Hackers are always on the hunt for what’s new and next. As security experts work to secure individuals and companies against the threats of today, thieves are busy inventing the threats of tomorrow — nefarious new ways to steal your financial and personal data. As 2018 comes to a close, get to know the threats that could define 2019.
Cryptojacking
Cryptocurrency mining requires vast computing power to solve complex mathematical problems. Rather than setting up thousands of servers fueled by pricey electricity and air conditioning, hackers enslave millions of computers to do their dirty work.
Just like the name suggests, cryptojacking is non-consensual cryptomining on someone else’s machine. In 2018, cryptojacking accounted for 35% of all cyber threats.
As cryptocurrency grows in popularity, so does the computing power necessary for mining. This means hospital chains, airports, coffee shops and anywhere with public Wi-Fi could be susceptible. Cryptojackers target vulnerable websites and inject mining scripts like Coinhive. Then, the computers of unsuspecting visitors are enslaved to mine cryptocurrency.
Stay Safe: To prevent cryptojacking, use an antivirus or anti-malware solution that scans traffic and blocks infected domains. While browsing, use an adblocker like uBlock Origin or NoScript that can stop mining scripts.
Cloud Ransomware
Recently, ransomware has hit heavyweights like Britain’s National Health Service and even FedEx. Locking down computer files via encryption, hackers demand money in exchange for unlocking the data. Victims often pay, especially if the encrypted data isn’t backed up.
One new target on the ransomware horizon is cloud-computing businesses that store mountains of photos, data and emails for companies. Giant cloud operators, like Google, Amazon and IBM, are virtually impenetrable, but smaller companies could be vulnerable. One of the most virulent strains of Petya malware spread through an infected file on Dropbox — one of the most popular backup solutions.
Stay Safe: While you cannot prevent your cloud provider from getting infected, you can take measures to protect yourself from ransomware. Back up your data and keep your software up to date.
Weaponized AI
In the AI-driven arms race, security experts are using machine learning, neural networks and other AI tech to anticipate and discover attacks. Unfortunately, hackers are using the same technology.
Machine-learning can now mimic human speech to craft convincing fake messages for spear phishing attacks. AI can also be used to design malware that can fool “sandboxes” — security programs that spot rogue code before it reaches a company’s system.
Stay Safe: Learn how to spot phishing scams, install a traffic scanner that blocks malicious links and avoid posting personal information on social media.
Malicious Smartphones
Apparently, mobile is where it’s at — even for malware. As users spend more and more time on their phones, thieves have realized that phones are where the most sensitive data lives.
While it’s best to download apps from official stores, malicious software can still slide past the careful vetting of Google Play or Apple’s App Store. Apps masquerading as calendars or storage optimization have been vehicles for cryptomining or harvesting a user’s data and location. Of the 3.5 million apps in Google Play’s store last year, 700,000 were “problematic.” They were either app clones, text message intercepts or phishing scams.
Some smartphones have even been infected before leaving the factory. In 2017, 30 high-end smartphones were infected with malware in the supply chain, and dozens of low-cost Android phones were shipped with the powerful banking Trojan called Triada.
Stay Safe: Never download apps from unknown sources and don’t be lured in by cheap smartphones from shady sellers. Update your apps, review their permissions and always back up your smartphone.
Cryptotheft
With the value of a single Bitcoin soaring, cyber criminals have big incentives to launch attacks. While cryptojacking affects computer users who don’t own Bitcoin, investors of virtual coinage are prime candidates for theft.
Hackers and even rogue states like North Korea have been targeting cryptocurrency account holders.
Recently Bithumb — the sixth-largest crypto exchange — was hacked for $30 million. And BitGrail’s attackers made off with $195 million in Nano cryptocurrency belonging to users.
Some thieves have even used social engineering to target cryptocurrency YouTube personalities and other high-profile investors.
Stay Safe: Don’t tell anyone that you’re investing in cryptocurrency, especially on social media. Keep your funds in multiple wallets. Secure your logins with two- factor authentication and stay alert and on top of the latest scams.
Hacking Smart IoT Devices
Inside one university lab, researchers were able to activate artificial intelligence systems on smartphones and smart speakers. In the wrong hands, this technology could unlock doors, wire money or purchase items online.
This group from the University of California Berkeley proved that they could hide commands in white noise played over loudspeakers or YouTube videos — embedding commands directly into music or spoken text.
While a human listener hears music or someone talking, Amazon’s Echo speaker might hear an instruction to add something to your shopping list.
Fortunately, real-life hackers haven’t cracked these techniques. Yet.
Stay Safe: Don’t connect your devices to every smart device you own. And be careful about connecting your credit card to your devices. If you do own smart devices, always use secure Wi-Fi.
Regardless of the security challenges 2019 brings, Bluefin offers P2PE and tokenization services that ensure sensitive data is encrypted the moment it enters your system. To learn more about how you can protect your customers’ data, contact a Bluefin representative today.