Every year, cyber security threats seem to become increasingly dangerous. From smartphone malware to AI-assisted phishing, and from epic corporate data leaks to Cloud-based ransomware disasters, we have already seen some huge cyber security threats either grow or worsen.
Hundreds of millions of user records stolen from databases, millions of unsuspecting devices turned into crypto mining botnets, billions of dollars’ worth of damage – the ever-growing list cyber security threats goes on…
What’s even worse, these risks are definitely here to say, with cybercriminals escalating attacks and tech giants constantly buying and siphoning our data. As we hand over more information about our lives to companies, government, and strangers on social media, cybercriminals are discovering new ways to turn that information into money.
So, to help you stay safe, here’s our list of the worst cyber security threats in 2020.
1. Malware-infected Android smartphones
2019 has been dubbed the “year of mobile malware” for Android devices. 2020 should be no different. According to McAfee’s Mobile Threat Report, Google Play is inundated with malicious apps which conceal Bitcoin mining operations. When these dangerous apps load up, the mining code does as well, using up resources and causing Android smartphones to slow down.
And that’s not all. In 2017, mobile malware that came to be known as Grabos was discovered by security experts. Hidden away in innocuous-looking apps like Aristotle Music Player (over 5 million downloads and counting), the Grabos mobile malware could beam all sorts of data back to command and control servers from targeted Android devices. That data was used in identity theft attacks, causing untold damage.
Sometimes, even apps that promise to secure your smartphone are actually malware. Apps that purport to clean up smartphone memories, guard against malware and “cool” CPUs often conceals Trojans which can take control of Android devices.
There was a time when Android users could feel relatively safe from viruses and malware. After all, the platform itself was thought to be immune to infections, and the Google app library was well curated to keep out digital threats.
Well, that’s no longer the case at all. As smartphones become more and more ubiquitous, attackers are focusing their efforts on weak points like third-party app libraries and unsecured wifi hubs. And it’s only going to get worse as their profits start to mount.
2. Corporate leaks and data breaches
You can no longer trust companies to secure your information against leaks and data breaches. Both in 2018 and 2019, data leaks from corporations and public institutions were some of the biggest cyber security threats around, and there have been some record breaches in the recent past.
For instance, in September 2018, British Airways announced that it had suffered a data breach. As far as we know, the airline’s servers were in cybercriminal hands for two weeks at the tail end of the summer vacation season. During that time, customers’ financial details were unsecured and were stolen in huge numbers. Over 350,000 people in all were affected by the data breach, and British Airways still hasn’t released details of compensation and costs.
Of course, BA wasn’t alone. They are actually part of a massive club of companies that have suffered information leaks and data breaches this year. Take Reddit, for example. You’d think that a forum populated by snarky people with intimate knowledge of the latest cyber security threats would be right up to date with their security practices.
Well, think again. Last year, Reddit released an announcement that their staff two-factor authentication (2FA) processes had been compromised, leading to a huge leak of emails from Reddit users. That’s a big deal for those who have posted anonymously for years and are worried about being unmasked. And it’s a potential treasure trove for blackmailers. All because the company got lazy with choosing its 2FA processes.
From Equifax to the Department for Homeland Security, and from FedEx to Target, household names are failing to keep your data safe. That’s leading savvy net users to opt for anonymous payment systems and to think twice before handing over any personal information.
Unfortunately, even cryptocurrency payments are among this year’s top cyber security threats. That’s because 2019 has seen a spike in what’s known as “cryptojacking.” In fact, you could be cryptojacked right now without even realizing it.
What is cryptojacking all about? Well, essentially, it turns target computers or smartphones into tiny crypto mines. Attackers can inject scripts into fake websites, which implant crypto mining tools onto the systems of unwitting visitors. These crypto miners then whirr away in the background, carrying out the complex calculations needed to create Bitcoin or Monero.
The Cyber Threat Alliance has performed a thorough analysis and released some amazing stats. Apparently, cryptojacking is up over 450% in the past year, as vast numbers of hackers seek to maximize their crypto mining operations.
Some experts trace the cryptojacking epidemic back to tools developed by the National Security Agency (NSA) to spy on Windows computers. When the code for these tools became public, it was swiftly re-engineered to feature crypto mining apps, with easy access to Windows computers.
You might be able to head off cryptojacking with Adblockers, regular Windows updates, and antivirus software. But often, we just don’t notice if our bandwidth is siphoned off to mine cryptocurrency. That’s what makes cryptojacking one of the hardest cyber security threats to combat nowadays.
4. Cloud ransomware
A few years ago, if we told you that your remotely stored data could be targeted by a ransomware attack, you might think we were high. But in 2019, Cloud ransomware attacks were among the top cyber security threats out there.
In traditional ransomware attacks, hackers use malware to gain access to target computers or smartphones. They then lock these systems remotely and inform the user that they are being held to ransom. If the target doesn’t pay, they don’t regain access to their system.
