New Cyber Threats to Prepare for Right Now
Technology significantly simplifies our lives. However, as we increasingly depend on it, the risks it poses to individuals and businesses grow proportionally.
The most significant danger of cyber threats is that they can destroy not only a company’s or an individual’s material resources but can easily impact the functionality and well-being of an individual and an entire country. There are well-known cases where cyber-attacks led to power outages, disruption of telephone networks, medical equipment failures, military technology malfunctions, and paralyzation of entire systems.
The wars of the 21st century differ from their predecessors not only in the type of weaponry but also in the level and scope of cyber-attack application. The first-ever cyber front was officially documented during the Russian-Ukrainian war, arising from the need to protect Ukrainians from Russia’s cunning attacks, including those in cyberspace. If you’re interested, you can read about this in our blog: IT Army is an effective and successful Ukrainian startup
Now, let’s get back to a less global context, the realm of business. Technologies are advancing faster than ever before. The COVID-19 pandemic, along with the transition to online life and the popularity of remote work, has led to a tremendous increase in both the quantity and severity of cybercrimes.
So, we’ll remind you of the current cyber threats and outline the new ones.
7 Ongoing Cyber Threats
1. Vulnerabilities in the Cloud
More and more companies are transitioning to the cloud for remote work and business continuity. Unfortunately, cybercriminals are following the same trend and often target cloud environments.
Cloud security risks, including misconfigurations, incomplete data removal, and vulnerable cloud applications, will continue to be the most prevalent sources of cyberattacks.
To combat these threats, a Zero Trust cloud security architecture is being implemented. Zero Trust systems operate as if the network has already been breached implementing necessary checks at every step and entry point instead of providing continuous access to recognized devices or devices within the network perimeter.
2. Malware
It is still the most common type of cyberattack because it encompasses many subgroups, which we’ll list below. It’s worth noting that mobile devices are no less vulnerable to this type of attack than other computer equipment. Scammers can insert malware into software downloads, mobile websites, or phishing emails and text messages. After a mobile device is compromised, it can provide access to personal information, location data, financial accounts, and more to an intruder.
Here are some methods and tools that belong to this type of cyberattack:
Virus: This malicious software attaches itself to clean files and spreads within a computer system when these files are executed. It can quickly damage or delete data on the device.
Worm: Worms infect entire networks of devices through local networks or the internet. They exploit vulnerabilities in operating systems, spreading their copies from one computer to another without human intervention.
Trojan: Unlike viruses, Trojans do not replicate but can be equally destructive. They disguise themselves as legitimate software but act maliciously once on a device.
Spyware: As the name implies, this type of malware spies on users. It can gather data like user habits, logins, credit card information, and other personal data.
Ransomware: This malicious software locks or encrypts data on the victim’s device and demands a ransom to restore access. Ransom payments are often requested through online payment methods, including virtual currencies like Bitcoin. Ransomware attacks are one of the most common. According to Microsoft, 96.88% of all ransomware infections successfully compromise the target in less than 4 hours. The fastest malware can take control of a company’s system in less than 45 minutes. Statistics show that out of all ransomware victims, 32% pay the ransom, but only 65% of their data is returned.
Phishing: This is a type of cyberattack that uses email, SMS, phone calls, social media, etc., to trick victims into sharing sensitive information such as passwords or account numbers, downloading malicious files, and clicking on links that install viruses on their computers or phones.
Spear Phishing: A more sophisticated form of phishing where the attacker learns about the victim and pretends to be someone the victim knows and trusts.
Malvertising: Cybercriminals inject malicious code into online advertisements or some of their elements, such as ad banners, creative images, or video content. After a website visitor clicks on the ad, the compromised code in the advertisement installs malicious or adware software on the user’s computer.
Scareware: Scareware tricks users into believing their computer is infected with a virus. Typically, users see scareware as a pop-up window warning them about their system being infected. This fear-inducing tactic aims to convince people to install counterfeit antivirus software to remove the “virus.” After downloading fake antivirus software, your computer may become infected with malicious software.
Rootkit: Designed to gain administrative access to a device, once they take hold, they root deep into the system, making them difficult to detect and remove.
Exploit: An exploit is a piece of software or data that intentionally takes advantage of a flaw in an operating system or program to grant unauthorized access. Exploits can be used to install new malicious programs or steal data.
Keylogger: This malicious software records every keystroke made by a user capturing passwords, login credentials, and other personal information.
Botnet: A botnet is a network of compromised devices remotely controlled by a cybercriminal, usually for conducting large-scale attacks or sending spam.
