Even with firewalls, antivirus solutions, and cyber security-aware employees, cybercriminals manage to exploit even the smallest of vulnerabilities they can find. Cybersecurity threats are getting more sophisticated and intense amid the increasing levels of remote work and dependence on digital devices. Cybersecurity professionals continually defend computer systems against different types of cybersecurity threats. One should take the time to learn about as many cybersecurity threats as possible and work to identify and address as many holes in your defenses as possible. To help your business to be ready for the coming year, Analytics Insight has identified 10 major cybersecurity threats that you might've never heard of.
In 2017, Hackers attacked the US electricity grid. A multi-stage intrusion campaign by hackers conducted spear phishing and gained remote access into energy sector networks. After obtaining access, they conducted network surveillance, moved laterally, and gathered data about Industrial Control Systems, states FBI.
In the list of major cybersecurity threats, next is the 2015 FAA attack. Hackers targeted administrative systems shutting down radar and sending false information to aircraft systems — two major concerns that were echoed in a report following the incident.
Distributed denial of service (DDoS) attacks are a subclass of denial of service (DoS) attacks. A DDoS attack involves multiple connected online devices, collectively known as a botnet, which are used to overwhelm a target website with fake traffic. To form a botnet, a coordinated DDoS attack is required. Hackers employ devices previously compromised by malware or hacking. The traffic can then be targeted against, say, AWS, which reported having prevented a 2.3Tbps attack this February.
The bad actors used the SWIFT network to fool the US Federal Reserve into transferring them BCB funds. (It's not uncommon for the US Fed to hold international banking assets.) As a basic security check, SWIFT sends details of any transfer to the printers of the financial institution behind the request.
Back in 2008, US Central Command (CENTCOM) was the military center for the United States military's Middle East operations. A USB drive, found in a parking lot containing the agent.btz worm, was inserted into a laptop connected to the CENTCOM network. From there it spread undetected to other systems, both classified and unclassified.
Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information. Social engineering attacks happen in one or more steps.
The ransomware attacks took place over three years, extorting US$6 million in payments and resulting in US$30 million in damages. All told, only seven of the US' 50 states escaped unscathed. That said, there's still a high probability that there are other victims out there who have not disclosed the attacks or may not even be aware of them yet.
Ransomware is a data-encrypting program that demands payment to release the infected data. The overall sum of ransom demands reached US$1.4 billion in 2020, with an average sum to rectify the damage reaching up to US$1.45 million. Ransomware is the third most popular type of malware used in data breaches and is employed in 22% of the cases.
The top 30 e-commerce retailers in the US have connected to 1,131 third-party resources each and 23% of those assets have at least one critical vulnerability. If one of the applications within this ecosystem is compromised, it opens the hackers, a gateway to other domains. A breach caused by a third party costs US$4.29 million on average.
System vulnerabilities are more common cloud security vulnerabilities and they can occur for many reasons. The integration of an insecure third-party application could create system risks or they could arise due to poorly configured security tools within your cloud systems. The criminal's scan for cloud servers with no password, exploit unpatched systems, and perform brute-force attacks to access the user accounts. Some try to plant ransomware or steal sensitive data, whilst others, use cloud systems for crypto-jacking or coordinated DDoS attacks.
Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp
_____________
Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.