Here is What Businesses Need to Know: Security Trends for 2019

2018 was a year that brought major breaches pretty much every week. So, in May, GDPR came into force as necessary means in protecting companies and their clients.

Cyber security is still an important issue that troubles business world. As it seems, businesses will need to invest more resources and energy, if they wish to stay cyber safe.

So, what can we expect to see in 2019?

1. Consumer Devices –> A Never-Ending Target

Ransomware is a known threat for companies and businesses of all types. While this trend will continue, experts believe that in 2019, there will be more and more attacks on different consumer devices.

Attackers might even target the smart TV in a house via a ransomware attack that would require a user to pay a fee to unlock it.

2. Attackers Will Become Much Smarter

Cyber criminals have seen the potential in Dark Web and they will continue exploring it even more than before. Every day, they are working hard on trying out new and more sophisticated ways of performing attacks and not getting caught.

In 2018, we have seen the beginning of a better organized cyber-crime. Attackers communicated with each other, while turning hacking tools into software-as-a-service.

With the development and implementation of AI technology, it is only a matter of time when cyber criminals will user the same technology for their malicious purposes.

3. New Job Titles Will Appear?

Many experts believe that we will soon see new job titles appearing in the companies. One of them is CCO (Chief Cybercrime Officer), whose responsibility is going to be protecting computer systems from attacks.

Employees with this title would ensure that a company/organization is ready for different types of cyber threats. They would be responsible for preventing attacks but also also take the lead if a breach did occur. They would provide a robust connection between the board and the rest of the company.

4. Continuing Cyber-Attacks Against E-Commerce Websites

In 2018, we saw waves of cyber-attacks against e-commerce websites. These attacks will continue in 2019 as well. Organized crime is going to target poorly configured and poorly secured web sites to collect customer credentials and payment card details.

5. Bigger Interest in Mobile Phones

The mobile phone will play an even greater role in our lives. It is becoming a key authentication and payment mechanism. Often, we use our phones more than desktops. We use it to check emails, for online transaction, for watching TV-shows, playing games…

Therefore, we can expect from cyber criminals a bigger interest in developing more enhanced and smarter ways of blocking our mobile devices and stealing our private data.

This image was created by Rawpixel.com and can be found at https://www.freepik.com

Created by Rawpixel.com – Freepik

6. Cyber Warfare

Countries will continue to invest in attack infrastructure as they have over the past few years. The most recent US intelligence data suggests that 33 countries in the world now have cyber-attack capabilities. This is an increase compared to 2012, when there were only 12 of such countries.

It seems that cyber forces and commands have become an integral part of any nation’s armed forces, together with their intelligence apparatus.

Untold Truth Of 2018 and What to Expect From 2019

There are a few days left for another year to end. During this year, many exploits were found and many governments, small and large companies suffered from cyber-attacks. Let’s remember some of the incidents that caused trouble…

  • As the value of bitcoin increased to 20,000 USD during the first month of 2018, cyber-attacks slightly changed their target and also revealed a new type of attack: Cryptojacking. Cryptocurrencies were stolen and victims’ computers were used to mine cryptocurrency. Even, governments of United Kingdom, United States and Australia experienced this security issue.
Designed by Fullvector, can be found on https://www.freepik.com/free-vector/internet-payments-protection-money-transfer-online-bank-budget-accounting_2910144.htm

Designed by Fullvector

  • Rather than a software vulnerability as usual, new hardware vulnerabilities were found in processor chips. Thus, Meltdown and Spectre attacks started to hunt down computers that had these processor chips: so, basically, every computer…
  • SamSam ransomware hit a city in United States. It affected almost every station in the city, such as water management departments and police stations. Even though the ransom was only $52.000, it cost $9.5 million to recover. Also, Baltimore’s 911 dispatch system was hit by a ransomware, which forced the employees to spend 17 hours making the dispatches manually.

These events are very important factors that show why ransomware should never be underestimated…

  • GitHub, the software development platform, was targeted by the biggest DDos attack ever experienced. Their servers exposed to 1.3 terabits of traffic per second.
  • So many companies and institutions including, Equifax, UnderArmor, Aadhaar, Biritsh Airways, Rail Europe, Dixons Carphone, Ticketfly, MyHeritage, Exactis, SingHealth, Timehop, Air Canada, Facebook, Amazon, Marriot, Germany’s foreign and interior ministries and the U.S. State Department experienced data breaches effecting 4 million people, 150 million accounts, 1.1 billion Indian citizens, 185,000 passengers, unknown numbers, 10 million people, 27 million customers, 92.2 million accounts, 340 million records, 1.5 million healthcare patient records, 21 million users, 20,000 customers, 30 million users, unknown numbers, 500 million hotel guests, at least 17 gigabytes of data and several hundred employees respectively.
  • According to a United Nations report, North Korean hackers attempted to get an access to e-mail accounts UN panel members who are enforcing trade sanctions against North Korea. Also, an evidence that shows same group of hackers was targeting Turkish banks and government finance agencies was revealed by the cyber security researches.

