IT assessment, planning, execution, monitoring and preventative maintenance LEARN MORE

Top 5 Cybersecurity Threats for 2020

Cyberattacks: An Increasing Threat

Cybersecurity is an increasingly important issue. In 2019, cyberattacks on businesses and individuals increased in number and complexity. Cybercriminals are targeting small businesses. According to CNBC.com, more than half of small businesses experienced a breach last year. On average, the attacks cost businesses $200,000 with many going out of business.1

Criminals not only attack businesses, but also individuals. Rumors circulated that the Saudi Prince sent a video containing malware to Jeff Bezos’s phone through WhatsApp to track his phone activities.2

Because of the serious threat that cyberattacks represent, Nucleus Computer decided to write about where we see things going this year.

Cybersecurity Threat 1: Mobile Devices Will be Targeted

Typically, criminals look for weaknesses in any business. Because companies usually have some protections in place on their employees’ computers (servers), but not as much on their mobile devices, criminals will increasingly attack them.

Many companies adopt bring your own device (BYOD) policies for employees, which leads to even more security holes. Once the criminals hack a mobile device, they can access the entire office network.3

mobile cybersecurity
Mobile Security

Because there are so many smartphones in the world (about 3.5 billion)4, criminals will target them more often. Besides this, they have a number of ways to attack smartphones, including through email, apps and texts. All of these factors make them a very attractive target.

Cybersecurity Threat 2: IoT Will be Targeted

What is IoT (Internet of Things)? This term refers to all of the devices connected to the Internet, including computers, tablets and smartphones. Also, IoT includes smart speakers (Amazon Echo, Google Home, etc.), smart TVs, security systems and cameras, appliances, smart watches and other items.

IoT security
IoT Security

Because of the huge growth in the number of IoT devices, cybercriminals have a large target market. According to one source, there will be about 75 million IoT devices by 2025.5 Kaspersky, the cybersecurity firm, found 105 million attacks in the first half of 2019, compared to the same time period in 2018.6

Because manufacturers rush these devices to market, they do not provide them with sufficient security protection. Criminals take advantage of this by sending malware to them or using them to access other devices on the same network.

Some researchers hacked into smart devices using a laser. Please check out the following video:


Threat 3: Cloud Providers Will be Targeted

In 2019, businesses and individuals moved their files and software computing needs to the cloud. They use services like Microsoft Office 365 and Azure and Amazon Web Services. Because of this, there is no longer a need for a lot of hardware onsite, including servers.

cloud security
Cloud Security

Because of this change, cybercriminals will increasingly launch attacks on cloud providers, including online backup companies. This will make it important for businesses and people to research the providers’ security practices. Do they have data stored in several different locations? What encryption does the provider use?

Threat 4: Ransomware Attacks Become More Targeted

In the first quarter 2019, ransomware attacks grew by 118% and doubled for the entire year.7 Ransomware is malware which is installed on computers and devices. Typically, it will scramble documents and files and generate a popup demanding payment to unscramble them. Usually, the popup provides specific payment instructions, requesting payment in bitcoin, because the transaction remains anonymous.

Ransomware Attack
Ransomware Example

In 2019, ransomware attacks hit local governments, healthcare providers, hospital systems, dental practices, banks and corporations. In 2020, we expect this trend to continue. Because larger businesses have stronger security defenses, we expect that criminals will increasingly go after small businesses, which typically don’t have the financial resources to invest in cybersecurity.

Also, we expect these attacks to be well planned out as criminals observe businesses’ activities and systems for a while, before launching an attack. Finally, we expect the ransomware attacks to go after specific company files, like backups. This will make businesses very vulnerable.

In addition, attacks will increase on individuals, especially high net worth ones. These attacks are highly profitable and quicker, because the target is one person and not a large corporation with its bureaucracies.

Threat 5: Cybercriminals Will use Artificial Intelligence

In the past few years, the capabilities of Artificial Intelligence (AI) have grown dramatically. Many companies, like Alphabet, Apple and Tesla, are developing self-driving cars, which improve through learning.

artificial intelligence cybersecurity
Artificial Intelligence

Companies incorporate Artificial Intelligence in their cybersecurity defense systems. While AI can add to companies’ security, many criminals observe these defense systems to determine their patterns and weaknesses. Then, they craft attacks which go after their specific holes.

We expect this trend to continue and for cybercriminals to increasingly use Artificial Intelligence and automation to guide their attacks. At one time, they will launch several different types of attacks. Then, they will tweak their campaigns based on continuous feedback on the results.

In conclusion, we hope this article has been useful and informative. If you have any questions about this topic or would like a free IT consult, please feel free to contact Nucleus Computer Services at our Contact Us page.

