Nothing bands individuals together like a good old security breach. We are all equal in the face of hacks and data breaches, aren’t we?
Did you know that there were 2,216 data breaches and more than 53,000 cybersecurity incidents registered in 65 countries in the 12 months up to March 2018? Statistics don’t lie, but the problem with statistics is that they seem abstract. Not until the moment when you become yet another chunk in the pile of compromised data. The pile is getting bigger, and there’s hardly an individual left unaffected by a hack or a data breach. Let’s take one of the biggest breaches of 2018, the knowledge of which became public just last week. 500 million individuals, [wplinkpreview url=”https://sensorstechforum.com/500-million-customers-marriott-starwood-data-breach/”]customers of Mariott’s Starwood guest reservation network, were affected.
Long story short, the network exposed its entire database consisting of 500 million guest bookings that happened in the course of four years. Personal information belonging to individuals from all over the world was exposed.
I was pretty sure Marriot’s data breach wouldn’t be the last major breach event for 2018, and I wasn’t wrong. Today I woke up to the news that [wplinkpreview url=”https://sensorstechforum.com/quora-hacked-access-internal-database-servers”]Quora’s entire user data base had been compromised by hackers.
Quora has been sending out notifications to all of its users notifying them that it has been breached. According to the information received, an unknown threat actors were able to access their database of user data on Friday (November 30). This is when Quora’s team detected that user data has been acquired by an unauthorized third party who was able to gain access to their internal database servers.
Nonetheless, this article isn’t a retrospection of everything that went wrong this past year but rather it will present a prediction, an educated guess, of what may (will?) go wrong next year.
The Password Matter
Some experts predict that incidents and breaches based on the combination of usernames and passwords will continue to rise throughout next year. There have been attempts to countermeasure the weakness of passwords, such as symmetric cryptography, biometrics, blockchain and hardware solutions. However, the problem is that there hasn’t been a coordinated, global effort, and as a result the security industry hasn’t been able to set new standards.
Others predict that two-factor authentication (2FA) will evolve to adequately address fraud attacks. The following opinion belongs to Stacy Stubblefield, co-founder and Chief Innovation Officer of TeleSign:
In 2019 we will see an evolution in the two-factor authentication (2FA) process that directly addresses some of the most discussed fraud attacks. It’s a documented fact that the use of 2FA to stop unauthorized account access has exponentially decreased account takeover fraud around the globe, but as fraudsters have evolved, so too must the techniques used to combat them. The increasing prevalence of SIM swap fraud and porting fraud (where attackers take over an end-user phone number so they can intercept one-time passcodes) has led to more collaboration between online businesses and mobile network operators, who can tell those businesses (in real-time) when a SIM swap or porting change has occurred. What we will see as 2019 unfolds is the use of that data to augment 2FA, which will ultimately ensure the continued growing adoption of this important security step by both businesses and their users.
The Scam & Phishing Matter
Talking about scams, the industry has definitely witnessed an evolution in the scam business. Yes, it is a business, and undeniably a successful one. Nearly half of all cellphone calls in 2019 will come from scammers, according to First Orion, a company that provides phone carriers and their customers caller ID and call blocking technology, the Washington Post recently reported.
One such scam that has been quite active in the US involves the abuse of Social Security Administration’s phone number, [wplinkpreview url=”https://sensorstechforum.com/1-800-772-1213-social-security-administration-scam/”]1-800-772-1213. A warning was even issued by the Federal Trade Commission. Apparently, scammers are actively spoofing the administration’s customer service number.
Phone scammers are aggressively developing their set of manipulative tactics, and they are not the only ones. Phishing and email insecurity will continue to persist next year, exposing the personal data of users.
The persistence of phishing on the threat landscape just proves that the weakest link in cybersecurity is us, humans.
The fact that most phishing campaigns stay the same for years speaks volumes. In other words, phishers don’t even need to get creative in order to fool their victims – both home users and enterprise users are equally prone. Each year we see an increase of the so-called “[wplinkpreview url=”https://sensorstechforum.com/christmas-malware-2018-scam-season/”]seasonal scams” that intensify around Black Friday and become really prevalent around Christmas.
In its Spam and Phishing in Q3 2018 report, Kaspersky Lab discovered a notable rise in phishing attacks compared to the previous quarter. In total, the security firm halted more than 137 million phishing attempts. In comparison, 108 such attempts were detected in Q2.
To no one’s surprise, businesses where financial transactions are essential were commonly targeted. 18 percent of these attacks were found to target banking customers, and 10 percent – payment systems. Global internet portals accounted for 32.3 percent of the attacks.
The Trojan & Botnet Matter
The VPNFilter Trojan is a well-built threat. Its first targeted attacks were able to take down thousands of network devices around the globe. Security reports showed that its latest version included additional third-stage modules which heavily enhanced its functionality.
