Skip to main content
https://www.highperformancecpmgate.com/rgeesizw1?key=a9d7b2ab045c91688419e8e18a006621

Cyber breaches abound in 2019

News of high-profile cyber breaches has been uncharacteristically subdued in recent quarters. However, we recently learned that Marriott International/Starwood was the victim of the multi-year theft of personal information on up to 500 million customers — rivaled only by hacks against Yahoo in 2013 and 2014.

Is this a harbinger of a worse hacking landscape in 2019?

The answer is unequivocally yes. No question, cyber breaches have been a gigantic thorn in the global economy for years. But expect them to be even more rampant in the new year as chronically improving malware will be deployed more aggressively on more fronts.

In addition, as companies increasingly pursue digitization to drive efficiency, reduce costs and build data-driven businesses, they simultaneously move into the “target zone” of cyber attacks. As the digital economy expands, the threat landscape naturally follows suit. Compounding the situation is the use of machine learning and AI as hackers and other bad actors look to scale their bad behavior.

Look for AI-driven chatbots to go rogue, a substantial increase in crimeware-as-a-service, acceleration of the weaponization of data, a resurgence in ransomware and a significant increase in nation-stage cyberattacks. Also on a growth track is so-called cryptojacking — a quiet, more insidious avenue of profit that relies on invasive methods of initial access and drive-by scripts on websites to steal resources from unsuspecting victims.

Then, too, we will also see a substantial increase in software subversion, including the specific targeting of developers for attack and the likely proliferation of software update supply chain attacks.

Here is a mini dive into the top pending threats:

The emergence of AI-driven chatbots. In the new year, cybercriminals and black hat hackers will create malicious chatbots that try to socially engineer victims into clicking links, downloading files or sharing private information. A hijacked chatbot could easily misdirect victims to nefarious links rather than legitimate ones. Attackers are also likely to leverage web application flaws in legitimate websites to insert a malicious chatbot into a site that doesn’t have one.

Attacks on cities with crimeware-as-a-service, a new component of the underground economy. Adversaries will leverage new tools that among other things attack data integrity, disabling computers to the point of requiring mandatory hardware replacements. Terrorist-related groups will be the likely culprits.

A significant increase in nation-state attacks. Russia has been a leader in using targeted cyberactions as part of larger objectives. Earlier this year, for example, the FBI disclosed that Sofacy group, a Russian persistent threat actor, infected more than 500,000 home office routers and network attached to storage devices worldwide to remote control them. Look for other nation-states to follow the same sort of playbook, helped by billions of poorly secured IoT devices.

The growing weaponization of data. Already a huge problem, it is certain to worsen, notwithstanding efforts among some technology giants to enhance user security and privacy. Balancing the negatives with the positives, tens of millions of comprised web users have begun to seriously question how much they really benefit from the internet.

Consider, for example, Facebook, which has made no secret of using personal data and “private” correspondence to annually generate billions of dollars in profits. Users willingly “like” interests and brands, volunteering personal information. This enables Facebook to provide a more complete image of its user base — a gold mine for advertisers.

Much worse, Facebook earlier this year tried to manipulate user moods through an “emotional contagion” experiment. This pitted users against their peers to influence their emotions, i.e. the weaponization of data.

A resurgence in ransomware. Ransomware exploded onto the scene in 2017 following the WannaCry outbreak and a series of successful follow-up ransomware attacks targeting high-profile victims. According to the FBI, total ransomware payments in the U.S. have in some years exceeded $1 billion. There were scant high-profile ransomware victims in recent months, but the problem is highly likely to bounce back strongly in 2019. Ransomware attacks come in waves, and the next one is due.

Increased subversion of software development processes and attacks on software update supply chains. Regarding software development, malware has already been detected in select open-source software libraries. Meanwhile, software update supply chain attacks violate software vendor update packages. When customers download and install updates, they unwittingly introduce malware into their system. In 2017, there was an average of one attack every month, compared to virtually none in 2016, according to Symantec. The trend continued in 2018 and will become worse next year.

