Learn what the greatest cybersecurity threats were in 2018 and how to defend your business from them in 2019.
Some of the most egregious cyberattacks of all time took place in 2018, revealing new vulnerabilities in widely used technologies. But every successful attack is a learning opportunity for savvy IT managers. That’s why plenty of organizations are studying these attacks and applying what they've learned to better fortify their operations. Bank Negara Malaysia, for example, recently issued a set of minimum standards on technology risk and cybersecurity management for financial institutions in Malaysia.
As IT managers prepare their risk management frameworks going into the new year, it's important to examine the recent past to understand how it will inform the future. With that in mind, let’s look at the worst cybercrime developments of the last 10 months and what Canadian businesses can learn from them.
DDoS attacks reach record sizes
Distributed denial-of-service (DDoS) attacks can be devastating when they hit. The vast majority of DDoS attacks are called “volumetric” DDoS attacks, which flood online properties with illegitimate data, rendering them unusable. Plus, they often serve as distractions for other simultaneous attacks. According to the 2016 Worldwide Infrastructure Security Report (Volume XI) from Arbor Networks, internet downtime costed 29% of enterprises, governments and educational institutions $1,001 to $5,000 per minute.
In February 2018, a web-based hosting service suffered the largest DDoS attack in history, with traffic reaching 1.3 terabytes per second. Just a few days later, another company was jarred by an attack with traffic peaking at 1.7 terabytes per second. Both attacks took advantage of poorly configured systems that left servers vulnerable.
Takeaway: While other types of DDoS attacks can be fended off using firewalls and other on-premises devices, a volumetric attack requires a solution that spots and eliminates illegitimate traffic before it gets to your network. It’s definitely recommended you subscribe to a provider that offers volumetric DDoS protection, but not just any one will do. There’s more to consider.
Phishing scam grabs record haul of credit card information
Last spring, a hacking group called JokerStash used a program called BIGBADABOOM-2 to steal the credit card data of millions of customers from several consumer-facing brands, with a good deal of that data offered for sale on the Dark Web soon after. The operation was conducted using a phishing scam that targeted employees of these companies who then clicked an invoice link, instantly compromising their systems.
Takeaway: We tend to think of phishing scams as being unsophisticated and easy for most people to detect, but they work through sheer volume; eventually someone will make a mistake. Automated tools and defenses like DNS security, which blocks requests to malicious sites, are vital. But prevention is still the best cure, so be sure to train your employees on how to spot phishing attacks so they don’t take the bait in the first place.
"Spearphishing" grows in sophistication
Using cleverly constructed emails aimed at specific targets – a technique called "spearphishing" – a group of Iranian hackers allegedly stole credentials for 8,000 people at universities, private companies and even the United Nations. They used this information to filch more than 30 terabytes of secure data, with an estimated worth of about $3 billion.
Takeaway: Highly targeted operations can lure even diligently cautious users to click on malicious links and enter login information. Staff need to be educated so that they can identify these scams before they make costly mistakes.
More than 1 billion personal records breached and offered for sale
In January, hackers began providing personal data—including names, addresses, photos, phone numbers and email addresses—on any registered citizen of India to anyone willing to pay a small price. The data was pilfered from a massive government database. However, instead of being ransomed or sold wholesale, the criminals opted to essentially open an online store anyone could shop.
Takeaway: As CIO reports, cybercrime-as-a-service (CaaS) is real, growing and available to anyone willing to pay. Moreover, it can impact not just enterprise systems, but individual employees and their devices—even after they leave.
Risk of IP theft increases for manufacturers, plus an upsurge in ransomware attacks
According to a recent NTT Security report, manufacturers are now the fourth-most targeted industry for cyberattacks, behind finance, tech, and professional services. Cybercriminals commonly conduct espionage and extortion activities using Trojan and malware attacks to capture login data and steal trade secrets potentially worth millions.
Takeaway: Unfortunately, manufacturing is notorious for not sufficiently investing in cybersecurity measures. For example, consider the issue of extortion: ransomware, which blocks access to a business’s data, holding it hostage until a ransom is paid, has become the most prevalent type of malware. In fact, the first six months of 2018 saw a year-over-year growth in ransomware attacks of more than 200%, making proper backup (point-in-time copies of your data storied in a secondary location that capture what you had before the ransomware attack occurred) and disaster recovery (which perpetually replicates your applications and data, storing it in a secure, secondary location so they can be restored) more vital than ever. Furthermore, it’s worth investing in vulnerability scans, which assess your network’s exposure to attack.
The Internet of Things (IoT) becomes a more attractive target
With nearly 25 billion devices connected to the Web, IoT is fast becoming an enticing target for criminals, who can infect a network of devices to launch ransomware and DDoS attacks. When these devices reside within or connect to a business' infrastructure, a host of vulnerabilities can appear.
Takeaway: Account for every connected device in your security framework, from thermostats to manufacturing equipment. IoT can lead to competitive innovations and realize new savings and efficiencies, but it must be properly managed and secured. Penetration testing, wherein professional, ethical “hackers” deliberately infiltrate your network to determine your susceptibility to real cyberattacks.
Rise in outsourcing and remote working increases risk of data breach
As more people work out of the office and more operations are outsourced, the better the chances of a hacker discovering a hole through which they can infiltrate your company's network. In June, CNBC reported on a survey conducted by cybersecurity firm Shred-It that suggests bad user habits are a primary risk for businesses, and that off-site workers and third-party contractors can be a major cause of security breaches.
Takeaway: Since prohibiting employees from working out-of-office isn’t an option, the key is to implement comprehensive off-site policies and security standards for remote workers.
Those who don’t learn from history are doomed to repeat it. With the insights we have from the past year, your business can bolster its security framework against the latest cybercrime tactics. To learn more about how to defend your business against cybercrime, check out our Cybersecurity Guide for Canadian Businesses.