The list of significant cyber events goes on and on…

Lessons to Be Drawn

Cyber world offers limitless opportunities to people who want to reach any point in the world while they are sitting on their chair. Thus, it also gives opportunities to hackers to find vulnerabilities and exploit them far away from the crime scene. This indicates that hackers will always be lurking on the internet to find victims according to their taste.

As there are lots of reasons behind cyber-attacks, with the right protection, proper cyber security trainings for increasing the awareness against the threats and 24×7 security monitoring, most of the cyber-attacks can be prevented.

What to expect from 2019?

Just as cryptocurrencies, increased usage of Internet Of Things and their lack of security systems will create massive hunting grounds for the hackers. On April 2018, security researches have already shown that Alexa can be made to listen to the owners without hacking it. Imagine the outcome once your devices can listen to whatever you are doing… And now imagine, if your devices can see you, listen to you and sense you…

Internet of Things

Designed by Freepik

Every day a new piece of malware is being developed. Even as cyber security experts, we can’t know all of them. This is why they are called zero-day threats. However, we can predict that with the integration of Artificial Intelligence to our lives, the AI powered malware will also be implemented to our lives, eventually…

Progression from Stealth to Damage and Disruption

A decade or two ago, hackers were infiltrating the targeted network silently; they were waiting for the perfect moment to act and exit with no evidence left behind them. Thus, their attacks were unnoticeable and even the target companies hardly noticed that they were the victims of a cyber espionage or cyber-attacks. Hackers were lurking in the shadows…

However, during the last decade hackers changed their tactics. They started performing their malicious activities publicly. They no longer cared whether their identity would be revealed or not. In fact, some of them leave traces behind on purpose to be linked back to their activity.

The Most Famous Cyber-Attack Gone Public

It is the most feared cyber-attack so far and still an active threat – the notorious WannaCry ransomware.

wannacry-ransomware

Photo by zephyr_p/Fotolia

It created a big deal of chaos around the world and increased its reputation when it encrypted files of many businesses and asked for a ransom in cryptocurrency. Even though the ransom was paid, most victims could not access their files or they ended up being a victim again.

The WannaCry ransomware emerged when North Korea – according to accusations of UK and USA – took advantage of EternalBlue. As former U.S. National Security Agency employees affirmed, EtrenalBlue was NSA’s hacking tool. EternalBlue was used to increase infection rate of the WannaCry ransomware attack.

The motivation behind the attack is still a mystery: making money or showing North Korea’s cyber force…

Weeks Later Another Attack Occurred

Initially, NotPetya targeted Ukraine but it was spread across the world very quickly. It created around $10 billion of damage. NotPetya was working as a ransomware but it had no intention to restore the files on the infected computers. Any ransom paid by the victims were useless because there was no key created for decryption. Once again, USA, UK and other countries accused Russian hackers, who are supported by their state, for this cyber-attack.

Petya-ransomware

 

Both North Korea and Russia…

… deny and reject involvement with Wannacry and NotPetya attacks. In the past, hackers remained in stealth mode. Now, scaring people and creating chaos became a part of cyber-attacks. This also created a new arena for less powerful states, who compete with economically or militarily more powerful states, to show off their cyber skills.

At the state level, cyber-attacks may not aim your credit cards or personal details but your city’s infrastructure. Such attacks have already happened. The most known example is Stuxnet malware that targeted Iran’s nuclear plant. There is also TRITON malware that targeted Saudi Arabia’s oil and gas petrochemical plant. Lastly, the attack that occurred in Ukraine in December 2016. It took down the power grids and created darkness in people’s lives and took their heating during the harsh winter conditions.

Cyber-attacks whose aim are damage and disruption will most likely become a trend in the near future.

Future Threats Of The Cyber World

Age of Artificial Intelligence is upon us. Artificial Intelligence is started being used and it will be used in broader areas. If you did not notice before, YouTube tracks what you watch and recommends you other videos that you might like. If you like the video that was recommended, you choose to watch and let the circle continue.

At one point, you don’t even notice that the main topic of the video has changed. You started watching a video about a do-it-yourself project that you want to do, but now you are watching top 10 goals in the World Cup 2018.