More cyber attacks on satellites. In June, Symantec reported that an unnamed group had successfully targeted the satellite communications of Southeast Asia telecom companies involved in geospatial mapping and imaging. Symantec also reported attacks originating in China last year on a defense contractor’s satellite.

Separately, we learned in August at the annual Black Hat information security conference that the satellite communications used by ships, planes and the military to connect to the internet are vulnerable to hackers. In the worst-case scenario, the research said, hackers could carry out “cyber-physical attacks” that could turn satellite antennas into weapons that essentially operate like microwave ovens.

Fortunately, the cyber outlook for 2019 is not altogether grim.

On the cybersecurity side, a growing number of experts believe that multi-factor authentication will become the standard for all online businesses, abandoning password-only access. In addition, a number of states are expected to adopt some version of Europe’s strict General Data Protection Legislation. California, for one, has already passed legislation that will make it easier for consumers to sue companies after a data breach, starting in 2020.

The upshot is that individuals, businesses and government entities need to do everything possible to improve the state of their cybersecurity. They cannot eliminate breaches, but they can avert some and improve the chances of mitigating them.

Comments

Popular posts from this blog

Uber co-founder Garrett Camp steps back from board director role

Uber co-founder Garrett Camp is relinquishing his role as a board director and switching to board observer — where he says he’ll focus on product strategy for the ride hailing giant. Camp made the announcement in a short Medium post in which he writes of his decade at Uber: “I’ve learned a lot, and realized that I’m most helpful when focused on product strategy & design, and this is where I’d like to focus going forward.” “I will continue to work with Dara [Khosrowshahi, Uber CEO] and the product and technology leadership teams to brainstorm new ideas, iterate on plans and designs, and continue to innovate at scale,” he adds. “We have a strong and diverse team in place, and I’m confident everyone will navigate well during these turbulent times.” The Canadian billionaire entrepreneur signs off by saying he’s looking forward to helping Uber “brainstorm the next big idea”. Camp hasn’t been short of ideas over his career in tech. He’s the co-founder of the web 2.0 recommendatio...

Leading VCs discuss how COVID-19 has impacted the world of digital health

In December 2019, Extra Crunch spoke to a group of investors leading the charge in health tech to discuss where they saw the most opportunity in the space leading into 2020 . At the time, respondents highlighted startups in digital therapeutics, telehealth and mental health that were improving medical practitioner efficiency or streamlining the distribution of care, amongst a variety of other digital health markets that were garnering the most attention. Where top VCs are investing in digital health In the months since, the COVID-19 crisis has debilitated national healthcare systems and the global economy. Weaknesses in healthcare systems have become clearer than ever, while startups and capital providers have struggled to operate while wide swaths of the market effectively shut down. Given significant volatility and the rapid changes seen in the worlds of healthcare, venture and startups broadly, we wanted to understand which inefficiencies might have been brought to light, w...

News-reading app Flipboard expands local coverage, including coronavirus updates, to 12 more U.S. metros

Earlier this year, personalized news aggregation app Flipboard expanded into local news . The feature brought local news, sports, real estate, weather, transportation news and more to 23 cities across the U.S. Today, Flipboard is bringing local news to 12 more U.S. metros and is adding critical coronavirus local coverage to all of the 35 supported locales. The 12 new metros include the following:  Baltimore, Charlotte, Cleveland, Detroit, Indianapolis, Nashville, Pittsburgh, Orlando, Raleigh, Salt Lake City, St. Louis, and Tampa Bay. They join the 23 cities that were already supported:  Atlanta, Austin, Boston, Chicago, Dallas, Denver, Houston, Las Vegas, Los Angeles, Miami, Minneapolis-St. Paul, New Orleans, New York City, Philadelphia, Phoenix, Portland, Sacramento, San Diego, San Francisco Bay Area, Seattle, Toronto, Vancouver and Washington, D.C. To offer local news in its app, Flipboard works with area partners, big and small, like The Plain Dealer’s Cleveland.com , ...