Top 10 Cybersecurity Threats
15.09.2022
Back to blog listTop 10 Cybersecurity Threats
Information security threats have existed as long as the IT sphere itself. Nevertheless, plenty of new risks continue to originate permanently. Recently, we’ve witnessed a dramatic increase in the amount of numerous attacks, data leaks and other incidents. Hence, we’ve decided to provide an overview of top 10 cybersecurity threats this year.
1. Phishing
The main aim of a phishing attack is the following – with the help of specifically designed email sent trick people into clicking on a link or a file, attached to the email. Intruders may be motivated by various prerequisites. Among most popular are the following ones:
• intention to install malware on the mail recipient's device
• trick victim into revealing sensitive data, such as login credentials.
Indisputably, phishing is an ever-lasting threat that’s impossible to ignore.
The important recent trend.
During the current Corona pandemic, people quite often stayed at home due to restrictions. Many are also working from home in so called “home offices”. The fact, that plenty of organizations and companies around the Globe have implemented remote way of work during restrictions period and currently adhere to hybrid way of work has caused numerous security issues.
Of course, cybercriminals took advantage of this situation. For instance, they organized COVID-19-related phishing attacks, when lured their victims to websites with purported information about the Corona virus. Quite often, these sites exploited user's system resources to mine cryptocurrencies like Bitcoin – of course, without user's consent.
2. Ransomware
Not only companies’ employees, but cybercriminals too are economically motivated. They are willing to gain maximum outcome and at the same time spend as little effort as possible. This is why ransomware is so popular. With the help of the extortion malware, attackers encrypt files on users’ computers and then demand victims to pay a ransom to get the decryption keys. The step change in the popularity of cryptocurrencies, such as Bitcoin, has certainly motivated ransomware attacks, as their usage helps malicious actors to remain anonymous when ransom is paid. For instance, the Cyrat ransomware was disguised as software for corrupted DLL files repairing. In fact, it encrypted parts of the system while executed. It seems that ransomware attacks will become more sophisticated further. For instance, a dynamic approach, which is similar to progressive scale may be implemented – ransomware may be set according to the environment it’s executed in. For instance, ransom, aimed at Mac device users may be higher, than the one, targeted at Windows users, as Macs are often more expensive than Windows operated PCs.
3. Polyglot files - just a .JPG, right?
Polyglot files aren’t so widely discussed, so let’s disclose some of their malicious peculiarities. Such files combine files of different types. Thus, a file can be opened as an image or be executed in the browser like a JavaScript. This method is already used by criminals in advertising scams. But this is just the beginning and the danger is increasing, because specialized services could offer the creation of such files for a payment. Then even people who have no programming skills themselves can use such type of malware. What's more, polyglot malware is not limited to the web. In one case, a malicious JAR file was attached to the end of a Windows installation (.MSI) file. Security solutions that rely on Microsoft Windows code signing validation can be bypassed with this.
4. IoT Attacks – ongoing trend in information security
The Internet of Things (IoT) segment is growing permanently. Some forecasts predict that by 2025 more than 75 billion IoT devices will be operated, which results in a threefold increase from 2019. Indisputable, connected devices make our life more convenient in some ways. It maybe cool to wake up with your coffee already made because your alarm clock is connected to your coffee maker. But there is a tricky moment as well: if IoT devices aren’t properly secured, cybercriminals can exploit a vulnerability and attack users via their devices.
5. Social engineering methods and cryptocurrencies
When performing a social engineering attack, intruders focus not only on the technology itself. Vice versa, this method is focused primarily on human beings. A prominent example is phishing. Social engineering, which main aim is to collect sensitive information about victims, may be implemented in numerous ways - via an email, social networks, during a phone call or even a face-to-face conversation. Another example is SIM swapping. In this type of attack, criminals gain access to the victim's SIM card. With the help of advanced social engineering methods implementation, perpetrators trick a mobile network provider into believing that they, and not the user, are the real customers. If they succeed, criminals gain control over the SIM card and, thus, can receive text messages and phone calls. This method is also used in order to gain access to social media accounts or cryptocurrency wallets. Social engineering can also rely purely on the social aspect. The service employee who rings your doorbell without an agreed appointment to fix their poor Wi-Fi network may not be who you think they are. Companies usually make appointments with clients in advance. It’s usually wise to decline such spontaneous appointments.
6. Malvertising in your Facebook feed
Malvertising stands for malicious advertising. In other words, this technique is used for illegal malware spreading through legal advertising channels and ads. This is often implemented the following way: malicious code snippets are inserted in banners or other advertisements. These ads, containing malware are placed on many websites that use the ad network with the intention of generating profit from them. As a rule, websites rarely have control over the displayed ads. The ad network operator must respond to this problem.
