Cyber threats are always evolving, and experts are continuously working to thwart or eliminate threats from the digital lives of consumers, businesses, and governments. But as innovation pushes technology into new areas of our lives, new threats emerge and old threats gain new legs.
What were the top cybersecurity threats in 2019? Here, we’ll outline the 10 most prominent threats that showed up this year.
Ransomware has been around for a few years, but this form of security threat has exploded on the scene as a concern for consumers and business users alike. Attackers will install encryption software on a device to infect the hard drive. At this point, the attacker demands some sort of ransom (usually money, often cryptocurrency) or they will delete the encryption key and render the encrypted data useless.
Ransomware comes in many shapes and sizes and demands that we all pay much more attention to our security and data backup solutions.
Single Factor Passwords and Authentication
Advanced hacking tools and widespread data breaches are rendering single-factor authentication obsolete.
Norton security reports that 4.1 billion (with a b) records were exposed during 3,800 publicly-exposed data breaches in 2019. That means personal data, like passwords, are fair game if they get caught up in these security events.
Since passwords themselves are no longer reliable, many service providers are switching to mandatory two-factor authentication (either through mobile devices or biometrics). If you aren’t using two-factor authentication, then you are skipping out on an increasingly necessary security measure.
Distributed Denial of Service Attacks
DDoS attacks have been around for decades, and yet they remain one of the major forms of security threats in 2019. This form of attack has been central to both business and governmental security issues in 2019. These sorts of threats are perhaps the most well-known and the most difficult to put out.
Speaking of well-known attacks, phishing scams are still a huge threat to businesses around the world. “Phishing” is when a hacker counterfeits their email to look like it came from a trusted source. This can be from a well-known company (for consumers) or an executive inside a business organization.
In either case, these emails use our general lack of attention and the sheer volume of email we receive to slip through the cracks and get private data from us, like passwords or email addresses.
This threat isn’t going away, either: phishing attempts grew 40% in 2018 and maintained pace in 2019.
Social engineering is a sort of “catch-all” for noncomputer-based attacks. However, hackers have become increasingly good at using customer service hotlines and emails (similar to phishing) to gain access to user’s computers.
In what has been increasingly common in 2019, hackers will make direct phone calls to users of popular services or utilities pretending to represent their provider. They will trick that user into giving them remote access to their computer, at which time they can steal whatever information they want.
These attackers prey on many users’ inability to differentiate real companies from fake ones, and an overall lack of literacy when it comes to cybersecurity.
Internet of Things (IoT) Devices
The Internet of Things (IoT) is one of the newest and hottest trends in tech. IoT devices are revolutionizing business, emergency services, and home services.
A problem that experts are realizing is that many IoT manufacturers, especially in the consumer sector, are not treating security seriously for these devices. Since they often connect to home networks as part of their functionality, this presents a huge attack vector for hackers looking to steal data.
More companies are beefing up default security on their devices, but there is still some catching up to do.
This relatively new form of security threat feeds into the cryptocurrency trend sweeping across the globe.
In short, an attacker uses malware or some other delivery method to infect hundreds, if not thousands, of computers. Instead of (or, at least, alongside of) stealing user data, these programs steal CPU time and power from the infected computer and use it to mine cryptocurrency (typically Bitcoin).
Bitcoin and other cryptocurrencies require users to participate in, or “mine”, coins to keep the network generating value. With the mining race heating up, hackers turn to CPU theft to compete and earn money.
The malware threat to mobile phones has lagged as compared to desktop operating systems. However, with more mobile devices being connected then ever before and sharing more data about users every single day, mobile malware threats have been booming.
In 2019, fake apps posing as popular companies or brands seemed to explode on mobile app markets like the Apple Store and Google Play store. These apps would present users with an experience similar to a real branded app but steal data in the background.
Advanced Persistent Threats
These threats are similar to general-purpose malware, but instead of damaging systems they wait quietly in the system to infect more and more computers.
For example, the popular messaging app WhatsApp fell victim to an APT threat that let the attackers listen to users, read encrypted chat logs, and install spyware on their devices. The APT threat did not disable the devices or the network but rather used the network to expand its spying capabilities over time.
These attacks are often difficult to see and can come through any number of common vectors, making them hard to catch once they’ve been released into the wild.
Unpatched and Un-Updated Vulnerabilities
Another common and avoidable security threat is the ever-present issue of unpatched, unsecured, un-updated software. Security Boulevard writes that upwards of 60% of all data breaches are because attackers leveraged known vulnerabilities in software. Even though some of these vulnerabilities had already been fixed in core software or API implementations, the organization was not secure because they were never updated by the end-users.
Companies providing managed security services often tout their automatic updating capabilities, but many institutions still do not implement fail-safes to ensure up-to-date software.
The Bottom Line
While new security threats emerge yearly, 2019 reflects a core issue that has been at the heart of cybersecurity since there was such a term: maintaining good security practices. The above-listed threats often come from a motivated hacker finding attack vectors that end users have not, or will not, address, such as software updates, security training, and more.
2019 was a year where new technologies opened up different areas of attack, especially in the IoT and mobile markets and the world of cryptocurrency. These threats aren’t going away in 2020, but security experts are mobilizing new countermeasures to deal with them every day.