Fileless Malware: Unlike traditional malware that relies on files, fileless malware resides in a computer’s system memory and uses legitimate programs to infect the computer.
3. “Denial of Service” (DoS) and “Distributed Denial of Service” (DDoS) Attacks
These are malicious, targeted attacks that flood a network with erroneous requests to disrupt business operations. During a DoS attack, users are unable to perform normal and necessary tasks, such as accessing email, websites, internet accounts, or other resources controlled by the compromised computer or network. While most DoS attacks do not result in data loss and are typically resolved without a ransom payment, they cost organizations time, money, and other resources to restore critical business operations.
DDoS attacks render online services unavailable by overwhelming them with excessive traffic from multiple places and sources. The response time of a website slows down during a DDoS attack, preventing access. Cybercriminals create large networks of infected computers, known as botnets, by deploying malicious software. A DDoS attack may not be the primary cybercrime; such attacks often distract attention while other types of fraud and cyberattacks occur simultaneously.
4. DNS Tunneling
It is a type of cyberattack that uses requests and responses from the Domain Name System (DNS) to bypass traditional security measures and transmit data and code within a network.
After infection, a hacker can freely execute command and control actions. This tunnel provides the hacker with means to launch malicious software and access data, IP addresses, or other confidential information, encoding it bit by bit within a series of DNS responses.
5. Identification-Based Attacks
Such attacks are extremely difficult to detect. When a user’s real credentials are compromised, and the attacker impersonates the user, it can be challenging to differentiate a typical user’s behavior from a hacker’s using traditional security measures and tools. Some of the most common identification-based attacks include:
Kerberoasting: This post-exploitation attack technique attempts to crack the password of a service account in Active Directory (AD). In this attack, the attacker masks as a service account user (SPN) and requests a ticket containing an encrypted password or Kerberos.
Man-in-the-Middle (MiTM) Attack: This type of cyberattack involves eavesdropping on a conversation between two parties to gather personal data, passwords, or banking credentials. The attacker intercepts incoming messages, filters and steals confidential information, and then returns a different response to the original user, potentially convincing them to take actions like changing login credentials, completing a transaction, or initiating fund transfers.
Pass-the-Hash Attack: In this attack, an attacker steals “hashed” user credentials and uses them to establish a new user session on the same network. The attacker doesn’t need to know or crack the actual password to gain access to the system. Instead, they use a stored version of the password to initiate a new session.
Silver Ticket Attack: This involves a forged authentication ticket, often created when an attacker has stolen a user’s password. The forged service ticket is encrypted and provides access to resources for a specific service targeted in a silver ticket attack.
Credential Stuffing: These attacks rely on the fact that people often reuse the same username and password for multiple accounts. Therefore, having the credentials for one account can provide access to another unrelated account.
Password Spraying: Such attacks involve using a shared password against many accounts in a single application. It can help avoid account lockout mechanisms that may occur when an attacker uses a brute force attack against a single account trying many passwords.
6. Code Injection Attacks
These attacks involve an attacker injecting malicious code into a vulnerable computer or network to alter the course of actions. There are several types of code injection attacks:
SQL Injection leverages vulnerabilities in a system to input malicious SQL commands into a data-handling application. This allows a hacker to extract information from the database. Attackers use SQL injection techniques to alter, steal, or delete data from an app’s database.
Cross-site scripting (XSS) is an attack involving code injection where an attacker inserts malicious code into a legitimate website. The code is then executed as a tainted script in the user’s web browser, allowing the attacker to steal confidential information or impersonate the user. Web forums, bulletin boards, blogs, and other websites that allow user-generated content are particularly susceptible to XSS attacks.
Drive-By Download Attack occurs when a person visits a website and a piece of code gets installed without their consent. It is a common cybercrime method that allows an attacker to install trojans or malicious software or steal information without the person’s knowledge.
7. Internal Threats
Insider threats arise when an individual within an organization mistakenly or intentionally allows access to critical secure networks. That can occur when an employee fails to follow proper information security protocols and clicks on a phishing link or installs malicious software. They may also inadvertently send client data to an insecure third party or provide unauthorized access to a malicious actor.
Internal threats pose a danger to an organization as insiders have direct access to the company’s network, confidential data, intellectual property, and knowledge of business processes, company policies, or other information that can aid in a cyberattack.
NEW CYBER THREATS
All the aforementioned cyber threats are common and relevant, and they won’t be disappearing anytime soon. However, there are several new threats that experts consider most likely on our horizon. Among them are:
AI-Generated Cyberattacks
Artificial intelligence can mimic human behavior, making it difficult to detect and counteract using traditional security measures. AI also has the potential for learning, evolving, and adapting, so it’s only logical to expect the use of well-known but modified cybercrimes.
