The cybersecurity landscape is continuously evolving, and bad actors are always looking for new ways to exploit vulnerabilities. While some threats have been around for a while and are taking on new forms, new tactics to steal data, disrupt services, or gain unauthorized access to sensitive financial information continue to surface. Here are three emerging trends to watch for.
Cloud-security risks
Cloud technology, which allows users to access data centers via the internet, provides the ability to analyze vast amounts of data sets that are too large to be stored on typical hard drives. However, as cloud computing continues to become more prevalent, new cyber threats and vulnerabilities emerge. Here are a few (but not all):
- Data breaches and unauthorized access: Cloud environments are often vulnerable to hackers seeking to gain unauthorized access to sensitive data.
- Cloud-service provider vulnerabilities: Cloud security relies heavily on the infrastructure of the cloud service providers and any vulnerabilities can impact the security of all customers.
- Account hijacking: Attackers can try to hijack cloud accounts to exploit weak passwords, stage phishing attacks, and otherwise leverage stolen credentials.
- Cloud-specific malware: Malware designed specifically to target cloud environments can exploit vulnerabilities and spread across accounts.
Vulnerabilities in the internet of things (IoT)
With so many things—cars, home appliances, phones, tablets, wearables, machinery, and computers—connected to the internet, the vast network, the so-called internet of things, has created a new set of cyber threats. Many devices collect vast amounts of data, for example, which can lead to privacy concerns and unauthorized tracking of individuals. Also, since many IoT devices have weak authentication mechanisms, such as easily guessable passwords, they can be subject to credential theft or unauthorized access to devices.
Poor encryption and weak authentication can also lead to insecure communication, eavesdropping, and man-in-the-middle (MITM) attacks, where attackers intercept and alter communications from one person or entity to another. A fake Wi-Fi, also called a rogue Wi-Fi or evil twin, is an example of a MITM threat. The goal is to trick users at airports, coffee shops, or other places with free internet, into connecting to the fake Wi- Fi. They can then intercept, monitor, and manipulate any information that passes between the user’s device and the internet.
Deepfake technology
Deepfake is a growing problem. The term refers to the use of artificial intelligence (AI) and machine learning to produce manipulated video, voice, or images to falsely depict someone saying or doing something. In one extreme example, a cybercrook tricked the Chief Executive Officer of a UK-based energy company into handing over $243,000 by deepfaking the voice of the CEO of the firm’s parent company.
This type of scam happens on the individual level as well, where bad actors try to dupe individuals by impersonating the voices of loved ones. The impersonator might claim, for example, that they’re in a Mexican jail and need bail money or they might say they’re being held against their will and need ransom money ASAP. In another example, scammers used a computer-generated voice to mimic a 15-year-old girl and tried to deceive her mother into thinking the girl had been kidnapped. “Mom, these bad men have me. Help me, help me, help me,” said the recording, over and over. But the girl was at home, safe in bed.
Cloud security risks, internet-of-things vulnerabilities, and deepfake technology are obviously not an exhaustive list of today’s emerging cyber threats. Some problems have plagued us for a while and continue to evolve. For example, phishing attacks, where attackers use phony emails or text messages to trick users into giving out sensitive information like passwords or financial details, continue to take on new iterations. Identity theft is an ongoing threat once key personal information is stolen. Ransomware, which can take the form of malicious software that locks users out of computer systems until a ransom is paid, isn’t just a problem for large corporations. Individuals can fall victim as well.
While cloud computing, AI, and the internet of things are helping to provide services, entertainment, and personalized recommendations we all enjoy, they’ve also opened the door to a wide array of emerging cyberthreats on both the large and small scale. Staying updated with the latest cybersecurity trends and practicing good security hygiene can help mitigate threats and keep you safe.
The above article appears at merceradvisors.com, by Brian Ham, VP, Infrastructure & Security at Mercer Advisors
