IT assessment, planning, execution, monitoring and preventative maintenance LEARN MORE

Top 5 Cybersecurity Threats for 2020

Cyberattacks: An Increasing Threat

Cybersecurity is an increasingly important issue. In 2019, cyberattacks on businesses and individuals increased in number and complexity. Cybercriminals are targeting small businesses. According to CNBC.com, more than half of small businesses experienced a breach last year. On average, the attacks cost businesses $200,000 with many going out of business.1

Criminals not only attack businesses, but also individuals. Rumors circulated that the Saudi Prince sent a video containing malware to Jeff Bezos’s phone through WhatsApp to track his phone activities.2

Because of the serious threat that cyberattacks represent, Nucleus Computer decided to write about where we see things going this year.

Cybersecurity Threat 1: Mobile Devices Will be Targeted

Typically, criminals look for weaknesses in any business. Because companies usually have some protections in place on their employees’ computers (servers), but not as much on their mobile devices, criminals will increasingly attack them.

Many companies adopt bring your own device (BYOD) policies for employees, which leads to even more security holes. Once the criminals hack a mobile device, they can access the entire office network.3

mobile cybersecurity
Mobile Security

Because there are so many smartphones in the world (about 3.5 billion)4, criminals will target them more often. Besides this, they have a number of ways to attack smartphones, including through email, apps and texts. All of these factors make them a very attractive target.

Cybersecurity Threat 2: IoT Will be Targeted

What is IoT (Internet of Things)? This term refers to all of the devices connected to the Internet, including computers, tablets and smartphones. Also, IoT includes smart speakers (Amazon Echo, Google Home, etc.), smart TVs, security systems and cameras, appliances, smart watches and other items.

IoT security
IoT Security

Because of the huge growth in the number of IoT devices, cybercriminals have a large target market. According to one source, there will be about 75 million IoT devices by 2025.5 Kaspersky, the cybersecurity firm, found 105 million attacks in the first half of 2019, compared to the same time period in 2018.6

Because manufacturers rush these devices to market, they do not provide them with sufficient security protection. Criminals take advantage of this by sending malware to them or using them to access other devices on the same network.

Some researchers hacked into smart devices using a laser. Please check out the following video:


Threat 3: Cloud Providers Will be Targeted

In 2019, businesses and individuals moved their files and software computing needs to the cloud. They use services like Microsoft Office 365 and Azure and Amazon Web Services. Because of this, there is no longer a need for a lot of hardware onsite, including servers.

cloud security
Cloud Security

Because of this change, cybercriminals will increasingly launch attacks on cloud providers, including online backup companies. This will make it important for businesses and people to research the providers’ security practices. Do they have data stored in several different locations? What encryption does the provider use?

Threat 4: Ransomware Attacks Become More Targeted

In the first quarter 2019, ransomware attacks grew by 118% and doubled for the entire year.7 Ransomware is malware which is installed on computers and devices. Typically, it will scramble documents and files and generate a popup demanding payment to unscramble them. Usually, the popup provides specific payment instructions, requesting payment in bitcoin, because the transaction remains anonymous.

Ransomware Attack
Ransomware Example

In 2019, ransomware attacks hit local governments, healthcare providers, hospital systems, dental practices, banks and corporations. In 2020, we expect this trend to continue. Because larger businesses have stronger security defenses, we expect that criminals will increasingly go after small businesses, which typically don’t have the financial resources to invest in cybersecurity.

Also, we expect these attacks to be well planned out as criminals observe businesses’ activities and systems for a while, before launching an attack. Finally, we expect the ransomware attacks to go after specific company files, like backups. This will make businesses very vulnerable.

In addition, attacks will increase on individuals, especially high net worth ones. These attacks are highly profitable and quicker, because the target is one person and not a large corporation with its bureaucracies.

Threat 5: Cybercriminals Will use Artificial Intelligence

In the past few years, the capabilities of Artificial Intelligence (AI) have grown dramatically. Many companies, like Alphabet, Apple and Tesla, are developing self-driving cars, which improve through learning.

artificial intelligence cybersecurity
Artificial Intelligence

Companies incorporate Artificial Intelligence in their cybersecurity defense systems. While AI can add to companies’ security, many criminals observe these defense systems to determine their patterns and weaknesses. Then, they craft attacks which go after their specific holes.

We expect this trend to continue and for cybercriminals to increasingly use Artificial Intelligence and automation to guide their attacks. At one time, they will launch several different types of attacks. Then, they will tweak their campaigns based on continuous feedback on the results.

In conclusion, we hope this article has been useful and informative. If you have any questions about this topic or would like a free IT consult, please feel free to contact Nucleus Computer Services at our Contact Us page.

