Every year, the online world seems to become more dangerous. As we hand over more information about our lives to companies, government, and strangers on social media, criminals are discovering new ways to turn that information into cold, hard cash.
From smartphone malware to AI-assisted phishing, and from epic corporate data leaks to Cloud-based ransomware disasters, 2018 has seen some huge cybersecurity threats either grow or worsen. So, to help you stay safe, here’s our list of the worst threats we’ve seen so far this year.
1. An epidemic of smartphones infected with malware
There was a time when Android users could feel relatively safe from viruses and malware. After all, the platform itself was thought to be immune to infections, and the Google app library was well curated to keep out digital nasties.
Well, that’s no longer the case at all. Security experts McAfee have christened 2018 the “year of mobile malware”, and with good reason. According to their Mobile Threat Report, Google Play is inundated with apps which conceal Bitcoin mining operations. When these apps load up, the mining code gets into gear, sucking up resources and causing Android phones to judder to a halt.
And that’s not all. 2017 saw the discovery of what came to be known as Grabos. Hidden away in innocuous-looking apps like Aristotle Music Player (over 5 million downloads and counting), Grabos could beam all sorts of information back to command and control servers from targeted devices. That information could (and was) be used in identity theft attacks, causing untold damage.
Sometimes, even apps which promise to secure your phone have malicious intent. Apps which clean up phone memories, guard against malware and “cool” CPUs often conceals Trojan horses which can take control of Android devices.
Mobile threats are increasing, too. As smartphones reach a saturation point, attackers are focusing their efforts on weak points like third-party app libraries and unsecured wi-fi hubs. And it’s only going to get worse as their profits start to mount.
2. More corporate data disasters
There’s no question about it. When you hand over your data to companies, there’s absolutely no guarantee they will know how to secure it. In 2018, data leaks from corporations and public bodies is one of the biggest cybersecurity threats around, and there have been some spectacular cases in the recent past.
For instance, in September 2018, British Airways announced that it had succumbed to data thieves. As far as we know, the airline’s servers were in enemy hands for two weeks at the tail end of the summer vacation season. During that time, customers’ financial details were unsecured and were, predictably enough, stolen in huge numbers. Over 350,000 people in all were affected, and British Airways still hasn’t released details of compensation and costs.
Of course, BA wasn’t alone. They are actually part of a massive club of companies that have failed the data security 101 this year. Take Reddit, for example. You’d think that a forum populated by snarky people with intimate knowledge of the latest cybersecurity threats would be right up to date with their security practices.
Well, think again. In June 2018, Reddit slipped out an announcement that their staff two-factor authentication processes had been compromised, leading to a huge leak of emails from Reddit users. That’s a big deal for users who have posted anonymously for years and are worried about being unmasked. And it’s a potential bonanza for blackmailers. All because the company got lazy with choosing its 2FA processes.
From Equifax to the Department for Homeland Security, and from FedEx to Target, household names are failing to keep records safe. That’s leading savvy net users to opt for anonymous payment systems and to think twice before handing over any personal information.
3. Cryptojacking steps into the limelight
However, even cryptocurrency payments have been implicated in this year’s most serious cybersecurity threats. That’s because 2018 has seen a spike in what’s known as “crypto jacking”. In fact, you could be crypto jacked right now without even realizing it.
What is crypto jacking all about? Well, essentially, it turns target computers or phones into tiny little gold mines. Attackers can inject scripts into fake websites, which implant mining tools onto the systems of unwitting visitors. These miners than whirr away in the background, carrying out the complex calculations needed to create Bitcoin or Monero.
The Cyber Threat Alliance has crunched the numbers here, and come up with some amazing stats. Apparently, crypto jacking is up over 450% in the past year, as vast numbers of hackers seek to maximize their mining operations.
And here’s the fascinating thing: one of the latest cybersecurity threats derives from the bowels of the secret state.
Most experts trace the crypto jacking epidemic back to tools developed by the National Security Agency (NSA) to spy on Windows computers. When the code for these tools became public, it was swiftly re-engineered to feature mining apps, with easy access to Windows computers.
You might be able to head off crypto jacking with Adblockers, regular Windows updates, and cutting-edge antivirus software (not to mention a little bit of common sense when avoiding fake websites). But often, we just don’t notice if our bandwidth is hived away to mine cryptocurrency. That’s what makes it one of the hardest cybersecurity threats to combat.
4. Get ready to be held to ransom in the Cloud
A few years ago, if I told you that you’d be held to ransom in the Cloud, you might think I was high on some form of narcotics. But these days, cloud ransomware attacks are one of the top cybersecurity threats out there.
In ransomware attacks, hackers use malware to gain access to target computers or phones. They then lock these systems remotely and inform the user that they are being held to ransom. If the target doesn’t pay, they don’t regain access to their system, it’s as simple as that.
To counter traditional ransomware, many people started to use the Cloud as a backup. They could move sensitive files to a remote location, which claimed to be secure. Then, if the worst happened, they could still get hold of the accounts information or photos they needed.
But Cloud ransomware is challenging that strategy. First identified in 2017, a form of ransomware called Petya has spread across cloud storage networks. Initially, it spread through HR departments via contaminated Dropbox files, but it was soon overhauled to spread via a Windows exploit called Eternal Blue.
What this means, is that the Cloud-based storage systems used to avoid ransomware fallout could actually lead to even worse attacks. Petya wreaks havoc with target computers, tearing apart their master file tables and making it impossible to access files.
And Petya isn’t alone. As MIT reported earlier in 2018, Cloud ransomware is one of the latest cybersecurity threats to look out for, and it’s getting worse. According to the professors there, smaller Cloud storage companies are most at risk, compromising vast amounts of confidential customer data.
So, by all means, back up your data to handle top cybersecurity threats like traditional ransomware, but don’t assume that the Cloud is infallible. Be sure to use a reputable provider with rock-solid encryption, and avoid suspiciously cheap, little-known alternatives.
5. Everyone needs to watch out for social engineering scams
Our final entry in 2018’s top cybersecurity threats is probably going to be the creepiest. Social engineering is a technique used by cybercriminals to persuade targets to act in certain ways. It’s how they get you to open attachments containing malware or to hand over your credit card details to an “Amazon customer care center.”
Those kind of social engineering scams are well known. They still work, but 2018 has seen much more radical, sinister techniques starting to emerge.
The problems arise when social engineering and phishing meet artificial intelligence (AI) and machine learning. On one hand, machine learning tools are allowing criminals to create cybercrime factories. They can tell these tools to craft certain styles of email, then sit back and watch them go to work. There’s no chance of tiredness or burnout, and human error is minimal.
On the other hand, the rise of AI is allowing criminals to go beyond standard persuasive techniques. The next generation of AI tools can bring together huge amounts of data about targets, creating in-depth profiles to use when contacting and manipulating them. When they get started, you may have no idea that you are talking to a machine.
It’s not all bad, though. Plenty of people have argued that AI can help us neutralize phishers. But in truth, this could go either way. Technology is what we make of it, and you can guarantee that criminals will make AI a powerful way to compromise our security.
Keep your wits about you and take action to counter cybersecurity threats
While the latest cybersecurity threats may seem worrying (and they should be), it’s reassuring to remember that there’s a whole industry dedicated to keeping us safe online. Antivirus and antimalware tools, encrypted data storage centers, and beefed up authentication processes are all there for us to use. And Virtual Private Networks are surely part of the mix, too.
But whatever you do online, arm yourself with the tools require to stay as safe as possible. There’s no such thing as 100% security, but just because the threats are mounting, doesn’t mean we need to be sitting ducks.