Top 5 Emerging Cybersecurity Issues — Techylo

The past few years reveal a major rise in cyber threats. Many well-known and reputed organizations as well had to suffer from this issue. While these threats seem to continue, there will be more sophisticated and advanced threats in the coming years. Companies and individuals should be aware of them. With technological advancements like artificial intelligence and blockchain, it is always a safe move to keep track of these threats. Thus, here are the top 5 emerging threats to watch out for.

Cryptojacking

In cryptojacking, the attacker hijacks a 3rd party computer, phone, or even a tab to mine cryptocurrency. This is usually done when a victim clicks a malicious link through an email. This then loads the crypto mining code. Another common way is to infect either through an online website or an ad with Javascript code. In this way, it auto executes in the victim’s web browser. The only sign that the victim would notice is that the system performance would be slower than usual.

Adguard reported in 2017 that there was a 31% growth rate for in-browser cryptojacking. Similarly in 2018, Check Point software technologies found out 4 of the top 10 malware were crypto miners. The most common were Coinhive and Cryptoloot.

You can prevent from falling as a prey to cyrptojacking by following a few precautionary steps such as:

  • Install anti-crypto mining extensions and ad-blockers to your browsers. Some ad-blockers like Adblocker can even detect crypto-mining scripts.
  • Use endpoint protection that can detect crypto miners.
  • Make sure to keep web-filtering tools up to date such as when you identify such scripts, block them to prevent accessing them.

Insecure web-interface

Weak credentials which are exposed in network traffic is a common way. Others are SQL-injection and even weak account lockout settings.

You can overcome this by setting password recovery mechanisms. Also, alter the account lockout in 3 failed login attempts which is important. Make sure that the interface is not susceptible to XSS, SQLi or CSRF.

Insecure cloud interfaces can also allow access to devices or data. Particularly when there is no account lockout or account enumeration. Another common scenario is when credentials are exposed to network traffic. Take the above countermeasures for this. Also, make sure to change default passwords and usernames as well.

Geopolitical risks

Geopolitics is no longer only a physical concern but has moved to a new era. It now dominates by technology to a dangerous level that it poses a huge threat to security. Companies, organizations or even individuals must now take into a concern where their data is stored. Particularly nation-states thinking about national security must also focus on digital security. It is not something that they can neglect. An example of this could be Russian cyber espionage targeting EU governments.

However, you can manage these vulnerabilities by checking them through network scanning. Other methods are penetration testing and firewall logging. Then, identify them through scans to find anomalies that might suggest a malware attack. You can then mitigate and patch these vulnerabilities through patch management tools.

Cross-site scripting

This cyber threat is a client-side code injection attack where attackers execute malicious scripts to the victim’s web browsers. Victims are not aware when malicious code is on a legitimate web page or an application. The vulnerable modes used are message boards, forums or even web pages that allow comments.

These XSS attacks are usually possible through VBScript, Flash, ActiveX or even CSS. However, the most common is JavaScript. The attackers can thus get access to sensitive data or access to user’s cookies. Similarly, it can even impersonate the user and perform actions such as bank transfers as an example.

The only way to prevent these types of attacks is to sanitize the input. Never output data that you receive without checking for malicious code.

Mobile Malware

Mobile devices are a top target in the years to come. An internet security threat report by Symantec in 2017 reveals that malware variants show a steady increase of up to 54% for mobile devices. For organizations that deal with business through mobile phones, this is an emerging threat to rise out watch out for.

Common methods are malware where hackers can get to your phone without access and collect information. Drive-by downloads are another common way that installs automatically when you click a website or an email. Viruses and trojans are another way that mimics a very innocent look such as changing language or wallpaper.

Users can easily become victims of these and their intentions are usually to get hold of passwords or banking information. Browser exploits are quite common as well since mobile browsers are not flawless. Therefore, browser exploitation can occur such as PDF readers which is a common scenario.

You can protect against mobile malware by updating applications to the latest versions and installing mobile security software. Also, consider a firewall that mobile devices often neglect. These can protect online privacy when browsing. Make sure to also download apps from the official stores via Apple store or Google play as they are safe.

Therefore, these cyber threats are a rising concern in the digital arena. Whilst there are many other threats, these five are the most common ones that you should be watching out for. However, you can mitigate each of these risks with the suggestions given.

Many cybersecurity defense firms have recently come up with sophisticated AI model tools for cyber threats. Yet, hackers are able to find out AI algorithms and create models to bypass them. Hackers can exploit systems using AI technology which leaves these as threats with no hard fast permanent solution.

Originally published at https://techylo.com on November 5, 2019.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Shanika Wickramasinghe

Senior Software Engineer and Freelance Technical Writer. I write about any Computer Science related topic. https://www.linkedin.com/in/shanikawickramasinghe