Thus, you end up losing so many minutes or even hours in front of your computer and doing what YouTube offers you to do. If you can’t resist watching recommended videos, it seems like your brain is hacked, doesn’t it?

Integration of Artificial Intelligence into our lives

In 2016, the public’s opinion about contentious issues in United States, such as gun control and the presidential election, was aimed to be manipulated through social media. In this manipulation, autonomous computer programs – bot accounts – were used to tweet or share propagandas.

In 2016, Microsoft created an AI chatbot to act like a curious teenage girl and engage in smart conversations with Twitter users. The chatbot Tay displayed extremely racist and sexist behaviors in less than a day.

In 2017, a new technique called Deepfake has been introduced to create new videos. This technique consists of combining and superimposing existing images and videos onto source images or videos with the help of deep learning. This lead to creation of fake celebrity or revenge pornography on the internet. Furthermore, it was also used to damage the reputation of known politicians.

H. Kim et al., 2018/Gizmodo

Comparison of the two studies – the right one done in 2017 and the middle one in 2018. The background does not move anymore. Source: H. Kim et al., 2018/Gizmodo

As of 2018, Deepfake videos are getting harder to differentiate form the real videos. This shows that it is very abuseable and can be used for hoaxes.

All of the examples above have something in common: Artificial Intelligence.

More Malicious Stuff…

One of the most sophisticated malware ever – Stuxnet was released to neutralize Iran’s nuclear infrastructure in 2010. It was designed to spread like a worm and release its payload once it knows that it is inside of the right computer. That was the reason it stayed unseen and it infected over 200,000 computers.

But how?

As a proof of concept, a variation of WannaCry ransomware, which uses deep neural networks to hide and release its payload once it detects the target, was presented by IBM researchers.

DeepLocker was integrated into a video conferencing software. The malware was hidden showing no malicious behavior and the software was working well so that it could be downloaded and used by millions of users.

Designed by Macrovector, can be found on https://www.freepik.com/free-vector/webcam-fixed-on-computer-or-laptop-with-model-data_2874853.htm

Designed by Macrovector

Meanwhile, DeepLocker was waiting for its prey. As programmed, it was using facial recognition neural network and scanning the user via the webcam. Once it acquired the target face, it activated the ransomware encrypting all the files on the computer. A personal ransomware…

Tricking the Artificial Intelligence

There are several reports and studies that show how Artificial Intelligence is targeted by malicious attacks. These attacks aim to manipulate the input data to cause neural networks to act in a misleading way.

For example, students of MIT made computer vision algorithms to flag a toy turtle as a rifle by making minor tweaks to a toy turtle. While this seems as not harmful, a study that is made by University of Michigan, the University of Washington, and the University of California, Berkeley showed that placing small black and white stickers on stop signs made these signs undetectable by Artificial Intelligence of self-driving cars.

Adversarial Artificial Intelligence Attacks

It is extremely difficult to do reverse engineering and investigate the vulnerabilities of neural networks due to their impervious nature. If hackers find a vulnerability within the Artificial Intelligence by chance or trial and error, it would be very easy for them to exploit it secretly.

To relieve the raised concerns, Adversarial Artificial Intelligence Attacks are very hard to develop and even if they are developed, they usually do not work consistently. However, if we look at how Artificial Intelligence was used to create perfectly Deepfake videos, it is only a matter of time before hackers create AI infused malware or Adversarial Artificial Intelligence Attacks.

A New Threat That Will Leave Windows Users Helpless Soon

A new multipurpose attack tool, L0rdix, is currently on sale in Deep Web Forums that are hosted by hackers. L0rdix is written in .NET and designed to infect computers with Windows operating system. It aims to steal and mine while being in stealth mode.

Despite being a one-attack-tool, L0rdix is capable of many actions. It can be considered as a Swiss Army Knife for cyber criminals.

Multiply and conquer!

With its USB infecting module, L0rdix finds and marks all connected removable devices in the network. It changes each file and directory’s attributes to hidden and copies itself in their place with the same name and icon. Thus, it will infect other removable devices when the user double clicks on files.

Takes over the control

With its botnet functionality, L0rdix is able to open a specific URL in a browser, kill a specified process, execute cmd commands, upload files, download and execute an executable file in your computer. It can also execute DDOS attacks by sending large number of HTTP requests on a specific host by its HTTP traffic overloading feature.

