand dollars, which for a small or medium business could mean significant financial hardship. Most of these attacks came from data breaches, of which 37% were identified to be a direct result of hacker attacks.
Phishing Has Increased by 65% in 2019 so Far
According to security firm Retruster, phishing attempts have grown an enormous 65% this year. Phishing attacks target information such as usernames, passwords, and payment information, using fake websites or legitimate-looking emails to steal information. Although we’re more aware of the risk of phishing attempts than ever before, people continue to fall for this attack, which is as old as email itself. So why is this?
It could be because our perception of phishing in 2019 is skewed. The majority of people are wary of opening emails and attachments from unknown senders in case they contain malware – commonly believed to be the most dangerous form of phishing. While it’s recommended not to open such mail, anti-phishing firm Phishlabs reported that 98% of phishing emails actually contained no malware.
Instead, most phishing attempts are actually perpetrated through incredibly legitimate-looking emails. For example, Phishlabs found that 31% of emails posed as internal HR or finance providers and a further 27% of phishing emails disguise themselves as e-commerce sites, which then prompt users to log in through a fake website.
It’s at this point that attackers lift your credentials and use them to log in to your real accounts – not malware, as commonly thought.
Polymorphic and Metamorphic Threats Are on the Rise
Polymorphic attacks, which evolve as they spread across a user’s computer, make up an estimated 93% of malicious executable computer viruses in 2019. Polymorphic and metamorphic malware adapt and evade traditional antivirus software, which makes identifying and eradicating these viruses incredibly difficult. Both consumers and businesses are targets of polymorphic malware, with consumers – that’s you and I – comprising 68% of malware endpoints.
Polymorphic malware programs can include spyware, which monitors your activity and reports your keystrokes to attackers; trojans, which disguise themselves as harmless programs or files and gives attackers remote access to your PC; or viruses and worms, which can disable host computers or siphon off data at will.
Digital Asset Theft
Whilst digital assets are promising a disruption to the way we store and transact value, they are also opening up whole new ways by which to steal value too! Although many digital asset thefts are caused by other common attack methods, most of which we discuss here, they are nevertheless proving to be an easier target for attackers to steal.
This is evidenced by the huge $1.2 billion in cryptocurrency, which was stolen in the first quarter of 2019 alone. According to blockchain crime prevention company Ciphertrace, over $355 million was stolen from exchanges and infrastructure alone, a huge part of which was drained directly from user wallets and accounts.
Up to 57% of Attacks Make It Past Traditional Antivirus Software
This might be the most shocking statistic on our list, though it’s no revelation to cybersecurity experts that over half of all attacks make it past antivirus software. The reason for this is that most antivirus software, no matter how sophisticated it is, can only identify threats it has some prior knowledge of.
When a new threat emerges, which carries none of the hallmarks of a previously deployed exploit, it’s incredibly difficult for antivirus software to detect – so difficult, that only 43% of exploits are stopped. However, new technologies such as artificial intelligence and machine learning are helping to identify and stop new attacks as they emerge.
Mobile Threats See a Decrease From 2018
In 2019, more people access the web through their smartphones than through other devices, with 3.9 billion active mobile internet users. As a result, mobile attacks represent one of the most problematic forms of a cyber attack, usually deployed when a user downloads an app loaded with malware.
Despite this, the first quarter of 2019 saw a marked decrease in malicious installation packages from mobile users, down from over 1 million in Q1 2018, to just 905 thousand. While this may still seem high, a decrease of almost 100 thousand malicious installs is a big achievement for cybersecurity.
Local Government Agencies Are Falling Victim to More Attacks
Although 2018 saw a slight year-on-year decline in total cyber attacks, there has been a marked increase in ransomware attacks on local and regional governments. According to cybersecurity firm Recorded Future, in the first four months of 2019, there were 21 reported attacks against government agencies in the USA.
Many of these attacks will take control of internal systems, access and withhold data, and request government agencies to pay the attackers a ransom in Bitcoin to restore control of systems. Only around 17% of these agencies actually pay the ransom, but some of the reported ransom demands are as high as $250,000.
Denial-of-service Attacks (DoS) See a Huge Increase
As the name suggests, denial-of-service techniques prevent users of a service from accessing a resource. This could either be a website or a piece of software. In this attack, hackers will usually launch multiple techniques to either deny service to an individual user, or to all users of a service through a ‘distributed denial-of-service’ or DDoS attack.