References:

1 CNBC.com “Cyberattacks now cost companies $200,000 on average, putting many out of business” Link to Site

2 Technewsworld.com “Saudi Hack of Bezos’ Phone Shines Bright Light on Security Challenges” Link to Site

3 Threatpost.com “2020 Cybersecurity Trends to Watch” Link to Site

4 Bankmycell.com “How Many Smart Phones are in the World? ” Link to Site

5 Statista.com “Internet of Things (IoT) connected devices installed base worldwide from 2015 to 2025” Link to Site

6 USA.Kaspersky.com “Kaspersky Reports More Than 100 Million Attacks Hit Smart Devices in H1 2019” Link to Site

7 HealthITSecurity.com “Ransomware Attacks Double in 2019, Brute-Force Attempts Increase” Link to Site

Top 5 Email Scams of 2017

Email Scams  Email Scams

By now, you have probably heard about the different email phishing scams going around, especially if you listen to the news.  We decided to review some of the most popular ones, so that you could be better prepared.

Phishing is defined as “the attempt to obtain  Email Phishingsensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.”1 

Basically, criminals pretend to be someone you trust in order to steal important financial and personal information.  They can use this information to log into peoples’ accounts, like bank accounts, to transfer funds.  Also, they can sell it to other criminals.  Phishing can be done through phone calls, emails, texts and other communication forms.

Below, we cover the top 5 phishing email scams, which we saw last year and expect to continue this year.   Many of these emails include a link you are expected to click on and enter your credentials.  For instance, you may get an email from Facebook, indicating that your password will expire, if not updated.  Usually, the link is to a fake website the criminal created.  The cyber criminal uses this info to access your account.  Because many people use the same login, the criminals can access other online accounts, like financial ones.

 

Top 5 Email Scams

Account Disabling or Suspension

You may receive an email (see example below) from a bank, e-commerce or social media site about an account suspension or closing.  For instance, a criminal pretending to be from Amazon may send you an email saying that your account will be suspended, unless you click on the included link and update your security info.  This creates a sense of urgency, because it makes people feel they have to respond quickly.

Account Suspension

Suspicious or Unusual Account Activity

Like the first scam, you may also receive an email that your online account was compromised or they detected unusual activity.  You will need to click on a link to login and secure the account.

Google Email Scam:

Suspicious Account Activity

Tax Related Scams

During the tax season, these scams increase significantly.  A criminal, who poses as an IRS representative, may send you an email about owing money or receiving a refund.  Please note: the IRS will never contact you by email or phone.  They do things the old fashion way.  They only send notices through regular snail mail.

IRS Email Scam:

IRS Scam Emails

Employer Related Scams

Usually, criminals find these scams are very lucrative.   By taking advantage of human error or insecurities, they can get valuable information about a company’s employees or clients.   One example of this type of scam would be an HR representative receiving an email from what appears to be the company’s CEO or COO asking them to put together a report with employees’ information.  Naturally, the recipient wants to respond quickly to the executive’s request and doesn’t suspect it’s a scam.

In 2016, this happened locally at Main Line Health, when an employee replied to a scam email with personal information on 11,000 of the health system’s employees. 2

Malware and Ransomware Scams

Like all of the email scams above, malware scams have the same objective: to make money.  How do the cyber criminals do it?  They trick the email recipient into clicking on a link or opening an attachment.  When they do, malware starts to load on their computer.  If they are really unlucky, they may get ransomware which will install, lock up important files and demand a payment to unlock them.  Other forms of malware will track computer users’ keystrokes and activity to collect valuable personal information and passwords.

An example of an email which may have a malware attachment:

Malware Scam Emails

How Can I Avoid These Email Scams?

If they educate themselves, people can avoid these scams.  If you know what to look for, you will be prepared.  A good rule of thumb is to never open an email or link from someone you do not know or recognize.  Also, you can ask yourself a few basic questions like have I ever been contacted by the IRS or Microsoft before?  Do they contact people this way (email, call, text, etc.)?

If you look at an email carefully, you can often see signs that it’s not legit.  The senders may misspell words or include poor quality images.  Also, you should carefully check the sender email address.  If you get an Fedex email from maryfedex@gmail.com, you know it’s not legit.  Also, criminals often shorten the website links they include in the body of their emails.  Without clicking on them, you can hover your mouse over them and see the complete link.  If an email is supposed to come from Amazon, but asks that you click on some weird looking link, you should avoid it.

Finally, to check whether or not an email is legit, you can go directly to the source.  If you receive a notification from Google, look up the company’s support number and call them about the notification.  If you get email from a company executive which looks suspicious, then contact them.  They may not be happy you called, but at least you avoided a large disaster.

 

 

 

 

 

References

  1. Wikipedia “Phishing.”  Link to Article
  2. ABC 6 “Main Line Health employees’ information compromised in email scam.” March 3, 2016. Link to Article
  3. FTC.gov “Scam Alerts.” Link to Website
  4. Fortune “Email Security: Beware These Top 10 Phishing Lures.” Link to Article
  5. NBC News “Massive Phishing Attack Targets Gmail Users.” Link to Article