For instance, let’s note a recent malvertising campaign, performed by the ScamClub group, which targets the Safari browser. This campaign exploits a privilege escalation vulnerability known as CVE-2021-1801. Threat actors may gain unauthorized access to affected systems. Another example is connected with Facebook. Facebook ads were used in a malvertising campaign spreading the Mispadu banking Trojan. The ads showed fake coupons for McDonalds. After clicking on the ad, an archive that contained the malicious code was downloaded.
7. Identity theft in COVID-19 times.
In the U.S. alone, the number of identity thefts doubled in 2020, in comparison with 2019, according to thr Federal Trade Commission (FTC) blog post. The FTC received about 1.4 million reports of identity theft in 2020. Most notably, cybercriminals particularly targeted people financially affected by the COVID-19 pandemic. Cybercriminals abused federal unemployment benefits intended for unemployed people affected by the pandemic. The scammers filled out applications using information, gained from other people. In 2019, there were 12,900 reports of identity theft related to unemployment benefits. In 2020, there were 394,280 cases. That's an over 3,000% increase! The amount of identity theft incidents is expected to grow even more. Especially in turbulent times like we are experiencing now, malicious activity increases even faster. The fact that the main aim is reducing time, spent on market entering by various digital tools, rather than the information security, doesn't give much hope for improvement of the situation.
8. Passwords - knowledge vs. action
Passwords are still a top attack vector for businesses, a study found. According to some surveys, up to 50% of breaches occur due to compromised passwords. A tip: you may refer to “Have I been pwned website” in order to check, whether your data has been affected by an exposed security breach. According to the statistics, approximately 50% of employees use the same pair of login-password on different sources. What’s more, they use corporate accounts credentials for private ones too, which poses additional risks to companies. One more serious related security issue is the passwords’ strength. Quite often, passwords aren’t complicated at all, and consist of a single word, like “password”, name or some easy combination of symbols, like “123456”. What’s especially alarming, is that this statistics true for companies’ CEOs. Such figure is alarming, as attackers can gain access to multiple accounts with a single password, which. It should also be noted, that few people regularly update security software, according to some assessments, only one-third of users do it regularly, despite biggest part of respondents knows, that it’s a very important measure, which shouldn’t be neglected. We also strongly recommend to update security software regularly.
9. Zero-day exploits
Attacks that use zero-day exploits are difficult to combat. As the name suggests, criminals use zero-day exploits to infiltrate systems before they are patched. There are numerous examples of these vulnerabilities’ destructive implementation. For instance, in a cyber attack on Microsoft Exchange servers, they were affected by zero-day exploits. The attackers were able to access mail accounts, steal data and even install malware onto the compromised machines. Zero-day exploits provide criminals with a broad attack spectrum, thus, this issue will remain actual during the current (2022) year and lately as well.
10. Insider threats
The risk, that’s still less known to general public, however, is extremely actual and affects both small businesses and large corporates is the insider threat. The first issue is that in fact any person, who has access to any kind of sensitive data, system infrastructure etc. is a potential insider. Thus, dealing with an insider related risk is quite complicated, but still very crucial task. This thesis is based on statistics – for instance, 57 percent of all database breaches could be attributed to insiders, according to Verizon's 2019 report. In some way, small businesses may be even more endangered, as employees of such companies often have access to more parts of the internal network than large enterprises and corporates’ staff does. However, for large enterprises the consequences of insiders’ malicious acting may be even more destructive, in terms of financial or reputational lose. A good countermeasure against insider threats is to limit an employee's access rights: staff members should have access only to those resources, which are related directly to their job responsibilities. Next, special protective software, such as SIEM, DLP and DCAP systems implementation is required.
In order to obtain more data and statistics on insider threat to you may refer to our article "Important trends in corporate security article."
Deepfakes
And, finally, one of respectively new cybersecurity threat, that is emerging now is related to usage of artificial intelligence (AI), which enables to perform manipulations with images and videos of a person in order to simulate activities, which didn’t actually take place. This issue is known as deepfake. Undoubtedly, many deepfakes are funny and amusing, but on the other hand, they can also pose a serious threat. For instance, deepfakes can be used to fraudulently verify an identity a person, or even create accounts in another person's name or illegally act on behalf of a person. Such cases have already happened, and these were really dangerous situations. The technology has also been used to create fake videos of celebrities in compromising situations. As the technology becomes more sophisticated over the years, it is likely that the same will be true for the quality of deepfakes. As a result, it will become increasingly difficult and will cost a fortune to detect a fake.
