Top Cyber-Attack Vectors – Past, Present, and Future

Are you wondering what exploits represent the biggest threats in 2019?  It can be difficult and expensive to defend against everything.  If your company is budget-constrained, it may make more sense to defend against what is “likely” instead of everything that is “possible.”  Today we look at some of the biggest cyber-attack methods from the past, the present and the future.

Past

While these threats are by no means non-existent, the cyber-criminals and threat actors have moved on from these exploits to newer and more profitable schemes.

  • Crypto-ransomware – There is significant overhead for a criminal organization running a data encryption and ransom campaign, including the high cost of providing human tech support to your victims.  Additionally, most of the endpoint anti-malware companies have developed solutions that defend against the spread of the encryption process.  If you install one of those products, such as Sophos Intercept X, you should be protected from this one.
  • DDoS – Again, by no means over, but this exploit has not been a particularly good money-maker for cyber-criminals.  These DDoS botnets are being redeployed in crypto-mining and crypto-jacking exploits.
  • Malware and Scareware – Exploits like the fake anti-virus style campaigns are all but dead.  We still see fake security pop-ups being used by the fake tech support players out there.  Again, there is a higher cost to run these scams, as they require a lot of human “tech support” agents.  With the recent takedown and arrests of 6 fake support gangs in India, we may expect to see less of this in the future, hopefully.

Present

These exploits represent some of the most successful and most profitable attack over 2017 and 2018.

  • Email Account Hijacking – The FBI says this was the top money-maker in 2017, and I expect it will retain its top spot when the 2018 data comes put in May 2019.  This is maybe the worst cybercrime that can happen to you, and if you need to know why, check out the articles I have posted before about email account hijacking.
  • Personal Data Breach – Data losses like the Equifax breach represents ongoing threats to all of us.  The stolen information is sold on the Dark Web.  This is the second most profitable exploit.
  • Identity Theft – The stolen data is sold to identity thieves and used in a variety of money making schemes, including credit card fraud.
  • Corporate Data Breach – Information stolen in this scheme may be valuable intellectual property that is sold to competitors, or may be held for ransom, sold on the Dark Web, or used in extortion schemes.
  • Phishing – Phishing is the number one cause of network intrusions and computer hijacking.  It is often the opening act in an extended exploit.
  • Crypto-jacking/Crypto-mining – These exploits use hijacked computers phones and other devices to mine for crypto-currencies such as BitCoin and Monero.

Future

  • Biometric Hacking – Spoofing techniques to bypass or trick fingerprint readers or facial recognition software.
  • Banking Attacks – Cybercriminals are moving past simple ATM skimmers to putting malware onto banking systems to permit larger thefts.
  • Wireless Carrier Attack – These attacks may be to steal subscriber information, or to take down an entire wireless network.
  • Cloud Vendor Attacks – There have been some successful attacks against these companies already.  Attacks on cloud service providers would potentially provide access to the information of hundreds of client companies.
  • Online Gaming Attack – Targeting gaming networks for personal information, credit card information, and valuable game tokens and objects could be

Cyber-criminals and other bad actors have become adept at changing their tactics and targets, and staying one step ahead of common security measures.  These are threats to be looking for in the coming year.

More information:

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.