Cybersecurity Threats I Didn’t Know Existed

Roughly $38.5 billion. Take a second to consider what that amount of money even looks like. That monetary damage can be tied back to a single computer virus, called MyDoom. The virus spread from Eastern Europe. Authorities never apprehended its creator.

If there’s any doubt in your mind why perpetrators participate in cyber-crime, that anecdote should be enough to convince you — it’s for the money. What we don’t know about cyber-crime far outstretches what we do, but in the struggle to remain secure, there are a few things you should know to keep your data as safe as it can be in our brave new world.

Social Media Is a Cyber Security Minefield

When you visit the average website, your browser might present you with information from 5 to 20 sources, many of which are automated ads. When you log onto Facebook, Twitter or Instagram, however, that number skyrockets.

Social media attacks are the cyber-crime equivalent of shooting fish in a barrel. The various social environments we interact over provide a wealth of content for bad guys to hack, spoof or social engineer you into engaging with. It can be as simple as clicking what you thought was a plain-old “like” button.

The Internet of Medical Things

Maybe you’ve heard of the Internet of Things. The prospect of interconnected devices doesn’t just make our lives simpler. It has the potential to transform the business world. But there’s no industry where this idea is more frightening than the medical world.

HIPPA laws create strict rules about how hospitals and other medical providers must secure your medical records. The reason for this is that medical files contain more than enough information for criminals to steal your identity. But new technologies could put that all at risk.

For example, MRI machines use a combination of radio wave energy and magnetic fields to visualize the internal structures of the human body. New research is showing that, as these radio networks become more intricate, the number of backdoors for cyber attackers is actually increasing. In the coming years, sectors of the medical world will have to consider these threats as new technology is created and tested.

Spear Phishing

Have you ever received an email that said it was from your friend but wasn’t? Maybe when you opened the email, you found the sending address was different from your friend’s. Chances are it contained a hyperlink.

That is an example of a simple spear phishing attack. The term refers to email-based attacks directed at specific targets, and a more advanced form of this attack would have contained better-developed content intended to persuade you into clicking the link. Do so, and you grant access to the malicious payload the attacker wants to install on your machine.

Social Engineering

Spear phishing is an evolved form of phishing. However, it’s also an example of the way people are easier to hack than machines in many cases. Why invest the effort to break the computer, when all an attacker needs to access sensitive data is your cooperation.

This type of attack is called “social engineering.” It’s a highly successful tactic, so successful that one European crime ring managed to steal a collective $1 billion from over 100 different banks using an attack that started out as a phishing email.

The emails resembled legitimate banking communications. However, once opened they released command-and-control malware onto the bank systems, allowing hackers to begin manipulating funds right under the noses of bank administrators.

This frightening scenario is one of the reasons the banking industry has been one of the slowest to adopt new software-as-a-service technologies and migrate to the cloud. There’s no guarantee new threats won’t route bank platforms following a migration.

We’re Living at the Dawn of a Cyber Civil War

Cyber-crime is on the rise, and while security companies and international policing operations are making efforts to punish those responsible, the good guys are losing. It’s going to be that way for some time.

What is needed is a method of proactively discouraging malicious activity online before it’s carried out. Essentially, we need an armed security force for the internet. Unfortunately, we haven’t figured out exactly how to arm that force just yet, and it could be a while until we do.