2017 was the year that data breaches and ransomware hogged the spotlight. And in 2018, they’re likely to continue to cause concern for business worldwide. But if you’re thinking of redeveloping your security strategies, these types of attacks aren’t the only ones you need to consider. The experts out there have made some alarming predictions on what you should be aware of, and prepared to face, for 2018
Email scams could earn cybercriminals around $9 Billion globally.
Using well targeted, personalised emails, cybercriminals pose as executives, suppliers, or trusted business contacts, scamming businesses out of their money. The FBI refers to these attacks as Business Email Compromise (BEC) scams. Trend Micro predicts BEC losses are likely to exceed $9 billion in 2018.
Cybercriminals kick off a BEC scam by sending out phishing emails. These are designed to trick employees into divulging details about the business or the individuals within it. The info they receive back helps to form part of their targeted attack. Alternatively, phishing emails might install malware that steals business data, such as financial records. And then there’s social engineering techniques. Cybercriminals might call the company direct, or use social media websites (e.g., LinkedIn, Facebook), to get what they’re after.
Once they have the info they need, the crooks begin creating their BEC emails. Often they look like a legitimate business email, either from within or from an organisation the targeted business has a relationship with. Cybercriminals spend a lot of time crafting their emails, there’s lots at stake. In 2017 the average earnings from successful BEC scams was around $67,000 (USD).
Internet of Things (IoT) Attacks to increase.
In 2017, hackers would conduct IoT attacks just to cause mayhem. In April, hackers launched a malware attack that damaged the systems of IoT devices so badly, the devices were rendered useless.
But for 2018, Forrester researchers think the focus of IoT attacks will change. Instead of creating chaos, hackers will create back doors into your networks through vulnerable IoT devices. Once they gain access, they might be able to steal sensitive data and/or spread ransomware. If there’s money to be made through poorly designed and protected IoT devices, the number of attacks will surge.
According to Trend Micro researchers, many IoT devices are not secure by design. And patching IoT devices can be difficult. Many devices are in hard to reach locations like wall mounted security cameras. It only takes one vulnerable device to create an entry point to a network.
Increase use of Cryptojacking to steal computer processing power
When you visit a website, your browser runs scripts provided by the site. These scripts enable you to see, hear, and interact with the content on the site. But some scripts can be designed for sinister purposes. By hijacking a visitors’ computer processing power, hackers can use it to mine (or earn) cryptocurrencies like Bitcoin. This is what’s known as cryptojacking.
Cryptojacking started off as a way for website owners to earn more, but the cybercriminals have jumped on the bandwagon. They’re adding these scripts to their own malicious web pages, and hacking into legitimate sites to insert their scripts there too. Toward the end of 2017, Cryptojacking activity increased significantly. And researchers at Malwarebytes predict we’ll see a lot more of it in 2018.
Although cryptojacking doesn’t steal data or extort money, it’s still bad news for businesses. The extra load on PC’s makes them sluggish, which can lower productivity. It might also cause CPU’s to overheat, leading to PC’s freezing or crashing. And if your PC’s processor is working much harder, it uses more electricity. In the US, one experiment found Cryptojacking could cost an extra $5 a month per PC in electricity.
The best defence is preparation.
As for which one of these predictions your business is likely to face, it depends on many factors. Where are your customers located? To what extent do your employees use email and web browsers? If you’re concerned, please call us. We can help you assess your business, and develop effective strategies against these risks.