2018 Faces New Threats, But Same old Problems

Written by

Every year brings with it a new set of cyber-threats but unfortunately, the cyber-threats of 2017, 2016 and beyond are still with us.

Phishing for authentication credentials, social engineering to install malware, ransomware – all these “hits of the past” are still with us in 2018, but they've been joined by new threats. 

As bad as this is for corporate security, it's perhaps even worse for the bottom line. In light of these threats, organizations are not only going to have to keep up their subscriptions to existing security services – they are going to have to pony up for new solutions for the new powerful threats they face. Just where should they be putting their money to get the most bang for their buck?

To understand that, we need to understand the new threats. Among them is the newest scam fashionable among cyber-crooks – crypto-jacking. With the run-up in the price of Bitcoin (even with its recent losses it's still 800% higher than it was a year ago), hackers are now hijacking the processing power of desktop computers, servers, and even mobile devices to mine for cryptocurrency.

Using a variety of methods - email delivered malware, phishing sites, and even online ads – hackers set up a captive distributed network, putting your processor to work for them to figure out the mathematical problems that let them mine and register cryptocurrencies. 

Another new attack gaining popularity is a tool called AutoSploit, which automates hacking exploits, allowing anyone with even zero experience in hacking to find a script that takes advantage of a bug in versions of popular tools (Apache, IIS, etc,) and “carpet bomb” servers, looking for vulnerabilities. 

In a new report, Kaspersky stated it had discovered what is says may be “the most sophisticated Android espionage app ever.” Pegasus, a “nation-state level” fully-featured espionage platform (an iOS version was discovered in August) brings together the power of a dozen already powerful hacker tools – keylogging, live audio/video capture, messaging data, browser, and email exfiltration – basically, everything a hacker would need to know to compromise an organization's finances, business plans, IP, or anything else they wish. 

There is also the proliferation of IoT devices in the workplace, including more and more smart TVs, video connection systems, coffee makers, and much more showing up in the workplace – sometimes without the knowledge of network administrators.

I could list a dozen new and powerful threats – but you're probably depressed enough already. The question is, what can we do about all these threats – as well as the “old” ones that are just as potent, if not more so? The best solution that makes the most sense, I believe - is one that separates us from hackers altogether.

According to studies, as many as 95% of security breaches occur due to phishing, socially-engineered attacks delivered via e-mail. These emails convince users to open documents and other items which are stuffed with malware, which contain “poison code” that enables hackers to install ransomware, keyloggers, or other programs which can be used to steal user credentials and/or compromise security.

Unfortunately, not all security systems can catch these attacks; many of them are sent as macros or javascript files attached to documents. Standard anti-virus systems can’t detect those kinds of attacks. A sandbox might, but if it does it will prevent the document from going through altogether. This sounds like a good idea, but often hackers will implant poisoned attachments in legitimate documents. Those documents may be needed to conduct business - meaning that if they are interdicted by the sandbox, an important piece of communication may be missed. Clearly, organizations have a dilemma on their hands.

One way around that dilemma is creating an impenetrable buffer between malware and users. Technology deployed in the buffer could examine files before they are forwarded on to users - disabling and disarming the offending parts of a message, including macros and javascripts.

The technology would dissect a file, checking each of its lowest-level components individually and examining them to see if they contain anomalies. If they do, the anomalies - such as rogue code - are eliminated, and the file is reconstructed and sent on to the user, its functionality intact. In this way, companies will be able to maintain their workflow and protect their organizations.

What’s hot on Infosecurity Magazine?