What Are Your Biggest Online Threats in 2020?

Cyberthreats will be coming at you – and any person or organization with whom you have an online relationship – with increasing speed and sophistication. For some, it might feel like you’re living inside an online fantasy game, but it’s real life. Here’s what to look for.

Phishing and Social Engineering

There’s nothing new about phishing, where cybercriminals try to obtain sensitive information, like passwords or financial information, usually by using links in emails to install malware to breach your system. Non-profits have been major targets because they don’t have alert systems built into network infrastructures, but any business, governmental organization or individual can be hit. We’ve discussed the need to be highly aware of what you’re clicking and to exercise extreme caution. As an individual user, you have control.

At businesses, it’s a bigger chore to combat phishing. Attacks enable hackers to steal user logins, credit card credentials and other types of personal financial information, as well as gain access to private databases.

Going hand-in-hand with phishing is social engineering, which can cover a multitude of attacks such as disinformation and deep fakes spread by social media. We see this as one of the biggest threats you face this year.

Social media makes it easier to spread disinformation faster than anyone can send out the facts to repudiate fakery or misrepresentation. Deep fakes relate to fake images and videos being created by deep learning techniques. We’ve seen them in the political arena and can expect more them to be leveraged as a tool to attempt to discredit candidates and push inaccurate political messages to voters via social media. We’ll also see them in ransomware, showing targets realistic videos of themselves in compromising situations. We’ll also see more spoofing in business email with deep fakes used to add a further degree of realism to the request to transfer money.

Ransomware

Ransomware attacks cost billions of dollars every year, as hackers literally kidnap an individual or organization’s databases and hold all of the information for ransom. The rise of cryptocurrencies such as Bitcoin spurred ransomware attacks by allowing ransom demands to be paid anonymously. As companies build stronger defenses against ransomware, some experts believe hackers will increasingly target other potentially profitable ransomware victims such as high-net-worth individuals.

Third-Party Vulnerabilities (IoT, Cloud, Supply Chain)

This is a tough threat to ward off because you have some control over your vulnerabilities but not all of them. With the Internet of Things (IoT), you have control. Make sure that you change every default username and password for every device you connect to your network and have a strong network password and firewall. I have little sympathy for people whose systems are hacked because they didn’t take the proper setup steps to prevent invasion.

The cloud is as safe as you can get, especially with large, reputable service providers. They have the resources to deploy the most advanced security measures and multiple services to protect your data. Our advice here is to use a top-rated cloud service provider and make sure you have protected your network, just you would to maintain IoT security.

The supply chain is tough. With so many companies using the internet to fulfill product orders, manage vendors and customers and provide financial services, each one of them can rely on hundreds of vendors. You rely on all of them to keep your data safe, and that can make any one of them the weakest link in your security. Your best defense is to take every security precaution you can, such as keeping your software and hardware up to date, using common sense on what you click, and letting others know when you have concerns about their security.

Internal Attacks

We have only begun to see the impact insiders can have on organizations as well as national and global security. While the news focuses on dangerous insiders exfiltrating data to foreign governments and terrorist organizations, you need to focus on your business – and your business partners. In all likelihood, your biggest threats will be data theft for monetary purposes – similar to effects of ransomware – or some disruption of your business by a disgruntled or careless employee.

5G’s Unprecedented Data-Theft Speeds

5G cellular technology promises unprecedented speed to make it possible to have more effective infrastructure, autonomous vehicles, faster emergency response and greatly improved telemedicine. It will be almost entirely software-driven; you’ll need hardware capable of handling it. Because it will be software-driven, it will be susceptible to hacks. You’ll need to follow safe internet practices and hope that everyone else does, too. There’s not much you can do technologically in the grand scheme of things, but you can and should demand that large organizations and governments take steps to protect 5G networks.

We can help you make sure you have the knowledge and systems in place to protect your systems from cyberthreats. Contact us by phone – 973-433-6676 – or email to discuss your needs.

Hack Attack Continues vs. Businesses and People

While government-sponsored hacking and disinformation makes big news, don’t take your eye your eye off the ball when it comes to protecting your personal and corporate data. A report from a consulting firm, Positive Technologies, painted a dark, dark picture, saying the second quarter of 2018 showed a 47 percent increase over 2017. You need to remain vigilant, even when events are beyond your control. Nobody is immune.

As reported in Tech Republic, Positive Technologies said the most common methods of cyberattack are:

  • Malware (49%), with spyware or remote administration malware being the most widely used forms of infection.
  • Social engineering (25%) is the term for manipulating users into believing a message, link, or attachment is from a trusted source, and then infecting targeted systems with malware, stealing money, or accessing confidential information.
  • Hacking (21%) exploits vulnerabilities in software and hardware, causing the most damage to governments, banks, and cryptocurrency platforms.
  • Credential compromise (19%) targets password managers used for storing and keeping track of passwords.
  • Web attacks (18%) are online racketeering attempts to extort website operators for profit, sometimes by threatening to steal client databases or shut down the website.
  • DDoS (5%) tends to be the weapon of choice for business rivals, disgruntled clients, and hacktivists. Political events can drive attacks on government institutions. Criminals can use DDoS attacks to take websites offline and demand payment from the victims.

Attacks can be made in tandem, such as the common duo of using phishing emails to trick users into downloading malware.

Financial and healthcare institutions, retailers, and government databases remain prime targets, but higher education institutions and even school districts are being attacked. Wired reports that this past March, the Department of Justice indicted nine Iranian hackers in alleged attacks on 144 US universities and 176 in 21 other countries. They were also cited for attacking 47 private companies.

Hackers are homing in on the money. Positive Technologies said targeted attacks are outnumbering mass campaigns, with attacks directed at companies and their clients, as well as cryptocurrency exchanges. Data theft is driving an increasing number of attacks, with many criminals seeking personal data (30%), credentials (22%), and payment card information (15%). To steal this data, hackers are compromising online platforms, including e-commerce websites, online ticketing systems, and hotel booking sites.

The scary part for us is the report you can never be sure that criminals don’t have your credit card number from one source or another. Even a brand-new smartphone in a store can have pre-installed malware.

People and businesses can take steps to keep their data safe by installing updates for operating systems and application software and installing antivirus protection on all systems and endpoints and keeping it up to date.

Businesses can encrypt all sensitive information, perform regular backups, minimize the privileges of users and services as much as possible, and use two-factor authentication. Enforcing a password policy with strict length and complexity requirements, and requiring password changes every 90 days, can also help protect systems.

We offer security audits for businesses, and we can answer any questions individuals have about protecting themselves from cyberattacks. Call us – 973-433-6676 – or email us to set up an appointment.