Current Threats In The Cyber World
Threats to Keep an Eye OnNew Kits & Macros There are new Exploit Kits (EKs) that circulate on the market, as a replacement of the older versions. This leaves out-of-date software exposed and vulnerable in front of better-designed malicious software. Some new EKs use file-less attacks (no need to download the malicious software on the disc) and most of them are ransomware. There are also EKs that act in the router, changing DNS settings so users are redirected towards phishing and malicious websites. Lastly, one of the weak points in IT security is represented by the use of document files with Visual Basic Applications macros. While the MS Office installation sets macros on disabled by default, threat actors manage to trick users into activating them. Ransomware Attacks 2019 was a bad year for organizations that didn’t pay enough attention to their cybersecurity. As such, we saw major data breaches in the healthcare sector, governmental institutions, factories, police stations, and even power grids. The losses were major as well, but these breaches highlighted the vulnerability of vital systems at a worldwide level. Of course, besides the focus on the healthcare sector, attackers also send ransomware attacks towards the final user, who is the ideal target. Attacks via HTTPS Traffic New malware kits use transport layer security (TLS) and secure sockets layer (SSL) encryption standards to mask the attack and prevent traditional security controls from identifying it. According to the 2019 SonicWall Capture Labs report, we saw a 27.3% overall increase in attacks over TLS/SSL traffic. IoT and Web App The use of IoT powered devices (nanny cams, doorbell apps, and more) led to an increase in the security of these devices but of the attacks as well. According to the same SonicWall Capture Labs report, 2019 registered around 34.3 million attacks and 2020 is expected to come up with much more due to the increasing number of interconnected devices. The development of web apps (such as Office 365, Google Workspace, Dropbox, and many more) created a better world for end-users who have faster and easier access to their data and tools. However, there’s always a different side to the coin and this time it shows in an increase of attacks directed towards web apps. According to “The Ten Most Critical Web Application Security Risks” published by Open Web Application Security Project (OWASP) there are several potential risks that can become powerful if the organization/business/end-user doesn’t follow powerful security protocols.
What’s There To Do?At first glance, things are quite scary, but we shouldn’t allow threat actors and their malicious intent to stop us from our jobs. Sadly, there is no one solution to this problem. In fact, the solution has multiple levels and requires constant supervision and action from a cybersecurity point of view. If you would like your IT security reviewed, contact your IT Managed Service Provider (MSP) or speak with us at Onsite Helper to make sure your well protected in the future.
Content retrieved from: https://www.onsitehelper.com/current-threats-in-the-cyber-world.php.