References:

1 CNBC.com “Cyberattacks now cost companies $200,000 on average, putting many out of business” Link to Site

2 Technewsworld.com “Saudi Hack of Bezos’ Phone Shines Bright Light on Security Challenges” Link to Site

3 Threatpost.com “2020 Cybersecurity Trends to Watch” Link to Site

4 Bankmycell.com “How Many Smart Phones are in the World? ” Link to Site

5 Statista.com “Internet of Things (IoT) connected devices installed base worldwide from 2015 to 2025” Link to Site

6 USA.Kaspersky.com “Kaspersky Reports More Than 100 Million Attacks Hit Smart Devices in H1 2019” Link to Site

7 HealthITSecurity.com “Ransomware Attacks Double in 2019, Brute-Force Attempts Increase” Link to Site

Dark Web Scans: Are They Worth it?

Dark Web Scans

Should you do a dark web scan for your business or personal information?  Many of companies promote dark web scans online or on TV.  For instance, Experian offers a free scan when you set up an account with them.1

Supposedly, dark web scans discover whether or not someone hacked your personal and financial information.  Often, you’ll find this info on the “hidden” web where criminals try to sell it.

In this article, we explore whether or not you should do a dark web scan.

What is the Dark Web?

Besides the Surface web which everyone explores, there exists a hidden web with sites called the “Deep Web.”

The Dark Web refers to the part of the Deep Web where criminals have illegal sites and conduct illegal activities, like selling stolen Social Security numbers or drugs.  Also, you need special software, like one called Tor, to access this web.

Dark Web Scans

Dark Web Scans: Are They Worth it?

To answer this question, we’ll compare the regular web with the Deep web.  The regular web, which we can see, is really small compared to the Deep web.  It can thought of as the surface of the ocean, while the Deep web constitutes the rest.

Dark Web

Also, you can search the Surface web using search engines like Google, Bing or DuckDuckGo.  On the other hand, one cannot search the Deep Web.2

Because of its large size and unsearchable neature, we don’t recommend doing a Dark web scan.   It’s like looking for a needle in a hay stack.  Also, criminals use a lot of tools on the Dark web to hide their identity.  Until they thoroughly screen other parties and collect payment, they do not make sensitive personal and financial information available .3

Nothing is Free!

Therefore, we suggest that you don’t try any of the free dark scans the Experian Credit Agency and others offer.  They advertise free scans to try to get users to sign up for their paid monthly services.

Experian offers a free dark web scan to see if someone hacked your email address and password.  We believe they don’t do a real dark web scan, but just looking at publicly available data dumps.  If you sign up for their monthly plan, Experian offers to do a search based on your Social Security number, bank account numbers and other information.  Therefore, Experian uses the initial free scan to entice you to sign up for their monthly subscription service.4

How Can I Tell if my Info has Been Hacked?

Instead of requesting a dark web scan, you can use some free tools to see if your sensitive information has been exposed.  For instance, at one website (https://haveibeenpwned.com/), you can check if someone hacked your info.  Also, you can set up an account to receive alerts in case someone hacks one of your accounts.

Hack Check

Also, BreachAlarm represents a good alternative to the “Have I been Pawned” website and offers many of the same services and features. A website called DeHashed differs some from these other two.  Besides checking on email address hackings, DeHashed searches for hacks related to your name, password and other info.5

How Can I Protect Myself and My Business?

You should operate under the assumption that a hacker compromised your login credentials at some point.  Last year, cybercriminals hacked the Equifax credit agency and got Social Security and Driver’s License numbers on over 143 million people.6

To protect yourself and your business, you should use unique passwords for every online account and also change these passwords frequently (at least once every three months).   By using a password manager like Lastpass or Dashlane, you can secure online accounts.7

To protect yourself further, you should consider putting a freeze on your credit with the three main credit bureaus (i.e., Equifax, Experian and TransUnion).  This will prevent any criminal from requesting credit using your stolen info.  If you need to request credit, like applying for a home loan, you can temporarily unfreeze your credit.8

Freezing you credit will not prevent your bank or other financial accounts from being hacked.  You will should monitor their activity separately.

References:

1 Experian.com “Is Your Information on the Dark Web?” Link to Site

2 Dailydot.com “A beginner’s guide to the dark web” Link to Site

3 Howtogeek.com “What is a “Dark Web Scan” and Should You Use One?”  Link to Site

4 Makeuseof.com “The Experian Dark Web Scan: Do You Need it and Can You Trust it?” Link to Site

5 Digitaltrends.com “How to know if you’ve been hacked” Link to Site

6 Fortune.com “Equifax Hackers Steal Personal Details of Up to 143 Million People” Link to Site

7 Malwarebytes.com “10 ways to protect against hackers” Link to Site

8 Consumer.ftc.gov “Credit Freeze FAQs” Link to Site

Credit Agencies:

Equifax:  Link to Website

Experian: Link to Website

TransUnion: Link to Website