2019 will see security continue to be a challenge for all organisations, with increasing numbers of attacks on businesses big and small. There will be the usual raft of major data breaches, the daily discovery of new malware threats and the continuing blight of ransomware attacks. In addition, businesses need to be aware of new forms of attack and new targets. This year we’ll see attacks on cryptocurrencies, IoT devices, open source applications and AI systems. Here are five things we think you should be especially aware of.
Cryptojacking
If you haven’t heard of cryptojacking, it is where criminals take control of someone else’s computer and use it to mine cryptocurrency. Mining is a way of validating cryptocurrency transactions and those that undertake it are rewarded with a cryptocurrency payment. However, as it is an extremely resource-intensive process, criminals hijack other people’s devices to do it on their behalf.
The hackers are able to hijack a user’s computer by getting them to click on a malicious link embedded into emails which then loads the crypto mining malware on the device. Another method frequently used is to create malicious JavaScript code and use it to infect adverts or websites. As soon as the site or advert is loaded on the users’ browser, the malware begins its work.
There are usually no tell-tale signs that the device has been infected other than that it is performing less well. This is because its resources are being used to carry out the mining in the background.
Open-source app corruption
With so many disparate individuals developing open source apps and their add-ons, it can be difficult to prevent those with malign intentions trying to corrupt these types of software. Indeed, malware has already been found in some open source app libraries. And with the ever more sophisticated code being used, criminals have even more opportunities to work undetected.
This means that we are likely to see more third-party apps being corrupted and used as a back door into online networks. What’s worrying is that this method of infection can go under the radar of some intrusion protection and detection applications.
Cryptocurrency robbers
The volatility of the US administration, the uncertainty over Brexit and the US-China trade wars have left many companies concerned about the currency in which they trade. As a result, there has been a considerable shift towards the use of cryptocurrency for carrying out online payments and other transactions.
As this form of trading becomes commonplace, cybercriminals are seeing it as a new way to make money. According to a recent Reuters report, the value of cryptocurrencies stolen in the first nine months of 2018 was almost $1 billion – a rise of 250% on the previous year. Most of this was stolen through the hacking of exchanges and trading platforms. The warning for businesses is that, in 2019, this is likely to get worse and companies that use cryptocurrencies should take stringent measures to ensure their accounts and transactions are secure.
IoT device attacks
According to Statista.com, there are over 23 billion IoT devices currently in operation and many of them have exceptionally poor security. The ability of hackers to easily take control of these devices is becoming a serious issue. One way in which they are being used is to take down websites. Using thousands of infected devices, cybercriminals are able to launch huge DDoS attacks that send unprecedented volumes of traffic that sites are just unable to handle.
Weak security also means these same devices can be used for more malicious purposes. Devices that use voice recognition can be hacked to spy on companies and individuals, those that control infrastructure, such as traffic light systems, can be taken over to create chaos on the highways and in the worst case scenarios, devices can be controlled to use as a form of weapon or as a way to demand a ransom, such as shutting down IoT-operated, domestic heating systems, en masse, during the coldest months.
AI used as a hacking tool
It is not just business that is benefiting from artificial intelligence – it is also being used by hackers who are exploiting the vulnerabilities in AI systems to add malicious code that corrupts their logic. One significant issue is that sophisticated criminals could infiltrate the data sets that cybersecurity companies use to detect threats. By modifying the labels in these data sets, hackers could make AI systems treat their malware as safe, enabling it to infect devices without being detected.
Another way AI is used is to counteract the efforts of security companies. By using what is known as a generative adversarial network (GAN), a hacker’s neural network can compete against the network of a security company in order to discover its AI algorithms. Once information is discovered and the hacker understands how the algorithm works, it is possible to develop ways of attack that the algorithm is not able to detect.
Conclusion
In 2019, hackers will get more sophisticated, employing technologies, such as artificial intelligence, to attack the systems used to defend against them. At the same time, they’ll seek vulnerabilities in cutting edge technologies, such as cryptocurrencies, IoT devices, open source applications and AI systems. So, aside from the usual forms of attack, those who use these new types of technology will have even more threats to consider in the coming year.
If you are looking for secure hosting for your organisation, visit our homepage to see our range of hosting solutions.
