The Most Spine-Chilling Cyber Threats for Halloween
CAUTION! The spooky charmers we are about to review are not for the faint of heart. This year has been a doozy when it comes to the brood of cybersecurity threats that were conjured up. We can only imagine it will proliferate as the threat landscape continues to evolve.
If there’s one thing to be said: cybersecurity criminals and threats are some nasty witches.
So, it’s the perfect time of year to review the most spine-chilling cyber security threats. After we describe them, we want to hear from you what cybersecurity threats are haunting you this year? And, which ones could appear from the darkness in the future to scare the pants off you?
It’s quite possibly the most significant story is KRACKS because it puts potentially every WPA2 device at risk of being vulnerable to cyber attacks. It’s a scary thought because an attacker within range of affected access point and the client may be able to leverage the vulnerabilities to conduct attacks such as injecting malware, hijacking the device to monitor communications, and bypass HTTPS in non-browser software like iOS and Android applications. Every urban metropolitan area with a plethora of Wi-Fi devices could be the target of some massive attacks.
2. WannaCry / Petya / NotPetya Ransomware
Ransomware seemed to dominant the global threat landscape in recent years. Ransomware events like WannaCry, Petya/NotPetya, occurred across the globe and attackers took on average 4,000 businesses and individuals hostage per day in 2016.
The WannaCry outbreak was like an epidemic, spreading across 150 countries and infecting more than 400,000 machines. WannaCry utilized an exploit kit called ETERNALBLUE, one of the NSA hacking tools leaked by the notorious Shadow Brokers hacking group=.
The Petya/NotPetya outbreak was a ransomware epidemic, affecting more than 65 countries and more than 2,000 users. This malware used credential theft and exploited SMB vulnerabilities in unpatched machines.
Ransomware continues to disguise itself due to a rapid innovation and a lack of patch management across hardware and software, including computers, smartphones, tablets, POS systems, and IoT devices.
3. Advanced Persistent Threats & Malware
Hackers use malware, such as viruses, Trojans, and malicious software, to turn your network and data into big payoffs. Cyber attackers will continuously create new types of pervasive threats to attempt to break down your barriers. Almost all forms of malware are designed to avoid detection. Like a ghost within your network, the malware steals as much data as possible without leaving a trace of footsteps behind. Malicious malware can self-replicate and steal banking account and other private credentials like a thief in the night.
4. The Dark Web
The Dark Web used not to have such a bad reputation. In fact, it was a place where security and IT professionals gathered for peer-to-peer content sharing throughout the 80s, 90s, and early 2000s. Now, the dark web has become a devil’s den for hackers, and it’s even been named the “underbelly of the Internet.”
Sounds like a place from a science fiction novel, doesn’t it? It’s a cyber thugs’ lair to shop for exploit kits on the black market. But also, where superhero CISOs go to reverse engineer security monitoring and mitigation tools. Buyer beware though! You’ll need to use encryption friendly tools like The Onion Router (TOR) to obfuscate your browser activity and IP address through a secure and distributed network.
5. Malicious Employees & Vendors
You might be surprised to hear that 60% of all cyber attacks are carried out by employees and vendors within your organization. Three-quarters of these attacks involve malicious activity while one-quarter are accidental. So, the employees within your organization could be the most dangerous aspect of your cybersecurity threat landscape. Malicious employees are often overlooked because they fly under the radar of trusted systems and the company’s security detection systems. Have you run into anyone that looks like the flesh-eater below?
Your employees may not have clear security policy guidelines or continual security awareness training to support accountability to its fullest extent. Therefore, it’s important to minimize human error and help safeguard the threat of your employees mishandling your previous data with proper expectations and security education. Better to be safe than sorry! You don’t want a zombie outbreak at work.
6. Sophisticated Phishing/Smishing/Vishing/Social Engineering Campaigns
Phishing schemes are disguised as nasty tricks. A cybercriminal poses as someone or something the sender is not to try and trick the recipient into providing them with credentials, documents, credit card numbers, address information, and more. Everybody likes to go trick or treating but not a nasty phishing trick.
Sleuth criminals use social engineering to obtain the victim’s data for their purchases. Even though this type of threat has existed for more than two decades, only four out of ten employees still cannot identify a fake message or must guess whether the content is real or malicious. Using sophisticated social engineering, cyber criminals use phishing schemes against individuals and organizations alike for huge financial gain.
7. Internet of Evil Things
IoT is one of the scariest threats to information security professionals. Why you might ask? The rapid pace of innovation and demand for consumer IoT devices leads to poor ‘Security by Design’ in the products launched in the global marketplace.
Many Internet-connected devices have serious security flaws. Consider the smart toys your kids play with, the fun household devices you use daily, and the industrial sensors, power grids, and even implantable cardiac devices that are connected to the Internet. These connected Things are exposed to potential evil vulnerabilities that cybercriminals can exploit. In fact, 70% of IoT devices are susceptible to hacks due to major vulnerabilities. Can you imagine being held ransom by your smart thermostat?
(Photo credit: http://www.geekculture.com/joyoftech/joyarchives/2340.html)
8. No-Tech Hacking & Physical Security
Physical security is often an overlooked as an aspect of information security. But, it’s closely related. Cybercriminals use many tactics to obtain sensitive information and data about your company, and the method is called no-tech hacking.
A shadowy figure could enter your campus through tailgating, obtaining unauthorized access by following an actual employee into the building. The criminal might use lock picking to obtain unauthorized areas to restricted areas. Criminals are stealing data frequently by shoulder surfing, looking at an employee’s computer screen, phone or tablet to obtain sensitive information while they’re enjoying their coffee at Starbucks. Cybercriminals may even dumpster dive to search for sensitive information that hasn’t been properly disposed of for use in a cyber attack.
Have a look at our descriptive infographic on all the types of no-tech hacking techniques.
9. DDoS Attacks
We saw DDoS attacks like no other regarding scope and size last year. DNS providers across the United States were hit by a flood of hacker traffic on October 21, 2016. These ended up being some of the biggest DNS attacks on record. We could see DDoS attacks shutting down the entire Internet for days, leading to unintended consequences and impacts to financial markets and business operations.
10. An Army of Botnets
The Mirai zombie botnet army sent to take down Dyn, the largest DNS provider, was proof that botnets could take down internet access for a substantial period. This botnet incident showed the world how disruptive botnets would be to businesses and consumers around the world.
Botnets leverage malware to take advantage of unprotected, connected devices and then create an army of bots by using these vulnerabilities. Vulnerable devices fuel the botnets, and we know that internet connected device threats are among the top future concerns for security professionals.
At every turn you make this year, you encounter a new demon in digital threats. We hope your efforts to tame these beasts have been successful. Tell us more about the security threats that haunt you! Perhaps we can work together to combat these phantoms.