If you’d asked any cybersecurity professional around this time last year what the greatest threat to cybersecurity was, they’d have undoubtedly said ransomware. Now worth over a billion dollars a year (and rising), with attacks like WannaCry and Petya/NotPetya wreaking havoc, every expert worth their salt was planning ways to stay ahead of the hackers.
But you know what? Things move pretty quickly in the cybercrime space. Hackers are inventive, ingenious and destructive, always coming up with new ways of pushing boundaries. Ransomware was so last year. While no one will deny it’s still a (massive) problem, other types of cybercrime are beginning to spread like the bubonic plague.
Check out the top five threats keeping cybersecurity professionals up at night right now.
Spiking by a massive 1,189% in Q1 of 2018, cryptojacking propelled its way past ransomware as the number one nuisance on the block. According to CSO Magazine, what makes this form of cybercrime so “interesting” is that it blurs the ethical line between everyday internet users and criminals.
In fact, some sites like The Pirate Bay are even using it to replace advertising and earn income. How? As long as you have their site open in your browser, they temporarily hijack your device and borrow your computational power to mine cryptocurrency. As soon as you close your browser, the crypto miner goes away. In other, more serious cases, it infiltrates your system and downloads just like malware.
Since cryptojacking overtakes devices and forces them to mine cryptocurrency, it burns through a lot of CPU cycles. But, unlike DDoS attacks, you won’t see disastrous downtime or funds siphoned off into a criminal’s account. You just get servers pushed to the max mining Monero.
Cryptojacking is more of an irritation than a serious disease. It’s like trying to swat a persistent fly in the outback. In fact, according to Matt Downing, Principal Analyst at Alert Logic, the most worrying thing about cryptojacking isn’t really the cryptojacking itself – it’s the fact that you got cryptojacked.
This highlights a “vulnerability in your system,” meaning that something worse could just as easily have hacked its way in.
Yes, ransomware is still high up on the list, as this vicious form of cybercrime overtakes systems and locks down computer files with strong encryption. And most businesses end up paying the ransom to get their data back (especially when it isn’t backed up).
According to Peter Tran, Head of Global Cyber Defense & Security Strategy at Worldpay, data manipulation or destruction in the form of ransomware is often the most disruptive and can take out critical infrastructures including healthcare, financial services, and supply chains.
“This is a critical threat as we move toward pervasive hyper-converged mobile, cloud and IoT-based data infrastructures. There’s much more at stake now with modern IT,” he warns.
3. Data Breaches
The very word “Equifax” sends a shiver down the spines of cybersecurity professionals, especially if the companies they work for hold sensitive data. In fact, according to research by Norton, 54 percent of US consumers report having had some personal information involved in a breach.
What’s particularly worrying about this is that the data may be sold in stolen data marketplaces on the dark web. Not only do hackers stand to make high profits from this, but they can also gather extra social information they need to hack into more accounts.
2. Micro Breaches
Oftentimes, cybercrime is aggressive and makes a lot of noise, but this is not the case with what Tran calls “low and slow attacks.” In a type of “micro breach” situation, access is gained slowly and quietly over a period of time by subverting traditional detection methods.
He says, “Lack of visibility or ‘flying blind’ puts security professionals in a constant position of disadvantage… you can’t defend against what you can’t see or detect… that leads to a lot of sleepless nights!”
1. Internet of Things (IoT) Hacking
By 2020 it is estimated there will be over 20 billion connected IoT devices worldwide. This means the amount of attack vectors significantly increases. “This increases their chances of a successful breach into much larger systems that utilize IoT as their main infrastructure,” Tran advises.
Great. So a bunch of medical devices on the blink and cars crashing into each other?
“Think about it like a hub and spokes on a bicycle wheel,” he explains, “where the hub represents a single IoT device and the spokes all lead to other access points… then multiply that by 20 billion… It’s a lot to monitor for security professionals and certainly will have security pros sleep with one eye open.”
You may have noticed that phishing, cyberstalking, weaponization of AI, and other serious cybercrimes didn’t make the list. There are plenty of other forms of criminality on the web taking place which are keeping our dear friends in the IT department from getting a restful night’s sleep. But, right now, these are the top five on most security professionals’ lists.