Stealing and cryptocurrency mining

L0rdix is after your private data. It aims to collect all files, which match the list of extensions from the configurations data, from your desktop or its directories, cookies and saved login credentials from your browser like Chrome, Kometa, Orbitum, Comodo, Amigo, Torch and Opera.

Designed by Brgfx, can be found on https://www.freepik.com/free-vector/a-man-doing-cryptocoin-mining_2176008.htm

Designed by Brgfx

With its miner functionality, L0rdix can also take over your computer and use its resources for cryptocurrency mining without your consent.

Decision to make

After a targeted computer is infected, L0rdix collects information about your computer, such as version of the Operating System, CPU model, all installed antivirus solutions, device ID, user privileges. It encrypts the collected data along with a screenshot of the infected computer then sends to command and control server. According to this forwarded information, L0rdix updates its files and settings to decide whether to mine and steal or not.

Along with the functionalities above, the developers of L0rdix made it highly advanced so that it can differentiate the virtual environment from the real world. When it is in the virtual environment, L0rdix does not execute itself. Therefore, it cannot be analyzed by common malware analysis tools.

And more…

According to researchers, L0rdix consists of other unfinished modules and weak implementation details. This indicates that L0rdix is still under development and more sophisticated versions of it will cause troubles in the future.

New troubles of the cyber world

While we at Zemana are working to eliminate zero-day threats by implementing deep learning mechanisms into our products and applying new multi-layered defense systems, it is no surprise that cyber criminals are working to create new types of malware that are harder to be detected and cause more damage than before.

Designed by Zirconicusso, can be found on https://www.freepik.com/free-vector/thief-stealing-the-information-from-de-devices_939988.htm

Designed by Zirconicusso

Users: Weakest link in the cyber security chain

This is the reason why there is are no computers in the world that cannot be hacked. Everyday hackers find new weaknesses to exploit and most of these new weaknesses become exploitable because of the careless and negligent users.

Zemana Endpoint Security protects your corporate network with its multi-layered defense while restricts your users. Your IT department can create policies to block applications, malicious websites or other websites that contain certain keywords, removable devices such as USB, Bluetooth devices, CD Roms, disk drives, and more.

Your business will be more secure once the weakest link in the chain is handled. This is why Zemana Endpoint Security will come in handy in controlling careless and negligent users in your corporate business environment.

Modern Day Heists: Bank Hackings

On November 6th, Federal Investigation Agency (FIA) Cybercrimes Director Capt. Mohammad Shoaib reported that almost all the banks in Pakistan were hacked and suffered a major security breach.

The data breach was revealed when 10 banks blocked all international transactions on debit and credit cards. FIA did high level investigation when 100 cases of security breach was reported in the recent past.

According to investigations, the first case of the cyber attack on banks was reported by BankIslami on October 27th. BankIslami blocked all international transactions when they noticed unusual transactions that are worth around 20,000 USD.

In addition to the stolen cash, data of over 8,000 account holders was sold on the black market. A gang was arrested when its members used stolen data to withdraw money from the banks in the disguise of Pakistani Army personnel. FIA wrote to all banks to increase their security against the data breach.

Designed by Macrovector, can be found on https://www.freepik.com/free-vector/thief-and-robbery-horizontal-banners-set-with-stealing-cars-and-internet-theft_2873128.htm

Designed by Macrovector

Hackers vs. Robbers

With the implementation of online banking, the financial systems across the world are the best targets for cyber-attacks. The heists do not happen with guns anymore. Hackers can heist thousands of dollars without getting up from their seats.

When hackers find a weakness in the targeted banking system, they can infiltrate it from another computer from a random location. Since cyber heists are less risky for the hackers, banks must take all security precautions to prevent all kinds of data breach. In the end, banks will be held responsible if their security features are weak.

To Ensure Cyber Safety and Safe Online Transactions

The banks must protect all of end user devices, which connect to their IT infrastructure such as laptops and cellphones, from all kinds of malicious software. To achieve this objective an advanced corporate network protection software, is a must.

We at Zemana are aware that cyber threats are becoming a greater danger in the corporate world, so this is why we invested a lot of resources, time and energy into our business solution, Zemana Endpoint Security. This product offers full protection of your corporate network. You can learn more about it here.

All data stored on end user devices or a cloud must be encrypted. Thus, in an event of a data breach the stolen data cannot be used or the login credentials can be changed until the decryption process is completed.

As many banks use third-party services to give their customers better service, banks should be aware that if a third-party service has a weak cyber security system, it will also weaken banks’ security system.

In this case, the banks should take vendors’ cyber security systems into consideration before deploying their solutions. Banks should consider doing penetration tests to find vulnerabilities of their IT infrastructure.

