The FBI estimates data breaches and internet crime lead to more than $1.4 billion dollars of losses annually. In fact, organizations are more at risk from security breaches now than ever before. Hackers have evolved. With so much money at stake, organized crime is involved. State actors and international syndicates are on the attack. Organizations need to take proactive steps to implement data breach prevention strategies, secure email, and secure digital fax solutions.
With more work being done in the cloud, cloud computing security challenges have grown.
In 2019, the risk will only increase for businesses that aren’t protected. Here are some of the biggest and emerging threats.
Mobile apps are the hottest target for hackers so far in 2019.
Today’s workforce is more mobile than ever. Employees are using both company-owned and personal devices to access company information. This increases the level of exposure as a breached personal mobile device can infiltrate company networks or expose credentials.
Nearly half of smartphone users have not updated the operating systems on their smartphones. Security patches that have been applied in more current versions can’t protect those that haven’t updated their OS. Several studies have shown that more than half of all apps released have at least one major vulnerability that violates National Institute of Standards and Technology (NIST) recommendations or Open Web Application Security Project (OWASP) Mobile Top 10 critical security risks.
A particularly insidious attack asks mobile users to install updated banking apps which spoof the real ones and captures authentication credentials. Fake apps are plentiful. They appear as normal or brand-name apps but contain malicious code when installed. Some of these have even made into the Google Play app store.
Another tactic is to hide code inside innocent looking game apps. This might launch applications to mine cryptocurrency or generate advertising click fraud in the background that users might not detect.
Phishing attacks are nothing new, but they are still finding their mark. The FBI estimates that BEC (Business Email Compromise) costs business $676 million each year. While both Microsoft Office 365 and Gmail have built-in security features, neither has been effective at shutting down the hackers. Both popular email systems rely primarily on databases of known bad actors. When the bad guys use new (unknown) URLs, randomized URL, or new email addresses, many malicious emails slip through the system.
Z-WASP attacks that insert numbers and characters in the raw html between letters of a word or URL, formatted at zero-width, are unreadable to Office 365’s Advanced Threat Protection. Zero Font attacks insert random character, set to font size zero. This allows brand names to be impersonated. They read normally to email recipients but read differently in the html. The baseStriker Attack hid malicious URLs by breaking them up into two sections using the html <base href> tag.
50 million Facebook users were hacked in 2018. This produced a bonanza of information for cybercriminals skilled in social engineering to use in target phishing emails.
More than 90 percent of data breach reports are traced back to email phishing. Without using a proactive secure email solution and data breach prevention strategies, companies remain at risk from serious attacks.
Malware Attachment Attacks
So-called file-less attacks are on the rise. Instead of putting links to malicious code directly in email, hackers are embedded links in attachments. A link to a SharePoint document or PDF file may be perfectly fine. When you try to open the document, a link to a spoofed credential login site may open or malicious code may be launched.
Ransomware attacks continue to flourish. 39% of cases where malware was launched were identified as some form of ransomware, according to the 2018 Data Breach Investigations Report. Recent victims included the cities of Atlanta, Newark, and San Diego. Hospitals in California, Kansas, North Carolina, Nebraska, Illinois, and Maryland were hit by just two men who extorted more than $6 million and cause $30 million in losses.
Ransomware attacks more than doubled in 2018. Experts believe that will continue in 2019.
IoT (Internet of Things) Attacks
When stolen passwords from security cameras were posted on the Dark Web, several incidents were reported through the country. In Texas, a camera used in a baby’s room was hacked. Parents heard “sexual expletives” in the baby’s room and a man’s voice threatening to kidnap their child. A San Francisco family heard false warnings of an incoming North Korea missile attack from their connected device. An Illinois couple reported a hacker took over the home security system, talked to them, and jacked around their heating system.
As IoT becomes more ingrained in our day to day lives, IoT attacks will increase.
Biometric Data Attacks
Considered by many as the most secure method of authentication, biometric data is already being stolen or alerted. Sensors can be spoofed or manipulated.
When the U.S. Office of Personnel Management and Department of Defense database was breached, biometric data of more than 5.6 million U.S. citizens were stolen. That was in addition to the 21.5 million social security numbers and other personally identifiable information that was exposed.
This has the potential to be extremely serious. A stolen password can be changed. Biometric data is unique to each individual, but you can’t change your fingerprints.
The FBI issued an unprecedented warning in 2018 when it warned consumers and business to reset routers to factory setting and restart them. A sophisticated malware linked to Russia infected hundreds of thousands of internet routers, providing access to computers, networks, passwords, and other confidential information.
Passive Solutions No Longer Work
Passive solutions no longer work. You cannot rely on data breach prevention methods that rely on known attacks or databases of known bad actors. These backward facing solutions only work when a threat has already been discovered. By then, the cybercriminals have likely moved on to new strategies. The only solution is to use active solutions that are constantly scanning for known and new threats.
More than two-thirds of data breaches took months to discover in 2018. In that time, all sorts of bad things can happen. You can’t afford to wait until a breach becomes public to do something. You need to be proactive to protect your organization before a data breach occurs.
The experts at Shield can help. Innovative, active, and pro-active cyber security solutions are simple to use and easy to understand. Contact Shield today to see how we can help.