For the first time since 2013, ransomware attacks actually declined 20% overall last year, according to Symantec. But that doesn’t mean there are fewer cybercrime attempts. On the contrary, more cyberattacks are being launched than ever before.
As various antivirus software and network security experts make strides in thwarting ransomware, hackers look for new or more sophisticated ways to carry out their attacks. Here are those that will shape 2019 and beyond.
1. IoT Devices
IoT devices touch nearly every part of our lives, both at home, at the office and on-the-go with smartphone applications. Practically every device is vulnerable, including seemingly “innocent” products such as smart thermostats or remote-controlled LED Christmas lights.
Making up 90% of infected devices, however, are routers and connected cameras. Hackers attempt to intercept and steal transmitted data to sell on the dark web, or simply destroy devices just because they can. Companies that leverage industrial IoT devices which can control entire operational systems need to be extra vigilant to mitigate the risks of a cyber attack that could temporarily halt operations and cost them millions in damages.
A lucrative attack for hackers involves skimming credit card data. Known as formjacking, retailers’ websites are infiltrated and loaded with malicious code. From there, hackers can easily steal the credit card information of shoppers.
More than 4,800 websites are estimated to be compromised each month, with both large and small retailers being targeted, according to the 2019 Internet Security Threat Report. It’s reported that Symantec blocked more than 3.7 million formjacking attacks in 2018. Even so, successful formhacking breaches resulted in tens of millions of dollars in losses.
By stealing just 10 credit cards per website, cyber criminals earn up to $2.2 million per month via formjacking attacks.
3. Social Media
Much has been made about hacking of major social media platforms on a grand scale. However, highly individualized attacks are on the rise, targeting accounts that fail to have proper security filters and exploiting information that is readily available to the public. Cyber crooks seek out profiles to learn about people’s habits, likes, dislikes, political leanings or other interests and develop customized phishing attacks that lure them into clicking on content that they find nearly irresistible.
As an example, if someone publicly posts that they’re attending a conference or vacationing at a certain resort, hackers could use that information to develop personalized phishing campaigns with specific details associated with their activities, making the scam appear more credible and trustworthy.
4. AI Powered Malware
Artificial intelligence (AI) and cognitive computing are changing the way we do business. Whether it’s autonomous vehicles making deliveries or chatbots answering customer service inquiries, AI is poised to revolutionize work as we know it. It’s expected to revolutionize the way hackers do business as well.
With AI, hackers can train programs to tailor their attacks and execute them at warp speed. In the same way that AI can “learn” to optimize your business processes by tracking how humans execute certain tasks and improving over time, hackers can leverage these same capabilities to further their nefarious activities.
5. Hacking “As-a-Service”
With the rise of the Cloud, companies are increasingly moving toward an “as-a-service” (aaS) model to help them conduct business so they can focus on their core missions and critical functions. Rather than handle certain tasks internally, these companies rely on third-party organizations to oversee everything from financial transactions to HR to communications and more. Software-as-a-Service (SaaS) is among the most common models, allowing businesses to subscribe to online platforms and software’s to use as needed rather than purchase them outright.
Believe it or not, wanna-be cybercriminals who may lack the skills to orchestrate their own attacks can subscribe to malware-as-a-service or phishing-as-a-service to carry out their crimes. These services provide hackers with everything they need to get started. Modeled after other aaS companies, they provide training, collaboration tools and may even have their own customer service departments. Though cybercriminals who use aaS may lack the skills of more sophisticated hackers, with the right tools in hand, their efforts to infiltrate systems shouldn’t be underestimated.
Thankfully, there also are aaS services that can help you stay one step ahead of cyber thieves. Outsourcing your security and IT functions to a Managed IT service can equip you with state-of-the-art antivirus capabilities and a team of cybersecurity experts who will assess your systems and help you mitigate the risks.
There’s so much more to know about securing your networks, so check out our Cybersecurity Handbook. Then, contact Avalon Systems to talk through your security concerns and develop a strategic approach to protecting your systems.