How to Survive in Today’s Cyber World

According to Routine Activities Theory, which is one of the four major victimology theories, the crime occurs when a motivated offender and a suitable target are present while capable guardians are absent. These three elements must converge at the same time and in the same environment. This theory suggests that a motivated offender will act upon the suitable target when there is nobody that can prevent the crime from happening. Thus, we can say that a burglar can sneak into a house, where nobody is present, to steal valuable goods.

The Suitable Targets

If we apply this theory to the cyber world, the environment and the time limits are no longer an issue due the structure of the cyber world. So, regardless of the size or sector, all businesses are targets for cyber-attacks. Cyber-attacks occur when a motivated hacker detects a target that has no appropriate guardian or cyber security system in this case.

What Motives Hackers to Infiltrate…

There are many reasons behind a cyber-attack. From hackers’ point of view, they have many desires and motivations behind their actions. These can be categorized into three main sections for better understanding.

Designed by Freepik can be found at https://www.freepik.com/free-vector/young-anonymous-hacker-with-flat-design_2753362.htm

Designed by Freepik

Financial Gains

This is the most common reason that initiates a cyber-attack. The hackers usually want to earn money as easy as possible. Thus, they usually follow three main ways to achieve their objectives.

  1. Hackers infiltrate into your network or database to steal the information that you create and store to do business. This information could be related to your customers or products. This kind of data breach is usually unnoticed because hackers aim to steal the information periodically. Once the information is taken, they can either use the information for identity theft and fraud or they can sell it to other third parties for the same reason.
  1. Hackers can lock your computer or encrypt your files and demand a ransom to restore it back. Once they are in your computer, they execute a malicious software called ransomware that leads you to a stalemate. This malware informs you that your computer is locked, or that your files are encrypted, and you have only one way to recover them: paying the ransom they want. At this point, even if you pay the ransom, there is a chance that your files will stay locked forever or you can be targeted again with the same ransomware.
  1. Instead of selling the information, hackers can change the information within the company, so they can attack to perpetrate a direct fraud on a business. In this attack pattern, hackers usually aim to change the destination of a payment. They can send a fake email, which looks legitimate, on behalf of a supplier that advices about changed bank details. Once it is changed, the money goes to hacker’s account rather than the supplier’s account. 

Hacktivism

It means infiltrating into a system or a network to make a political or social point. Hacktivists can interrupt or stop their target’s normal activity with Denial of Service (DoS) attacks. Governments and political institutions are often targeted by DoS attacks. They can also look for information to damage their targets’ reputation. After the data breach, the information usually ends up on Wikileaks.

Challenge

Some hackers love to challenge themselves to prove themselves in their community, to have an adrenaline rush or both. They may not have criminal intentions. For example, white hat hackers hack into institutions’ network with an authorization to find out the weaknesses. However, inexperienced hackers may damage the system and create new weaknesses or back doors in the network for those who have criminal intentions while challenging themselves.

Hackers may have other motivations as well as getting revenge, gaining a commercial advantage or more complex ones…

Insider Attacks

While a motivated hacker can attack your business from the outside; insiders, such as employees and business partners, can also attack or assist the attacks that target your business. In fact, many cases of security breaches occur due to misuse of corporate IT systems by an insider. An insider can be motivated, careless or negligent.

Even if your business has a sufficient cyber security system, insiders often open your business up to cyber risks. An insider can:

  • open spam e-mails,
  • click on suspicious links,
  • share confidential information on social media,
  • install unauthorized software,
  • keep confidential information on portable device and leave it unattended,
  • use personal e-mail account for business,
  • download pictures, videos and audios,
  • use unsecured devices to access a company’s network…
Designed by Freepik can be found at https://www.freepik.com/free-vector/warning-pop-up-with-flat-design_2604665.htm

Designed by Freepik

The Capable Guardian

A business must be protected from both outside attacks and inside negligence. An antivirus or anti malware software can protect your business from outsiders but it won’t control insiders. Even if the software offers very solid protection, without required policies that controls the insiders, there will always be back doors for hackers. That’s why traditional anti-virus solutions do not work in the corporate network protection.

As an advanced corporate network protection software, Zemana Endpoint Security offers antimalware, anti-ransomware, anti-phishing and anti-keylogging protection. In addition to its real time multilayered defense and machine learning capabilities, Zemana Endpoint Security controls insiders and prevents negligence within the company. It restricts them via its content control mechanisms, such as URL and keyword filtering, application blocking and device management. Thus, Zemana Endpoint Security won’t let insiders open your business to cyber risks.