Cybersecurity threats have evolved drastically to meet the new data theft playground that is the cloud. The first two quarters of 2017 saw the advent of new, viral ransomware and improved phishing campaigns. Cryptocurrencies are fresh bait for cybercriminals, who are finding stealthier ways to launder their money. If that’s not enough, DDoS-for-Hire services give less tech savvy attackers an economical way to orchestrate attacks. Distributed denial of service sieges bring enough junk traffic to sites to cause catastrophic disruptions.
1. Phishing’s Evolution
In May, a fake Google Docs app gave cybercriminals access to thousands of Gmail accounts, along with permission to manage them. The phishing campaign worked through the Google system, so it had all the data required to establish trust. The era of spear phishing has arrived. This targeted technique addresses you by name and seems to come from one of your own contacts. The technique has raised the number of successful data breaches to an incredible 1300 percent, and if your organization becomes a target, your client’s personal and financial data can be stolen without your multilayered defense tools even raising an eyebrow. The FBI began writing about spear phishers in 2009, but recent attacks have demonstrated a level of sophistication that was previously unthinkable.
2. DDoS for Hire
You can find a DDoS attack service in seconds from your Google search page. These cybersecurity threats are illegal, so most “service providers” hide behind the euphemistic title of “stresser." The strategy gives bitter clients or competitors the power to systematically take down your entire corporation one profit-free day at a time. If you think your enterprise status makes you immune, three quarters of global brands have been victims of precisely this kind of attack. In fact, every day, 3,700 DDoS attacks occur, largely via IoT devices. If your rivals prefer a DIY approach, they can buy everything from a botnet stresser to a traffic emulator. The typical loss per business falls between $14,000 and $2 million. While hacker groups used to be responsible for most of these kinds of attacks, the era of DDoS hacktivism has been taken over by cyber crooks.
3. Deception Strategies
Image steganography cybersecurity threats hide malware commands in innocuous images, often on social media. Malware authors are also using anti-analysis tricks to hide in plain sight and burying their command and control servers within compromised networks. This way, security tools are less likely to recognize them. Deception measures are becoming increasingly advanced, allowing servers to hide stolen information in covert channels. Deception attacks can also work in a reverse direction or give a false explanation of events.
The potential impact of enterprise data loss has been estimated to be as much as $1.8 million per organization. That risk is limited to cloud-based data theft, destruction, and account takeovers, and its very foundation is built from employee ignorance. IT teams must thus address sharing habits as much as it does the technical aspects of its information security and risk management strategy.