Confronting New Cybersecurity Threats
According to Karim Hijazi, a cyber intelligence expert, bad actors are coming up with new and sophisticated threats that are disruptive and harder to detect.
Being aware of these threats is the first step in defending our cybersecurity.
New Wiper Malware:
Wipers are a type of malware that can be more devastating than ransomware. Their sole purpose is to erase data rather than extort money.
Until recently, wipers weren’t widely used, but is about to change. As nation-states grow more active and bolder online, we should expect more digital confrontations involving devastating cyber-attacks.
There is already a precedent for these attacks. In 2020, Iran was accused of carrying out a series of wiper attacks against Israel.
Iran has also been linked to various wiper attacks in the past, including Saudi Aramco’s ‘Shamoon’ attack in 2012, which destroyed over 30,000 computers. Additionally, in 2014, North Korea deployed wiper malware in its infamous attack on Sony Pictures.
Wiper malware has no barrier to entry. So, it’s not limited to state actors. Wipers are financially less valuable to criminals. However, they are a powerful tool for terrorists, political activists, and lone wolves wishing to cause harm.
Corrupted AI Threats:
The growing sector of artificial intelligence (AI) is a future gold mine for cybercriminals and nation-state hacking groups.
AI enables malware to become smarter and more autonomous. It gives malware the ability to adapt to changing conditions and learn how to refine its methods for more sophisticated attacks.
According to researchers, early-stage AI is substantially better at conducting phishing attacks than humans. It can construct viral tweets and social media phishing to infect users.
AI makes it easier for hackers to take over online accounts by guessing passwords and defeating CAPTCHAs,
You may have seen some “deepfake” videos and audio deepfakes. It’s dangerous that audio can impersonate CEOs and fool employees into revealing sensitive information.
Additionally, these deepfakes could lead to political crises and the incrimination of innocent individuals.
Firmware Attacks:
For the past 25 years, the majority of cyber-attacks target software, rarely delving beyond a device’s operating system.
That’s about to change.
Hackers are using malware to now target “firmware” in order to acquire high-level access to devices. According to a recent poll, 83 percent of businesses have previously experienced firmware attacks.
So, what exactly is firmware?
Firmware is the code that runs beneath the operating system. If hardware needs a program to be able to work, firmware is the program. Firmware serves as a link in high-functioning electronics such as computers and smartphones.
However, It’s much more significant for lower-functioning “embedded devices” such as, ATMs and medical devices, where firmware is frequently used instead of an operating system.
In a nutshell, a hacker can take control of a gadget if they can acquire access to the firmware.
Particularly, it’s concerning for embedded devices used in safety-critical systems like power grids, water treatment plants, nuclear power plants, oil and gas pipelines, and so forth.
An attack on firmware in those devices could result in dramatic situations of physical sabotage. For example, a hacker can cause a month-long power outage or interrupt water supply.
These types of attacks aren’t far-fetched. Just a few years ago, Russian hackers disrupted Ukraine’s power grid leaving thousands without power.
Supply Chain Exploitation:
Due to high-profile breaches like SolarWinds, Microsoft Exchange, Kaseya, and Codecov, supply chain attacks has become the new buzz word.
The truth is, abuse on supply chain is still new. In the coming years, attacks will only become more common, smart, and bold.
Advanced nation-states like Russia and China can breach more sensitive “backbone” IT services — think ISPs, chipmakers, app stores, security tools, and so on — to better infiltrate critical infrastructure in the United States.
Furthermore, hackers will exploit software/firmware supply chains, to enter millions of Internet of Things (IoT) devices from smart thermostats to audio devices.
These attacks, far from small annoyances, have potential to cause massive physical disturbance if hackers disable these devices.
5G Capabilities:
Internet connectivity is undergoing substantial changes to the current 5G deployment.
Wire-connection Internet speeds will soon be accessible for wireless internet delivery. All due to advancements in cell towers, satellites, and high-altitude spacecrafts.
Hackers will take advantage of these increased bandwidths. We should expect an increase in attacks like more powerful botnets, data theft on an unprecedented scale, and device-on-device attacks.
Botnets
Botnets use a network of suppressed devices that hackers utilize to flood services and Internet connections. In 2016, a college student used a botnet to take down a significant portion of the internet.
With 5G projected to be 10 times faster than 4G, the speed of data transfers is only increasing and these botnets will only get more powerful.
Botnet attacks could jeopardize public safety if they block emergency services across the state. They could even extort entire countries, which already happened to Liberia in 2016.
With faster transfer speeds, hackers will have an easier time collecting and extracting massive quantities of stolen data. As a result, data breaches will become more expensive and potentially more difficult to recover from.
It’s just a fact that our devices are getting smarter and more autonomous.
—
Overall, the take away is that cybersecurity is only going to get more complicated. As hackers develop new and inventive ways to carry out assaults, we need to be prepared. It’s true that ransomware attacks will continue to be a problem in the coming years, but the emerging of new attacks should be equally concerning.
Informing yourself about these threats means you’ve already taken the first step protecting yourself against cybercriminals.
If you are looking for some cybersecurity measures you can take, feel free to book a time to chat with us via the Calendly link below. I’d be happy to discuss ways to optimize your company’s IT
Click here to schedule a free 15-minute meeting with Stan Kats, our Founder and Chief Technologist.
STG IT Consulting Group proudly provides IT Service for Small to Medium Businesses in Greater Los Angeles. We’d love to see if we can help you too!