A noticeable shift in the methodology for developing malware is taking place, and it can’t go unaddressed. A few years ago, attackers’ primary objective was to avoid detection – second only to making a profit. But recently, these criminals have realized a critical truth: the longer they hold an infected endpoint, the more their profit increases.
Companies are in a cybersecurity arms race. Attackers have easy access to more tools as the lines between state actors and criminal gangs fade. Malware and identity theft kits are easy to find and inexpensive to buy on dark web exchanges. AI-enabled attack kits are on the way, and we can expect that they will be readily available at commodity prices in the next few years.
Open Source software is always trustworthy, right? Last year, Bertus broke a story about a malicious Python package called “Colourama”. When used, it secretly installs a VBscript that watches the system clipboard for a Bitcoin address and replaces that address with a hardcoded one. Essentially this plugin attempts to redirects Bitcoin payments to whoever wrote the “colourama” library.
It’s no surprise that spending on security technology continues to soar. Nevertheless, data breaches and cyber attacks make headlines at an incredible rate, with no relief in sight. The Online Trust Alliance reported that attacks in 2017 came from a myriad of vectors, such as phishing and ransomware, and that the number of attacks doubled to nearly 160,000 incidents per year over 2016. What’s worse, estimates for the number of unreported attacks exceed 350,000 annually.
Insider threats are becoming ever-increasing and money-consuming, so it’s essential for companies to be as informed about which employees are prone to such excesses and why, as well as what kind of data they target and how. To that effect, paying attention to unusual behavior is of the utmost importance for keeping your company and all the sensitive data safe. Take a look at the warning signs that an insider might become a threat.
Employees conducting attacks on their own employees – known as insider threats – are becoming increasingly common and costly. According to a CA report, over 50% of organizations suffered an insider threat-based attack in the previous 12 months, while 25% say they are suffering attacks more frequently than in the previous year. 90% of those organizations claimed to feel vulnerable to insider threats.
It seems that the numerous benefits of cloud computing make the disruption of digital transformation worthwhile. However, a recent torrent of automated attacks on cloud infrastructure’s vulnerabilities has precipitated a somewhat gloomy outlook.
In recent years, the most advanced hacking groups have been becoming bolder when conducting cyber attack campaigns, with the number of organizations targeted by the biggest campaigns rising by almost a third.
If you have decided to migrate your business to the cloud, you have to thoroughly scrutinize the security protocols of your chosen provider. No matter how much of your digital presence is in the cloud, you have to ensure your service provider has the best security measures in place to protect its infrastructure from cyber threats. What makes cloud computing so convenient is extensive connectivity, but that is also what is making systems like this vulnerable to cyber attacks – making the security issue one of the most critical components of its overall operations. Assuming all other boxes have been checked for your cloud computing needs, here are the cyber security questions you need to ask your cloud provider before completing the vetting process.
Given the Internet of Things’ perch atop the hype cycle, IoT trend-spotting has become a full-time business, not just an end-of-the-year pastime. It seems every major – and minor – IoT player is busy laying out its vision of where the technology is going. Most of them harp on the same themes, of course, from massive growth to security vulnerabilities to skills shortages. In addition to the IoT blurring the lines between IT, which runs the customers’ systems and email, and OT, which runs the technology behind the production systems, here is what will drive the IoT in the next year.