As far as cyber security was concerned, 2018 didn’t get off to a great start. Just days after people celebrated the new year, researchers announced a vulnerability that had been found in basically every CPU processor that had been made in the last 20 years.
The most common security threat types in 2018 were malware, social engineering, hacking, credential compromise, web attacks and DDoS. Overall, 2018 provided us with an important reminder that security threats can appear from new and unexpected sources. Threat volume has increased, and the threat landscape is becoming increasingly diverse, with hackers working hard to find new attack avenues that can be used to exploit businesses.
Here is a break down of the main security threats from 2018 – with research provided by Positive Technologies:
Malware – 49% of Attacks
In a malware attack, malicious software is used to perform activities on the victim’s computer system, usually without his or her knowledge. Malware aims to invade, damage or disable computers, computer systems, networks and/or mobile devices, often by taking control of a device’s operations. Malware can be used to steal, encrypt or delete data, alter core computer functions and spy on the victim’s computer activity. Often, the objective is to make money.
An example of a famous malware attack is WannaCry, which is a ransomware worm that spread across a number of computer networks in May 2017.
WannaCry (and subsequent variants that still exist) infects computers running Microsoft Windows, encrypts files on the PC’s hard drive (making it impossible for users to access them), and then demands a ransom payment in bitcoin to decrypt the files. WannaCry made headlines after striking numerous high profile systems, including many in Britain’s National Health Service.
Social Engineering – 25% of Attacks
Social engineering involves manipulating people so that they give up confidential information or take some other action that benefits the attacker. The most common form of social engineering attacks is phishing, which uses email or malicious websites to solicit personal information by posing as someone in a position of authority.
One successful social engineering attack from 2018 is the ‘Sextortion Email Phishing Scam’.
In this scam, hackers used breached email data from a range of sources to lure victims into paying a ransom by claiming that they had webcam footage of the victims doing something illegal or embarrassing (like watching adult content) which they would share with all their contacts if they did not receive the money inside 48 hours. The hackers made over $500,000 from the attack.
Hacking – 21% of Attacks
Hacking, which involves exploiting vulnerabilities in software and hardware, is often the first step in a cyber attack. One of the more notable data hacks from 2018 was the British Airways data breach, in which customer information from approximately 380,000 booking transactions was accessed by hackers. The compromised data included names, addresses, email addresses, and sensitive payment card details. Some security experts think it’s very likely that this stolen data is available for sale on the dark web, and worth a cumulative price tag of millions.
Credential Compromise – 19%
Credential compromise is the act of stealing credentials, like passwords. Typically it involves a phishing email attack tricking users into logging in to services that appear genuine but are, in fact, fake. Or by tricking a user into visiting a compromised website and downloading a keylogging program on their device without their knowledge. It can also happen when users of one online service re-use their password across other sites as well. When one service is compromised, criminals take a punt that the credentials have been re-used in more important services. Often they are able to guess correctly.
In May 2018, an Initial Coin Offering (ICO) startup called Taylor lost more than $1.47 million in one credential compromise incident. According to the startup, cybercriminals compromised an employee’s device and accessed 1Password files (1Password is a popular password management app), including cryptocurrency wallet passwords. The attack saw Taylor cleaned out of the cryptocurrency that it stored on behalf of its users.
Web Attacks – 18% of Attacks
Web attacks involve website operators being extorted for profit, often with threats of releasing client databases or shutting down the website.
A typical example of this attack-type happened in May 2018, when an attacker offered to sell information about website vulnerabilities to Ticketfly (a ticket seller). Ticketfly refused, so the attacker defaced the main page of their website and published links to the client database. Another example of a 2018 web attack took place when a Pakistani hacker attacked the web resources of Thai Airways, including their official website, server, payment system and booking system.
DDoS – 5% of Attacks
DDoS (Distributed Denial-of-Service attacks) tend to be the chosen tactic for business rivals, disgruntled clients and hacktivists. It involves “recruiting” an army of devices that can issue IP requests and/or send traffic to a particular IP address or range, overwhelming the ability of the resource to cope with it and taking one or more services offline.
These attacks are common against government institutions and politicians. One 2018 example of this took place when the website of a Mexican political party was attacked during the final TV debate of the presidential campaign. Criminals also perform DDoS for profit (by taking sites offline and demanding payment for reinstating the site).
You can read the full Positive Technologies report on 2018 security threats here. To find out how you can improve your network security, check out our Busy Executive’s Guide to Information Security in 2019.