The year is still young, and 2017 is already off to an eventful start. Russia and cybersecurity are two terms you can’t help but hear in the news these days due to election interference. As technology gets more sophisticated, so do the attacks they enable.
Whether a home user with a handful of devices or a large organization overseeing millions, we’re all at risk. Last year’s trends point to this year’s possibilities. As we move through 2017, these are the six areas in which we’re most at risk of malware and hacking attacks.
According to Malwarebytes Labs, makers of MBAM, one of the most popular anti-malware applications for Windows, Android, and MacOS, 2016 was the year of ransomware, software that essentially holds data on computers, phones, and other devices hostage (by encrypting it) in exchange for money.
Imagine logging into your computer, but the screen is still locked. The lock screen is a video of some indiscretion of yours, and no matter what you do, all you’re presented with is a field for your credit card information to make it stop. In 2016 these cybercrimes extorted $1 billion, according to the FBI.
Ransomware and cyberextortion is only going to become more sophisticated in 2017, and why would it not?
Even legitimate freelance computer programmers find it difficult to get paid by clients, so hackers certainly aren’t being paid unless they sell harvested customer information in bulk on hacker forums. This is an extra step and an easy way to get caught. However
Protecting yourself against ransomware is simple. First backup important files daily. This creates a second, secure location in the event your data is compromised, making it much easier to recover. The rest will be covered below.
2. Mobile Payments
Malware is always going to be a problem, and the next big hacking targets of 2017 may not be banks or retailers. Credit card numbers are also stored in digital wallet programs like Android Pay, Samsung Pay, Apple Pay, and even PayPal.
These technologies are vulnerable to attack, especially since everyone has the applications on their phones. Banks typically protect digital information using a series of proprietary software, file types, queries, and reports. But when everyone has ATM-like access on their smartphone, it’s a ticking time bomb waiting to go off.
Still, analysts predict mobile payment adoption will continue rising through 2020 as corporations in every sector race to create proprietary platforms. Expect mobile payments to be the target of at least one major attack that makes the media rounds this year.
Personally, I avoid using mobile payment options. While EMV chips embedded in credit and debit cards act as beacons, smartphones actively ping networks and towers. Although payment information is already encrypted, a VPN on your mobile device adds another layer of protection from the inevitable attack.
3. Cloud Attacks
These days everyone has data in the cloud. As we move through the world, it creates cybersecurity vulnerabilities for the user, cloud provider, and ISPs carrying information between the two. Before selecting a cloud provider, do your due diligence to research their encryption methods, uptime, and security best practices.
Cloud servers are popular targets for attacks because the impact is amplified. The Mirai botnet identified by cybercrime journalist Brian Krebbs in late 2016 is particularly nasty and was aimed at DNS service provider Dyn on October 21, effectively shutting down popular websites like GitHub, Twitter, Reddit, Netflix, Pinterest, and Airbnb.
These types of cloud attacks in which servers are overloaded with repetitive requests are only going to become a larger threat in 2017 as the Mirai source code was released online. In fact, Mirai is such a problem, it spans two sections.
4. Internet of Things Attacks
Mirai doesn’t infect computers, smartphones, and tablets. These devices have screens and operating systems that are typically easy to install antivirus and antimalware software on for protection. Many IoT devices Mirai utilized (smart lights, appliances, DVRs, security cameras, etc.) aren’t always that easy to secure.
Many IoT devices are created by startups that don’t necessarily have the money and resources available to constantly find and patch security vulnerabilities. Even devices from large corporations like Sony, Samsung, and Google that constantly innovate in the area of cybersecurity are at risk.
Smart bulbs from nearly every manufacturer have been compromised, and these devices are lying dormant in our homes like sleeper agents waiting to be activated for another botnet attack.
And as scary as Mirai is, it’s not even the only IoT botnet uncovered in the late hours of 2016.
5. Phishing Attacks
Phishing has always been a preferred hacking tool, and for good reason. The biggest weakness in any network’s security is the end-users who click links, write down passwords, and provide open doors for any cybercriminal to exploit.
Information is power, and giving information to the wrong party (whether by clicking a link, visiting a page, or purposefully leaking) can be devastating for your cybersecurity efforts. This isn’t necessarily a rising trend – just one that will exist until the end of time. Never trust someone is who they say they are if they’re asking for information they don’t need to know.
Keep an eye out for typos, redirected links, and other tricks used to lure innocent and unaware people to their doom. Listen to your gut – if it doesn’t seem trustworthy, do some investigative work and verify without compromising your information.
6. Unpatched Known Vulnerabilities
Most importantly, keep all software updated on all devices. This, again, is not 2017-specific, but rather something you should always have and always be doing. Hackers look for zero-day vulnerabilities, which means nobody has discovered and patched them. These are basically open doors for anyone to walk in until they’re discovered.
Once vulnerabilities are discovered, they can be patched, but convincing users to install those patches is difficult.
On an enterprise level, an entire department needs to be dedicated to keeping the right patches updated without compromising functionality of proprietary systems. Sony and other large corporations have learned in the past that missing a server update for a few weeks can quickly turn into a bad situation.
For personal users, running updates every morning is a best practice to get in the habit of to fully protect your devices.
2017 isn’t unique – we’ve been fighting the good fight (doing our small part, at least) to keep computers, networks, and the data on them safe for decades. While cyberattacks are getting more sophisticated, so are the defenses against them.
Keep your data safe and be smart about where you go online. So long as you do that, you’ll be as safe as anybody.