Often, as there’s no opportunity for hackers to steal information through these attacks, they are motivated through blackmail, activism, or revenge. According to Kaspersky, DDoS attacks are on the rise, increasing a huge 84% in the first quarter of 2019 from Q4 2018.
Beware of Cryptojacking!
Cryptocurrency mining is, in many cases, increasingly unprofitable except for large scale mining operations. This is mainly due to the huge electricity costs associated with running mining hardware. Imagine then, if there was some way of mining on someone else’s machine without them knowing?
Unfortunately, there is – it’s called ‘cryptojacking.’ A new cybersecurity threat, cryptojacking, uses the victim’s processing power to imperceptibly mine cryptocurrency. This can be through software-based mining malware, or even through website scripts. The ESET Cybersecurity Trends Report 2019, reports that cybercriminals made off with an estimated $2.5 billion in the first half of 2018, and this threat could get worse during 2019.
Increased Focus on Data Privacy and GDPR
Data privacy has been a huge focus in the last two years, ushering in wide antitrust movements following breaches such as Facebook’s Cambridge Analytica scandal, and numerous cybercrime-related breaches. In Europe, this has culminated in strict GDPR rules being enforced to protect user data.
The U.S. hasn’t followed suit – yet. Sean Atkinson, Chief Information Security Officer for the Center for Internet Security, predicts that 2019 will be a year where greater accountability for data breaches will be at the front of lawmakers agenda, with the U.S. potentially following Europe’s lead on GDPR type regulation. But even with that in place, we always recommend using a good vpn service.
Cloud Computing Security
Over 50% of 786 business respondents who used cloud computing regularly, agreed that security risks were ‘somewhat of a challenge’ to their business processes, a report in January 2019 found. The compromise of cloud computing is on the rise, and with the average large company using 923 cloud-based services, this could be a serious problem.
Among the largest risks are loss and theft of intellectual property stored in the cloud, cloud services being used as a vector for data exfiltration, and malware delivery. Also, a real danger is employees uploading sensitive commercial data to the cloud, leaving the company with their access rights intact, and then using this data at a competitor firm – giving a new edge to corporate espionage.
Bypassing 2FA Authentication
Hot off the press last month is news that the FBI is now warning users that two-factor authentication, or 2FA, is not as secure as they think. In a press release on the 17th September 2019, FBI cyber division experts warned that attackers are using social engineering to trick users into bypassing 2FA.
By tricking users into opening phishing emails as we’ve discussed above, hackers can lift access tokens for legitimate websites. The FBI press-release cites one incident earlier this year where hackers gained access to a US banking service. Attackers logged in with stolen credentials and used a manipulated 2FA string to gain access and transfer funds from a victim’s account.
Formjacking Is Increasing
Formjacking occurs when attackers use HTML code to take over certain sections of a website, usually at the point where users are entering identity and payment credentials into a form, such as an e-commerce checkout.
Cybersecurity giant Symantec reported that an average of 4,800 websites are compromised through formjacking each month. The number of formjacking attacks increased dramatically towards the end of 2018, in which Symantec researchers correlated with a drop in the value of cryptocurrencies. Security experts believed that attackers previously using cryptojacking attacks instead turned to formjacking to make more profit.
Google Project Zero Regularly ‘zeroes’ in on New Threats
Let’s end our list on a positive note. For all the malicious attacks which take place, there are plenty of benevolent ‘white hat hackers’ who are working to fix and prevent attacks compromising our computing systems.
Google Project Zero was established in 2014 to prevent hackers from exploiting vulnerabilities on the same day or soon after they are found – something known as ‘zero-day attacks.’ Remember, we discussed how antivirus software doesn’t have signatures for viruses and malware which have never been seen before? These are a great example of zero-day attacks.
In an update shared in May 2019, computer security expert Ben Hawkes shared how new exploits ‘in the wild’ are discovered every 17 days on average. Most software vendors or computing engineers will take around 15 days to patch vulnerabilities being exploited by attackers.
The good news is that researchers at Google are tracking these exploits, to help understand how attackers behave in real-world situations and discover what their capabilities are. By building databases of these exploits, cybersecurity experts can build more advanced tools to stop attackers before they strike – and the more they find, the safer our cybersecurity landscape in 2020 will be.