It’s that time of year again; time to be weary of scary things jumping out on your screen when you’re least expecting it, of monsters following you into your dreams and escaping from your [data] closet. I’m referring, of course, to National Cyber Security Month, the month to take extra care when it comes to protecting your organisation from cyber-gremlins. And I’m sure you’ve been hearing about it non-stop for the last three weeks; participating in the office games, including ‘bobbing for malware’, ‘pin the data on the phishing attempt’ and ‘pass the ransomware’. All party classics. Regardless, it’s an important issue that gets pushed to the side all too often throughout the year. So now is the time to make that extra bit of effort to make sure that you’re protected should the Big Bad Cyber-attack knock on your door (or make you realise just how badly your straw house was lacking).
To switch things up a bit, I thought it would be clever to start thinking about what lies ahead, when the dark, cold nights and endless Christmas parties make way for snow in April. Now is a good time to start planning for 2019, and what the cyber landscape might look like next year. I’ve dusted off my crystal ball and called upon the spirit of Google to tell me exactly what cyber security threats we’re most likely to hear about next year. So buckle up, take notes, and be prepared to impress your boss with your savvy goal-setting ambitions. You’re welcome in advance.
It seems like the world spent the entirety of 2018 running around trying to put out phishing fires. Unless you live under a rock, or are lucky enough to spend your days on a wifi-less beach, you can’t have missed the crazy number of phishing attacks that were publicised. Every second cyber security article had details of attacks and startling statistics (76% of businesses reported being a victim of an attack in 2018 so far). Alas, while phishing has been around since 1980, it has just been ramping up in popularity and severity over the last year or so. When it comes to internal threats, it’s by far the easiest way to get access to sensitive information. According to a Verizon report, 30% of phishing attacks get opened by American users, with 12% of those targeted by the emails clicking on the infected links or attachments. The element of human error makes it that much more appealing. Unfortunately, the only solution to phishing (for the time being anyway) is to train your users to be extra vigilant when opening emails from external sources, and make sure your spam filters are extra strong.
Here’s an interesting (albeit worrying) one; your new smartphone being compromised before it even gets in your hands. Malware is another one of those evil little buggers that can really cause trouble if you’re not very careful. Like phishing, it’s becoming a prevalent part of the internet landscape that users have to be wary about, kind of like not playing in traffic and eating your vegetables. In a society where being always-on is a necessity, mobile phones have become replacements for desktop computers. Think about it, what do you store or have access to on your laptop that you don’t on your phone? The data your phone collects on a daily basis is a very attractive target for cybercriminals. But the modern cybercriminal doesn’t have to stand on a street corner and ‘accidentally’ bump against you to steal your mobile, and ergo your data. Apps are an easy hands-free way to bypass security measures and cause trouble without even clicking on a malicious link. There have even been reports of smartphones leaving the factory floor with malware built in! This malware, called Cosiloon, can send users to download dodgy apps that they didn’t intend on accessing. The app is passive, only visible to the user in the settings section, but then connects with a website to grab the payloads that hackers want to install on the phone.
Speaking of phones, surprise, surprise; cryptocurrency is going to continue to be a massive deal in 2019. And since it is, the dollar signs in the eyes of hackers are getting even bigger. Cryptomining was a new trend for 2018, but without a doubt will gain traction during the next year. Uber-clever cybercriminals infect machines to commandeer their CPU power and steal Bitcoin. What we will most likely see in 2019 is the rise of cryptomining through mobile devices. Since cybercriminals need the infected device to be running to access the processing power, it only makes sense for them to move onto always-on mobile devices. Clever, huh? Many hackers simply create useful and legitimate apps, such as calculators, music videos or voice recording technology, and then embed a script that allows the cryptomining plugin to work silently in the background (don’t start getting any ideas). Since the nature of mobile is to simply make everything so damn complicated and finicky, you probably wouldn’t even notice the extra tab on your browser. The only thing that would indicate that you were a potential victim would be the quick-draining battery. But let’s face it, how often would you attribute awful battery life to a hacker, rather than just having an older phone? “You’d need terrible mobile security!” you might guffaw, pitying the idiot commoner that wouldn’t think of protecting their mobile devices (oops, that would be me). Alas, cryptomining doesn’t technically compromise the security of the device, as it doesn’t bypass security systems or install any rogue software. If you think you’re being clever by installing app-only or endpoint-based security solutions, you won’t be the one laughing (I don’t feel so bad then).
CheckPoint’s SandBlast Mobile is one fabulous piece of software that can and will protect your mobile devices. It protects users from threats to the OS, apps and network, and boasts the industry’s highest threat catch rate. Zero-day malware, using a software vulnerability for which there isn’t any available fix or defence at the moment, is being created and released onto unsuspecting victims every day. SandBlast Mobile blocks zero-day malware (I think it’s magic, actually), and prevents phishing on your apps. If you’re worried about infected devices accessing corporate data, it will intuitively block the device, while also blocking infected devices from sending on sensitive data to botnets. Possibly the most innovative feature of SandBlast Mobile is how it mitigates threats without having to rely on a management platform, which means that you’re protected even when you might not be on the ball (mobile attacks can also happen after late nights- you can’t have Spidey senses all the time!). Regardless of what you do or access on your mobile, if you work from your phone- even if it’s just to reply to emails- SandBlast Mobile is the all-encompassing solution for you. Well then, we can pretty much strike off two of those potential 2019 issues with just one technology!
We’re all for embracing the future here at Cetus. There is so much to look forward to, and so many awesome new technologies- both malicious and not- that will come about, regardless of how well you try to prepare. Working with CheckPoint, we feel reassured that our cyber security is covered, regardless of time, place or device. If you’re interested in what our experts have to say about all the cool things that CheckPoint offer, you can have a chat with them with here. And don’t forget to tell us what you think; what will 2019 have to offer by way of cyber security threats?
Missy Beaudelot – Digital Marketing Executive
With a background in journalism and an interest in all things tech, Missy keeps our social media in check while monitoring our websites and developing our digital presence.