As we transition into the last quarter of the year, let’s review what has happened over the past nine months and cover some of the latest cybersecurity trends!
Some of the cyber issues that occurred this year are the PyeongChang Olympic Hacking issue, Web solution vulnerability attack targeting Korean websites, MS Spector vulnerability exposure, Gandcrab ransomware threats, Cryptocurrency exchange website’s coin leakage, cryptocurrency mining factory data breach and Supply chain attacks. Whether you are a business owner or an employee of the company, every individual should have sufficient knowledge on the types of cyber threats that could potentially happen in an SME setting. That’s why we prepared this!
Based on the above listed cybersecurity issues, we should be able to get the gist of what the latest cyber attack trends are. Most of these attacks surround targeting the weakness of account management processes to gain financial profit. Making various malicious codes and enticing users to get infected is probably a well-known method by now. Besides this common tactic, attacks also occur by extorting user information with sophisticated intellectual methods, through the bypassing of security systems. Ransomware, Supply Chain Attacks, Geopolitical Vulnerabilities, and New business industry hacking, have been on the rise, becoming the most prevalent security threats of late 2018.
While many businesses and individual users understand that ransomware is not a new cyber threat, it has been evolving into a more sophisticated form of cyber attack. Advancements in technology have supported the creation of newer pieces of ransomware that can be deployed by such Advanced Persistent Threat (APT) actors against specific victims for specific gains. This is especially true as the world is drawn closer with technology, and war without borders is an increasing reality. This means that newer cyber attacks involving ransomware can be used as a diversion towards a larger and more sophisticated APT, like a state-sponsored cyber warfare unit or hacktivist group.
There was a case in which a famous web-page construction company named I-Web, got infected. As their server was attacked with ransomware, many web pages built by I-web got affected as well. They then received a blackmail asking for 100,000 USD worth of coins in order to recover their damage.
2. Supply Chain Attack
Supply Chain Attack is widely expanding its targets and becoming increasingly enhanced over time. According to the security firm Hauri, Supply Chain Attack is considered to be one of the major cyber threats of 2018 as it is possible to cause tremendous repercussions with bulky malicious code via SW development systems. This attack mainly targets the medical, financial and electronic industries, commonly resulting in the huge financial loss.
3. Geopolitical Vulnerabilities
Cyber threats related to geopolitical issues are another highly ranked, up and coming, cyber trend. Kevin Mandia, CEO of FireEye, mentioned in his interview with CNBC that all “cyber attacks are related to geopolitical conditions”. According to FireEye, over 80 percent of the 600 breaches managed were state-condoned. This meant that the heads of these specific organizations or states were well aware that these attacks were ongoing, and yet they did not give any pressure or consequences to these criminals. In the report from the Ministry of Unification in Korea, there were 3,546 cyber attacks targeting the NK-SK unity foundation from 2014 to March 2018. The total number of IP addresses used in this hacking trial were approximately 1,670 with half of these addresses belonging to China.
4. New business industry hacking
Cyber threats on the new Information and Communications Technology (ICT) environment is becoming a real issue. The ICT convergence industry which comprises smart cars, smart medical, and smart homes, are conspicuously constructed on the misconfigured botnet with exposed vulnerabilities. Just as the ICT convergence industry is closely connected to the remote control of a connected car, such abuse of cardiac pacemakers’ vulnerabilities or smart home devices can cause a data breach or direct financial loss. The security of IoT devices were clearly not a priority during the stages of development. However, as more people integrate such smart devices into their everyday life, enhanced security of these devices is absolutely mandatory. Cyber threats on the cryptocurrency industry in particular, are no longer a new thing. These attacks combined with ransomware and APT attacks, and becoming much more sophisticated these days.
Whether or not you run a small business or large enterprise, it is imperative for the organization to be fully aware of potential cyber attacks and implement preventive cyber strategies, especially amongst high-level security management. If you fall within the C-level of your company, you should be mindful to execute continuous works on cyber threats monitoring, malicious URL detection, blocking distribution and gathering, and analyzing threat intelligence.