These attacks might involve AI-based phishing campaigns, where cybercriminals use machine learning algorithms to create highly convincing and personalized phishing emails. Additionally, AI can be used to automate the password-cracking process, significantly increasing the speed and efficiency of brute-force attacks.
To defend against such cyberattacks, experts recommend that companies study and implement advanced security solutions utilizing artificial intelligence and machine learning algorithms. These solutions can analyze massive datasets, identify patterns, and detect anomalies in real time, helping to identify and prevent AI-based attacks. Furthermore, training and educating employees on recognizing and reporting suspicious emails and actions can play a vital role in mitigating the risks associated with these new threats.
Deepfake Technology
This technology employs artificial intelligence to create highly realistic counterfeit videos or audio recordings and is a rapidly evolving cyber threat. Deepfakes can be used to deceive individuals, manipulate public opinion, and even commit fraud.
A particular danger lies in using this technology to mimic high-ranking government officials and public figures (whose voices and images are widely available for training AI models). These technologies are widely employed and will continue to be used in international confrontations.
To combat the risks associated with deepfakes, organizations should prioritize media literacy and employee training on the ability to detect manipulative content and encourage verifying the authenticity of any suspicious media before drawing conclusions and taking action.
Vulnerability of 5G Networks
Today, the world is on the cusp of widespread adoption of 5G communication technology. This new technology will make mobile Internet faster and enable capabilities like remote surgery.
5G is already available in over 30 countries worldwide. Many others are actively preparing for its rollout, allocating and distributing frequencies for this new form of communication and expanding coverage, as the new standard requires a significantly higher number of transmitters.
It is precisely this expansion that creates new security challenges that organizations must be prepared to address. It’s crucial to have a clear understanding of who provides these services, whether this company is on any sanctions lists, or if it was compromised in any way. Security measures also include data transmission encryption, rigorous access control implementation, and regular monitoring of network traffic for any signs of suspicious activity.
The Danger of Quantum Computing
Quantum computing has the potential to revolutionize many fields, including cryptography, optimization, modeling complex systems, and chemical research.
In December 2022, the United States passed the Quantum Readiness for Cybersecurity Act, codifying measures aimed at protecting federal government systems and data from quantum cyberattacks, which many anticipate will occur as quantum computing advances.
In June 2023, the European Policy Centre called for similar actions, urging European officials to prepare for the emergence of quantum cyberattacks, an expected event that has been dubbed “Q-Day.”
According to experts, work on quantum computing may advance sufficiently in the next 5-10 years to reach a point where it can break existing cryptographic algorithms, a capability that could render all digitally protected information, secured by current encryption protocols, vulnerable to cyberattacks. Attackers could use quantum computing or quantum computing in combination with artificial intelligence to develop new threats.
Attacks Through the Internet of Things (IoT)
Global organizations are increasingly using Internet of Things (IoT) devices (various sensors and physical devices connected to the Internet) to accelerate operations, gather more data, remotely control infrastructure, enhance customer service, and more. But what makes IoT technology convenient also makes it vulnerable: enhanced connectivity and convenience come with increased security risks.
IoT opens up a world of vulnerabilities for hackers. A typical smart device is vulnerable to attack within five minutes of being connected to the Internet, and experts estimate that a smart home with a wide range of IoT devices can be targeted up to 12,000 times within a week.
Researchers predict that the number of installed IoT devices will double between 2021 and 2025, creating an even wider network of access points that could be exploited to breach personal and corporate systems. It is expected that the number of cellular IoT connections will reach 3.5 billion this year, and experts anticipate that by 2025, over a quarter of all cyberattacks on businesses will occur through IoT.
Conclusion
Anyone, whether an individual or an organization, regardless of their size, can potentially be affected by a cyberattack. Whether you're aware of it or not, cybercriminals are constantly probing networks, systems, and accounts for vulnerabilities, and they find them.
The opportunities for compromise are myriad. Research indicates that approximately 67% of all cyber breaches begin with someone clicking on what appears to be a safe link. That explains that 80-95% of all cyberattacks start with phishing.
+BONUS for a deeper dive into the topic
Here’s the Comcast Business Cybersecurity Threat Report for 2023, developed based on the analysis of 23.5 billion cybersecurity attacks to help tech and security leaders gain a deeper understanding of cybersecurity threat trends and the steps they can take to protect their organizations from evolving threats.
And here's the U.S. National Vulnerability Database, which contains over 26,000 new vulnerabilities of software and infrastructure added to those compiled last year.
Enjoy!