Top 5 Cybersecurity Threats in 2015
In this week’s Top 5 review we will be discussing the Top 5 cybersecurity vulnerabilities and threats in 2015. This isn’t designed to be a comprehensive or all-encompassing list. Instead this is a quick highlight of what we view as the greatest threats.
One of the biggest threats to emerge recently is ransomware. This aggressive malware, of which the most popular flavor is Cryptolocker, has become quite prevalent throughout the world recently. It accomplishes its objective by getting onto your computer through an infected file, email or it’s simply placed there by a hacker, and then it encrypts all non-system files. Folders such of the my documents, my pictures, and videos of any kind will get gobbled up and locked without any way to get them unlocked. Per CNBC article on the Cryptolocker malware, “”It’s the same type of encryption used in the commercial sector that’s approved by the federal government…If the crooks delete that encryption key, your files are gone forever.” The criminal who has the private key that can decrypt your files, but wants a ransom before they are released back to you. This is particularly troubling in that many of these cases don’t get reported because the victims just pay the 200-300 dollars to just get past the problem.
2: Script Injection
Script injection vulnerabilities have been around for quite some time and are even listed on the cybersecurity OWASP Top 10, which describes injection flaws as “quite easy to discover by analyzing the code, but frequently hard to find during testing sessions when systems are already deployed in production environments.” Injections that are perpetrated by a cyber-criminal are typically used to extract data from a system. These flaws are unique in that once it is delivered to the market, the flaws in the system are extremely hard to find before they are exploited. This vulnerability really shows itself as one of the biggest problems with systems in the corporate industry.
3: Cybersecurity and Mobile Banking
4: Internet of Things (IoT)
If you’re not familiar with what the Internet of Things is, here’s a quick rundown. The IoT is simply the way and direction technology is evolving towards full technology integration of all electronics with the internet. From your fridge, TV to your kids toy and your car’s engine are or are going to be fully connected with the internet over the next decade with these “ordinary objects like thermostats, refrigerators and watches that are connected to the Internet — to grow to 26 billion units installed in 2020, an almost 30-fold increase from 0.9 billion in 2009” This IoT brings with it a multitude of vulnerabilities and per Gartner research, “A unique characteristic of the IoT is the sheer number of possible combinations of device technologies and services that can be applied to those use cases. What constitutes an IoT object is still up for interpretation, so securing the IoT is a “moving target.” Bottom line there a LOT of IoT capable devices out there and quite a few of them aren’t secure and could be the target of a major hack.
5: Increase in social engineering to enable hacking
Recently with the OpKKK that was allegedly conducted by Anonymous, they admitted much of the information they obtained was through effective social engineering. With Microsoft investing millions into exploit mitigation, making it significantly more difficult to create code that attacks the system successfully, hackers will turn to social engineering to obtain sensitive information about others. Per Enterprise Tech, “As the Internet of Things (IoT), mobility, and ever-expanding reliance on networked computers increase, the threat of social engineering – of hackers using employees’ and partners’ willingness to help and information they share – expands exponentially, he said. And as companies invest in more advanced security technologies, hackers will resort to the simplest path: People.” Simply put, social engineering works best when those who are being targeted are untrained to notice or detect when it is happening and with some legacy targets getting more hardened, these attack with increase.
Other High Profile Breaches:
Experian (includes T-Mobile)
Tesla and Chrysler (unrelated to each other)
Apple App Store
U.S. Office of Personnel Management (OPM)
Kaspersky & FireEye (unrelated to each other)
Excellus Blue Cross Blue Shield
Ashley Madison (follow up)
Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Be sure to subscribe to this blog and to our Podcast.
If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.