Security experts continue to fight cyber-threats that compromise both individuals and companies. As quickly as experts can shut down one threat, another one appears to take its place. Criminals have learned to evolve their tactics in an attempt to stay one step ahead of the experts. It can be helpful to educate your users on the types of potential threats they might face. With that in mind, let us take a look at 5 of the most common cyberattacks in 2018.
In 2016,
criminals used Dropbox to spread a favorite strain of ransomware called Petya. Users who assumed they were clicking on a resume stored on a Dropbox share didn’t realize they were installing a virus on their computer. It wasn’t until their machines locked up that they realized something was wrong. In some of the worst cases, entire hard drives were overwritten, and the data on those drives were destroyed. Cloud services are not going anywhere, but it’s still a good idea to have a backup of your data stored locally or offsite at a location not connected to your cloud provider.
We spend so much of our time on Facebook, Twitter, and LinkedIn managing our personal and business connections that it’s easy to overlook the threats on these services. The very nature of these attacks is disturbing because they take advantage of the bonds we have to friends and colleagues. The attack starts with a friend request that includes a link to more information about the person of interest. You may be asked to install a “small” program before you view their profile. Everything may seem fine at this point, but you’ve now given up more information about yourself than you intended. Few of these attacks get reported by the media unless the offense is particularly embarrassing. Last year, HBO had a number of their social media accounts
taken over by a hacker, including their popular Game of Thrones Twitter account. These attacks are often used to embarrass companies, and it can take time to regain control of the hacked accounts.
Cloud Services Infected with Ransomware
These popular and profitable attacks go after data that is then encrypted and offered back to the user or business for a ransom. Criminals have found a goldmine of data on cloud services which they can hold for ransom. Thieves have found success in attaching their attacks to cloud services because users assume a level of security and let their guard down.
Cryptojacking
We covered cryptojacking a few months ago and how Tesla become a victim of it. Criminals discovered a Telsa-owned console that wasn’t password protected and were able to take control of it. It wasn’t till months later that a security expert noticed the console was being used to crypto mine on AWS. Cryptojacking rose in popularity as the prices of Bitcoin, Ethereum, and other crypto-currencies shot into the stratosphere. Those heady days have subsided, but it’s impossible to predict when prices will rise again. Bitcoin is trading at about $6000 today, down from just over $19,000 last December and any sudden jump in price gives thieves an incentive to steal computing time. Cryptojacking will probably fade in and out of popularity over the next few years, but it won’t go away because there’s too much money to be made. It’s also a relatively low-risk venture for criminals because the crime often goes undetected.Socially Engineered Malware
Socially engineered malware happens when a user is tricked into installing a piece of software or opening a file from a website or sender they trust. This attack comes in many forms. Everyone knows not to click on attachments from people they don’t know. However, sophisticated criminals understand many people will open a file from a friend or family member whom they trust. New attacks include websites that inject code into the browser which can be used to collect private data without detection. Socially engineered malware programs are responsible for hundreds of millions of successful hacks each year. This sheer quantity of hacks puts them at the top of the list regarding raw number of attacks. Companies like Microsoft have tried to thwart this type of attack by encouraging users to browse the web using accounts without higher elevated levels of security clearance. Having good quality malware prevention programs helps, but it comes down to educating the end user so they can recognize these attacks for what they are.Social Media Threats