Top 5 Cybersecurity Threats in 2015

Top 5 Cybersecurity Threats in 2015

 

In this week’s Top 5 review we will be discussing the Top 5 cybersecurity vulnerabilities and threats in 2015.  This isn’t designed to be a comprehensive or all-encompassing list.  Instead this is a quick highlight of what we view as the greatest threats.

 

1:  Ransomware

One of the biggest threats to emerge recently is ransomware.  This aggressive malware, of which the most popular flavor is Cryptolocker, has become quite prevalent throughout the world recently.  It accomplishes its objective by getting onto your computer through an infected file, email or it’s simply placed there by a hacker, and then it encrypts all non-system files. Folders such of the my documents, my pictures, and videos of any kind will get gobbled up and locked without any way to get them unlocked.  Per CNBC article on the Cryptolocker malware, “”It’s the same type of encryption used in the commercial sector that’s approved by the federal government…If the crooks delete that encryption key, your files are gone forever.”  The criminal who has the private key that can decrypt your files, but wants a ransom before they are released back to you.  This is particularly troubling in that many of these cases don’t get reported because the victims just pay the 200-300 dollars to just get past the problem.

 

2:  Script Injection

Script injection vulnerabilities have been around for quite some time and are even listed on the cybersecurity OWASP Top 10, which describes injection flaws as “quite easy to discover by analyzing the code, but frequently hard to find during testing sessions when systems are already deployed in production environments.”  Injections that are perpetrated by a cyber-criminal are typically used to extract data from a system.  These flaws are unique in that once it is delivered to the market, the flaws in the system are extremely hard to find before they are exploited.  This vulnerability really shows itself as one of the biggest problems with systems in the corporate industry.

 

3:  Cybersecurity and Mobile Banking

According to a Kaspersky report, 92% of consumer devices have sensitive data on them which makes them a soft target.  In the past mobile phones haven’t had much security since they weren’t used much for anything other than phone calls, however, times have changed.  With the advent of smart phones capable of processing HTML, Java and any other platform script needed for using the internet, came mobile banking.  Per Constantin, “90 percent of the tested apps also initiated several non-encrypted connections during their operation. This allows attackers who can intercept that traffic—for example on an insecure wireless network—to inject arbitrary JavaScript or HTML code into it, for example to display fake login prompts to the app’s user or to launch other social engineering attacks.”  Mobile banking on an unsecured platform is one of the biggest coming vulnerabilities of 2015, if not this coming decade.

 

4:  Internet of Things (IoT)

If you’re not familiar with what the Internet of Things is, here’s a quick rundown.  The IoT is simply the way and direction technology is evolving towards full technology integration of all electronics with the internet.  From your fridge, TV to your kids toy and your car’s engine are or are going to be fully connected with the internet over the next decade with these “ordinary objects like thermostats, refrigerators and watches that are connected to the Internet — to grow to 26 billion units installed in 2020, an almost 30-fold increase from 0.9 billion in 2009”  This IoT brings with it a multitude of vulnerabilities and per Gartner research, “A unique characteristic of the IoT is the sheer number of possible combinations of device technologies and services that can be applied to those use cases. What constitutes an IoT object is still up for interpretation, so securing the IoT is a “moving target.”  Bottom line there a LOT of IoT capable devices out there and quite a few of them aren’t secure and could be the target of a major hack.

 

5:  Increase in social engineering to enable hacking

Recently with the OpKKK that was allegedly conducted by Anonymous, they admitted much of the information they obtained was through effective social engineering.  With Microsoft investing millions into exploit mitigation, making it significantly more difficult to create code that attacks the system successfully, hackers will turn to social engineering to obtain sensitive information about others.  Per Enterprise Tech, “As the Internet of Things (IoT), mobility, and ever-expanding reliance on networked computers increase, the threat of social engineering – of hackers using employees’ and partners’ willingness to help and information they share – expands exponentially, he said. And as companies invest in more advanced security technologies, hackers will resort to the simplest path: People.”  Simply put, social engineering works best when those who are being targeted are untrained to notice or detect when it is happening and with some legacy targets getting more hardened, these attack with increase.

 

 

 

 

Other High Profile Breaches:

Experian (includes T-Mobile)
Scottrade
Trump Hotels
Tesla and Chrysler (unrelated to each other)
Apple App Store
U.S. Office of Personnel Management (OPM)
Kaspersky & FireEye (unrelated to each other)
Excellus Blue Cross Blue Shield
Ashley Madison
Ashley Madison (follow up)


Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Be sure to subscribe to this blog and to our Podcast.

If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.

References

American Banker
CNBC
PC World
Enterprise Tech
Gartner


Enter your email address:


Delivered by FeedBurner


Subscribe to our mailing list

* indicates required







About Matthew Eliason

Matthew Eliason was born in Houston, Texas.  Upon graduating from high school, he joined the Navy.  His first tour was as an Information Systems Technician of a 130 client DOD network where he developed the documentation and maintenance procedures from 2007-2012.  In 2012, he transferred shore duty where he serves as a system and security administrator. He graduates with a Bachelor’s of Science in Information Technology from American Military University in November of 2015. He holds the CompTIA Security+ certification and has extensive experience in DOD Information Assurance (IA) and Cyber Security compliance and procedures.  He enjoys golf, hiking, watching football in his spare time.