Nothing remains static within the world of technology, and cybersecurity is no different. All around the world, developers and engineers at tech companies – or in IT and information security departments of other businesses – continually work on methods to safeguard valuable personal, financial and professional data. Methods such as encryption, multi-step verification and others have been implemented to protect vulnerable systems.
The problem, however, is that while they think they draw a bead on cyber criminals by researching past and present crimes and attempt to act preemptively – and sometimes they do so, successfully – the opposite also occurs. Malicious actors on the web closely monitor cybersecurity trends and react to them by reshaping viruses, exploits and other attack methods to subvert safety nets. Thus, there always arise instances in which attackers seize the advantage and their opponents appear to have brought a knife to a gunfight, figuratively speaking.
Consider how devastating the most high-profile hacks and breaches were during the past several years: Target, WannaCry, the distributed denial of service operation conducted against Amazon and PayPal servers. Remember how few people anticipated them or thought that they would occur on such a scale. This reminder isn’t meant to suggest any hopelessness of the situation, but rather to stress the importance of following worldwide cyber crime trends. Those considering IT and infosec careers should begin researching these topics in advance of seeking a degree, thus better preparing themselves for formal instruction.
Ransomware on the rise worldwide
A data infographic compiled by cybersecurity solutions firm RSA noted that 1 in every 20 malware attacks around the globe involves the use of ransomware. Moreover, most of its victims pay about $300 to escape the system interference involved in each hack, though some criminals will charge thousands more. The biggest hazard is that deploying ransomware on a multinational scale is fairly simple, as WannaCry showed us. BBC News reported that on the attack’s first day – May 12, 2017 – 75,000 computers in 99 countries took hits from the ransomware. Final impact estimates edged closer to 200,000 computers belonging to people in more than 150 nations.
Nearly all ransomware perpetrators demand payment in Bitcoin, which uses blockchain encryption to prevent intrusion and tracking, as Europol identified in its 2016 Internet Organized Crime Threat Assessment report. This undeniably contributes to the attack method’s popularity. The method first came to global attention in 2013, when hackers unleashed the Cryptowall exploit throughout Europe and victims had their systems remotely seized until they submitted Bitcoin payments through Tor servers.
Bill Conner, CEO of cybersecurity firm SonicWall, wrote in Total Retail that ransomware increased massively in popularity of late – from 4 million detected attacks in 2015 to 500 million in 2016. This indicates a reasonable chance that even more hackers plan to deploy this type of malware.
Attacking the internet of things
The interconnected advantages and accessibility involved in the internet of things meant that cyber criminals would likely be interested in ways to compromise this channel and sure enough, that’s exactly what happened.
As noted by Tech Republic, the more items in a person’s household that are remotely controlled using IoT methods – security, vehicles, range stoves, and thermostats, to name a few – the greater the risk. Businesses have even more to lose from IoT-centric malware attacks than individuals, especially if they use these solutions for functions like building security or any number of back-end processes. But the opposite approach – using legacy systems to manage business operations or utilities, for example – can be just as flawed and unsafe.
The damages of Distributed denial-of-service (DDoS)
According to Wired, the Mirai botnet-assisted malware that battered Amazon, PayPal, Reddit and Dyn – the latter a firm providing server backup for massive swaths of the world’s internet – with service outages possessed sophisticated coding that allowed for easy updates as hackers passed it among themselves. This function effectively circumvented many malware countermeasures.
DDoS attackers once focused largely on governments and financial institutions, but Total Retail reported that in light of the Mirai hack, businesses throughout the entire private sector should consider the potential for this threat. Upon putting DDoS in place, black-hat hackers can plunder an organization’s databases with aplomb and sell corporate secrets or employee information on the black market, or simply hold the network hostage like a ransomware attack.
Preparation for proper security
Total Retail recommended organizations use security solutions that allow for analytics-based threat identification and assessment in tandem with intrusion-prevention firewalls. Penetration testing – deliberately intruding on a network to find its weak points – can also be of great help in determining cybersecurity strategies. Finally, constantly refreshing individual and institution knowledge of cyber threats to ensure a position on – if not always ahead of – the curve is vital.