Let’s take VPNFilter’s ability to leverage networks and exploit endpoint devices that were placed on the same network as VPNFILTER-infected hosts. The hackers could obfuscate and encrypt the network traffic coming in from them back to the infected clients. Several user identification tools could be used following the infections, thus enabling threat actors to carry out identity theft and other crimes. Another significant new addition was the ability to create a large network of proxies that can be used in coordinated attacks.
Kaspersky Lab researchers believe that campaigns such as [wplinkpreview url=”https://sensorstechforum.com/vpnfilter-trojan-updated-new-advanced-features/”]VPNFilter perfectly illustrate how attackers have already started deploying their malware to create multipurpose botnets. In this particular case, even when the malware was extremely widespread, it took some time to detect the attack, which is worrisome considering what might happen in more targeted operations.
The IoT Matter
Nonetheless, more and more vendors and consumers become aware of this threat. Following large-scale cyberattacks launched through exploited IoT botnets in the past two years, IoT risk awareness has slightly increased, yet smart devices are still vulnerable, a Bitdefender whitepaper notes, underlying one of the major issues, the lack of end-to-end encryption:
One major cause is that manufacturers rush to deliver innovative gadgets that catch the eye of the consumer, but completely disregard end-to-end encryption.
Many smart devices currently available on the market are vulnerable to third-party intrusions. Because traditional security software can’t fend off attacks, home and enterprise networks are left defenseless. The industry is not far from jeopardizing users’ physical safety, as vulnerabilities have been detected on multiple occasions in medical devices, pacemakers, security cameras, smart doorbells, baby monitors and connected cars.
For instance, let’s take the popular FreeRTOS operating system used by many IoT devices. It was [wplinkpreview url=”https://sensorstechforum.com/freertos-security-bugs-iot-devices/”]found to contain numerous bugs allowing hackers to easily exploit vulnerable devices. And as it often happens, the quick development of a patch isn’t very efficient as its implementation may take a while. A total of 13 vulnerabilities were discovered in the FreeRTOS, which allowed criminals to carry out various attacks: data theft, information leaking, remote code execution, network attacks, denial-of-service and etc. Abuse of the FreeRTOS could be done manually and automatically, using specific penetration testing frameworks that are loaded with the proof-of-concept code against the specific bug.
The Malware Matter
Security experts have been anticipating the disclosure of a new exploit of the EternalBlue kind (utilized in the WannaCry ransomware outbreak), which will be used for spreading malware in 2019 and beyond. Such exploits are extremely powerful because they can self-propagate. It’s not a mistake to say that they are a challenge to organizations, and cybercriminals who are aware of that fact will continue to look for such exploits.
For example, the EternalBlue exploit was detected to spread the Adylkuzz miner, and later in 2017, it was used to [wplinkpreview url=”https://sensorstechforum.com/eternalblue-exploit-backdoor-nitol-gh0st/”]deliver the Nitol backdoor and Gh0st RAT. Both threats have been around for several years and were once again included in malicious operations. There is no reason or proof to suggest that campaigns of this scale will not happen again in 2019.
The Skimming Matter
This past year, cybercriminals have been after websites that process payments with the purpose of compromising the checkout page. There have been multiple cases, with the MagentoCore malware being at the heart of most of them. MagentoCore was quickly dubbed the most successful skimmer, with its operators being extremely active in the past several months.
However, it turned out that MagentoCore was in fact part of a larger card scraping campaign known as MageCart. Security researcher Willem de Groot has tracked infections similar to Magecart on at least 40,000 domains for the past three years. His latest findings indicate that during August, September and October, 2018, the MageReport scanner came across [wplinkpreview url=”https://sensorstechforum.com/sites-magecart-malware-reinfected/”]Magecart skimmers on more than 5,400 domains.
Some of these infections turned out to be quite persistent, spending up to 12.7 days on infected domains. In most cases, however, website admins successfully removed the malicious code. Still, the number of re-infected sites was still quite big – 21.3 percent, with a large number of reinfections taking place within the first day or within a week. The average period for a reinfection was estimated at 10.5 days.
By the looks of it, the MagentoCore malware operators will continue to look for new ways to attack and compromise websites.
Do We Really Need a Conclusion?
Stephane Nappo, Global Chief Information Security Officer at Société Générale International Banking, says that
Threat is a mirror of security gaps. Cyber-threat is mainly the reflection of our weaknesses. An accurate vision of digital and behavioral gaps is crucial for a consistent cyber-resilience.
So, the only thing we can do is evaluate our own strengths and weaknesses in the online realm, and do our best to avoid worst-case scenarios where we are the weakest link. In simple terms, let’s be smarter next year.