4 Cybersecurity Threats You Need to Know
Security | Aug 8, 2016
Thousands of cybersecurity professionals descended on the Mandalay Bay Convention Center in Las Vegas last week for Black Hat 2016. Each year, discussions of the latest exploits, vulnerabilities, and threats make up much of the official program. There were some major headlines, including bad news for Jeep and some good news for Hillary Clinton.
After attending sessions and speaking with colleagues at the show, we compiled a list of threats to watch for in the second half of 2016.
- Ransomware Attacks Will Continue to Grow in Scale and Scope – Ransomware attacks hold a computer (by showing a lockscreen) or files (by encrypting them) for ransom until the owner pays the hacker off with a credit card or bitcoin. Traditionally, hackers have used ransomware to target businesses – especially the healthcare industry. Several firms released studies and reports on the increase of ransomware at this year’s show. Ransomware clearly has a lot of room to grow. And while attackers have focused almost entirely on business targets, the potential impact is frightening if, for example, criminals were to target critical infrastructure like power generation.
- The Jeep Hackers were back showing potential dangers of connected cars and the Internet of Things (IoT) – The explosion of connected devices continues to creates a significant risk. In addition to cars, presenters this year discussed the risk of hacking connected light bulbs, hacking Bluetooth devices, and more. Another session explored vulnerabilities in lightweight versions of the Windows 10 operating system being installed in many IOT devices. The message was clear, companies need to move to a security-first mindset when developing software and hardware for connected devices.
- Gone (spear) Phishing – Social engineering attacks are nothing new, but we expect to see an evolution in very targeted and sophisticated spear-fishing. Especially targeting senior executives and the C-suite. As recently as May, the CEO of FACC – a Boeing and Airbus supplier – was fired after his company recorded a loss of more than €40 million due to a spoof email attack tricked financial controllers into wiring money to the attackers. Phishing attacks continue to be the easiest way for hackers to penetrate a system in most cases. There was lots of discussion about this at BlackHat, and I wonder if Wombat Security has any of their Cards Against Phishing Decks left?
- Digital Crime As Big Business – Finally, perhaps the most dangerous threat we see is the growth of custom-built attacks targeting just one high-value target, like a financial institution (see SWIFT). As digital crime becomes more lucrative, it continues to become more sophisticated. These type of attacks often leverage an organizations own systems, include employees inside the company working with outside criminal organizations, and are designed to avoid traditional detection software.
As crime continues to go-digital, there is an ever-expanding threat of loss from cyberattacks. Responding to these threats requires organizations – private and public – to address cybersecurity and digital risk at the most senior levels.
Guidance solutions let you readily establish visibility to all your data, regardless of where and how it's stored. 360-degree visibility means you can see what matters on each and every network endpoint and in every data store in your organization, then transform that critical data into intelligence that fuels more effective security, risk and compliance, legal, and internal investigations. For more information – contact us or request a demo today.
Alfred Chung is a Senior Product Manager with Guidance Software, and is responsible for the EnCase® Endpoint Security solution, an endpoint detection and response (EDR) tool, designed to detect known and unknown cyber threats and provide incident responders with capabilities to rapidly respond and remediate those threats.