To counter traditional ransomware, many people started to use Cloud storage as a backup for their data. But Cloud ransomware is challenging that strategy. First identified in 2017, a form of Cloud ransomware called Petya has spread across remote storage networks. Initially, it spread through HR departments via contaminated Dropbox files, but it was soon overhauled to spread via a Windows exploit called Eternal Blue.
What this means, is that the Cloud-based storage systems used to avoid the ransomware fallout could actually lead to even worse attacks. This particular Cloud ransomware attack wreaks havoc with target computers, tearing apart their master file tables and making it impossible to access files.
And Petya isn’t alone. As MIT reported back in 2018, Cloud ransomware is one of the latest cyber security threats to look out for, and it’s getting worse. According to the professors there, smaller Cloud storage companies are most at risk, compromising vast amounts of confidential customer data.
So, by all means, back up your data to handle top cyber security threats like traditional ransomware, but don’t assume that the Cloud is infallible. Be sure to use a reputable provider with rock-solid encryption, and avoid suspiciously cheap, little-known alternatives.
5. Social engineering scams
Social engineering is a technique used by cybercriminals to persuade targets to act in certain ways. It’s how they get you to open attachments containing malware or to hand over your credit card details to an attacker masquerading as an “Amazon customer care center.”
Such social engineering scams are well known. They still work, but 2019 has seen much more radical, sinister techniques starting to emerge.
The problems arise when social engineering and phishing meet artificial intelligence (AI) and machine learning. On one hand, machine learning tools are allowing criminals to create cybercrime factories. They can tell these tools to craft certain styles of email, then sit back and watch them go to work. There’s no chance of tiredness or burnout, and human error is minimal.
On the other hand, the rise of AI is allowing criminals to go beyond standard persuasive techniques. The next generation of AI tools can bring together huge amounts of data about targets, creating in-depth profiles to use when contacting and manipulating them. When they get started, you may have no idea that you are talking to a machine.
It’s not all bad, though. Plenty of people have argued that AI can help us neutralize phishers. But in truth, this could go either way. Technology is what we make of it, and you can guarantee that criminals will make AI a powerful way to compromise our security.
6. Internet of Things (IoT) attacks
Internet of Things (IoT) attacks are as scary as they are insidious. Devices that are connected to the IoT are becoming more and more omnipresent by the day. This includes all manners of web-capable devices, including smart household appliances, home security systems, webcams, smart watches, desktop and laptop computers, and even medical equipment. Unfortunately, they’re all susceptible to IoT attacks. Because this year, anything connected to the web can be hacked.
According to Forbes, IoT attacks surged by 300% in 2019, while Symantec reported that 75% of IoT attacks began with infecting the users’ routers. Webcams took second place with 15.2% of the whole IoT attacks pie this year. Once hackers take over an IoT device, they can use and abuse it however they want, including taking sensitive pictures for blackmail, holding users’ data hostage, disabling essential equipment, or overloading entire networks at will.
To protect against IoT attacks, however, you don’t have to go off the grid. Changing your default router passwords to strong and complex passphrases, keeping your IoT devices up to date, and installing a VPN on your router can help lower the risk of this cyber security threat to a minimum.
7. Medical record and healthcare device hacks
Cyberattacks on healthcare providers was another top cyber security threat in 2019. With patient data and medical records now stored online and smart medical device adoption rapidly expanding in hospitals across the world, the state of cyber security in the healthcare sector is far from adequate.
From electronic medical records to medical equipment, security vulnerabilities exploited by hackers can result in not only enormous data leaks, but also mortally dangerous remote tampering with healthcare devices that are connected directly to patients.
While the dangers posed by medical record and healthcare device hacks are incredibly worrying, they can be avoided by making sure that hospital staff has basic cyber security training. Since phishing and ransomware are the most common points of access to healthcare systems for hackers, simply training hospital employees to keep their software up to date and educating them about phishing scams could mitigate most of these cyber security threats.
Take action to counter cyber security threats
While the latest cyber security threats may seem worrying (and they should be), it’s reassuring to remember that the whole cyber security industry is dedicated to keeping us safe online. Antivirus and antimalware tools, encrypted data storage centers, and beefed up authentication processes are all there for us to use.
And Virtual Private Networks (VPNs) are part of the mix, too. In fact, using a VPN is essential if you want to keep yourself safe from the many cyber security threats out there. You just need to remember that it cannot protect you from all possible threats. For example, while torrenting with a VPN on will effectively hide your personal data in an encrypted tunnel, even the best VPN service won’t stop you from opening a malicious file pretending to be a new episode of a long-awaited TV series. And bad people are looking how to conceal malware in a torrent to make you click on it!
So, still not sure which VPN will be best for you? Head on over to our list of the best VPN services currently on the market and find out which provider best suits your needs.
But whatever you do online, arm yourself with the tools require to stay as safe as possible. There’s no such thing as 100% security, but just because the threats are mounting, doesn’t mean we need to be sitting ducks.