Elite CIO Logo

BECOME MEMBER
Back

2018 Cyber security trend and threats

  • By Elite CIO
  • Date Mar 19, 2019
  • Quotes11

Certainly, 2018 was a busy year from cyber security point of view and several big scares arrived very quickly.

Certainly, 2018 was a busy year from cyber security point of view and several big scares arrived very quickly.

The rise of “Cryptojacking” was also seen which involves the process of remotely using someone’s CPU or graphics card to mine cryptocurrency. This can be done as negligibly as the user just visiting a certain website, where the code uses the processing power of your machine to solve the algorithms used in the mining of cryptocurrencies and then deposits the reward for this into the hacker’s account. You are requested to make sure that you've installed / using the best antivirus and VPN.

What is “Cryptojacking” and how does it work?

“Cryptojacking” is a term used to describe the action of secretly using a computer to mine cryptocurrency. The original form of “Cryptojacking” would involve the victim unknowingly installing software on their computer that would run in the background, solving algorithms. The original form of “Cryptojacking” is similar to any ‘standard’ malware attack. A user will be tricked into installing malicious software on their computer which will then have access to their system. With “Cryptojacking” specifically, this software will quietly take a portion of your computer’s processing power and use it to solve complicated algorithms. When these algorithms are completed units of cryptocurrency are deposited into a wallet, usually, one associated with the writing of the program. There is a slightly positive side to this, as these programs are designed to be discrete and stealthy to avoid detection and so you shouldn’t notice any change in your computer at all if you have one - so at least this particular brand of malware isn’t going to make your computer inoperable as some others do.

In-browser “Cryptojacking” - The more alarming part about “Cryptojacking” is that it can be done in-browser and doesn’t require a download or installation

Aside from the more ‘direct’ threats from malware, we also saw a wide host of data breaches throughout the year which was made all the costlier by the introduction of GDPR in Europe in May 18. Companies found to be handling user’s data incorrectly can be fined millions of Euros, either 2% or 4% of annual turnover. The most well-documented data misuse case of the year surrounded the Cambridge Analytical scandal where personal data of at least 87 million Facebook users was exploited without permission in order to influence the US presidential elections.

In September 18 almost 50 million+ Facebook accounts were exposed after attackers exploited a vulnerability allowing them to steal users’access tokens. Facebook has notified the Data Protection Commission (DPC) in Ireland of this, but we have yet to see if there will be a fine for this particular event.

The largest data breach of the year came from Aadhaar,National ID database which contains the information of 1.2 billion Indian citizens including bio-metric data. Journalists discovered that they could obtain any record of a registered individual in Aadhaar for 500 rupees (just under 6 Euros). The Unique Identification Authority of India (UIDAI) has denied any claims of a breach.

2019 Cyber security Trend and Predicted

2019 is set to see an increase in the pace of the cyber war arms race. While conventional malware such as Worms and Trojans will still remain a threat, several new methods of infiltrating software will become far more common.

‘Live hacking’ will become more popular as attacks that originate in this way don’t require traditional software packages that can be detected or destroyed, instead a system is actively infiltrated by a hacker to recover information or data. This is unlikely to directly affect consumers, as it will be targeted more at corporations or governments initially - but this could of course bring repercussions for the general public too. Supply chain attacks will also become more common. This idea rests around a popular service being infected with malware, unknown to the provider of the software, and then being distributed to a customer base – essentially using legitimate software as a disguise for the malware to infect a wide user base under the guise of a new update or latest release.

Author – Atul Bansal, Gateway Rail