Information security remains an imperative concern for businesses worldwide. In fact, global investments in defensive hardware and software are expected to reach $96 billion by the conclusion of 2018, according to analysts at Gartner. Despite this high level of dedication to protecting customer, employee and enterprise data, most organizations are still fighting an uphill battle when it comes to fending off cybercriminals. Why? The threat environment continues to evolve, keeping internal information technology teams and the third parties with which they collaborate on their collective toes at all times.
Hackers executed more than 53,000 attacks in 2017, according to research from Verizon Wireless. These strikes ranged from simple web application intrusions to complicated online espionage campaigns. However, these and other attack methods have already lost relevance, with cybercriminals moving onto more impactful schemes. Here are some of the more recent threats IT teams and information security specialists have had to address:
Cryptojacking and currency theft
Digital tender such as bitcoin continues to grow in popularity. For instance, the online wallet provider Coinbase boasts more than 20 million users and oversees an estimated $100 billion in assets. This is, of course, just one organization. As more consumers embrace cryptocurrency and larger numbers of businesses accept it, services centered on this potentially transformative innovation multiply. Unfortunately, a host of new digital dangers have accompanied this sea change. For example, hackers managed to steal more than $1.2 billion in bitcoin, the most popular cryptocurrency, between January 2017 and May 2018, according to research from the Anti-Phishing Working Group covered in Reuters. This is a major concern for the countless businesses worldwide that accept the currency or are developing their own cryptocurrency payment networks. However, organizations directly participating in this expanding online economy are not the only ones that stand to suffer.
Many cybercriminals are running cryptojacking rackets. These illicit online campaigns entail surreptitiously hijacking large numbers of computers connected to the internet and then using their combined processing power to illegally mine cryptocurrency. This technique requires little effort or skill. Hackers simply embed short cryptojacking scripts within the pages of public-facing websites. The devices of visitors who view infected pages are immediately integrated into mining efforts. Most victims do not use cryptocurrency – their computers just happen to be available for use in illegal mining schemes.
Instances of cryptojacking increased 8,500 percent last year alone, analysts for Symantec found. This activity is likely to continue as cryptocurrency increases in popularity. How can businesses protect themselves from hackers looking to purloin their computing power for currency mining efforts? Integrating the subject into existing data security awareness programs is the first step, according to the International Data Group. Additionally, the organization suggests installing advertisement-blocking and anti-cryptojacking browser extensions. These tools can detect and repel nefarious scripts hidden in online ads and web pages.
"Instances of cryptojacking increased 8,500 percent in 2018."
Evolving ransomware
Enterprises of all sizes have been forced to reckon with ransomware in recent years. However, usage rates for this unique malware plummeted in 2017, ZDNet reported. Major data security groups such as Kaspersky and McAfee Labs registered significant drops in ransomware activity. Hackers, it seemed, had turned their attention to less involved methods with higher return on investment. While there is truth to this speculation, ransomware continues to pose a serious threat to businesses, especially the more evolved iterations that have seen action over the first two quarters of 2018.
In March, cybercriminals locked Atlanta municipal administrators out of their computers and demanded $52,000 in Bitcoin to return access. Whether the city paid the ransom is unclear, as the perpetrators took down the payment portal before officials could respond. However, what is certain is that attack racked up breach mitigation expenses of more than $2.5 million. The cybersecurity fiasco also called attention to the SamSam ransomware variant, a sort of targeted attack vector that singles out entities with particularly vulnerable back-end systems. SamSam and its cousin GandCrab represent a new generation of sophisticated small-scale ransomware. While these programs require more human intervention and therefore cannot be used in wide-ranging attacks, they create great disruption when used in a focused manner, as seen in the most recent strike in Atlanta. Organizations should be prepared to face these threats via intrusion prevention software, stringent email and sandbox control, employee education and infection isolation practices, according to researchers at IDG.
The artificial intelligence threat
Technologists have ordained artificial intelligence the revolutionary enterprise innovation. For this reason, businesses across the globe are investing billions in AI-infused software, intending to automate and optimize their workflows and workforces. However, this technology can also be deployed in decidedly nefarious ways. Cybercriminals are taking advantage of this possibility and rolling out AI-based attack vectors designed to disrupt business operations and pilfer personal information. For example, many have embraced a practice called spear phishing, which involves using machine learning to craft false instant messages or emails that lead users to install data-harvesting malware, MIT Technology Review reported. Others are leveraging more sophisticated AI-centered threats, including programs that bypass advanced malware-detection applications.
These methods have data security experts worried, according to research from Webroot. More than 90 percent of these technical specialists believe hackers will soon start deploying mature malware variants with AI software at their cores. That said, the same survey showed that many businesses are preparing for this onslaught. How? By adopting AI of their own. An estimated 87 percent of the data security workers who spoke with Webroot attested to managing AI-centered defensive tools, while 97 percent said their respective organizations intended to increase spending on such solutions over the next three years.
State-sponsored hacking
Cyber warfare is a common topic of conversation among national security experts. However, the issue is quickly becoming a significant concern for all parties, including private businesses. Nation-states or independent groups involved with these entities participated in 12 percent of attacks in 2017, Verizon Wireless discovered. That figure is expected to rise over the foreseeable future due to increased global political destabilization, IDG reported. This is an immense problem for enterprises, as well-resourced hackers take the lead on these efforts, leveraging cutting-edge techniques and considerable financial incentive to unleash chaos or steal key trade secrets.
When it comes to stopping these strikes, there are relatively few options. Aside from training employees how to spot common attack patterns, there are few specific steps businesses can take to completely protect their assets from state-sponsored infiltrators. That said, as with any of the threats discussed above, organizations can lay the groundwork for secure online operations by adopting industry-agnostic best practices and securing their core applications and systems. While over-the-top data security software and services can make a considerable impact, internal IT teams should consider taking a more detailed approach by reassessing their mission-critical IT tools from the ground up. Businesses that execute reviews of this kind and pinpoint issues can then embark on IT modernization to fill glaring gaps in security. The Inventu Corporation can help with such efforts.
Our innovative Flynet Viewer simplifies screen integration, easing the IT modernization process while meeting employer and staff expectations in a way that feels both familiar and simple. Review our product page to learn more about the Inventu Flynet Viewer and the other solutions in our extensive portfolio.
