Five current cyber security trends

1. Automotive hacking is on the rise - Dayan

Automotive hacking is gaining unauthorised access to a vehicle's computer systems. People have managed to gain access to vehicles they don't own, such as unlocking a car door and more advanced things such as connecting wirelessly through Wi-Fi or Bluetooth.

In today's world, most cars are more electronic than ever. According to research by the consulting company McKinsey, a typical automobile nowadays contains roughly 150 electronic control units and approximately 100 million lines of code.

By 2030, it is predicted that a commercial vehicle would have 300 million lines of software on board.

The high-level threats are that an attacker could:

• Remotely control the vehicle
• Switch off the vehicle
• Spy on the occupants of the vehicle
• Lock/Unlock the vehicle
• Track the vehicle
• Destroy the vehicle's safety systems
• Install malware in the vehicle's systems
• Steal the vehicle

How to prevent these types of attacks:

• Update your systems - It is vital to keep your systems software up to date, to ensure you have the latest bug fixes.
• Password protect and limit access - Password-protect your accounts and limit the number of people who have access to your vehicle.
• Be careful of third-party software - Only use software which is authorised by the car manufacturer. Having third-party software will expose your vehicle to potential harm.

2. The new target is mobile - Ryan

Mobile phone security has not kept up with the evolving threat landscape it faces. Despite this, many still believe mobile phones to be much safer than computers for browsing the web. People often use a single phone to access most of their sensitive accounts, such as for online banking, making mobile devices a prime target. With more people currently using their phones to browse the internet than computers, and the high value that a single compromised device yields, these insecure devices are becoming the prime target for cyber criminals.

3. Artificial intelligence's potential (AI) - Ryan

AI has high potential in the cybersecurity industry - for both good and bad. AI based threat detection systems can be used to learn the normal operating activities of a computer system, and detect better than a human, when an anomalous behaviour has occurred. AI can also be used to predict which types of attack will become more prevalent and could even be used to predict new types of attack.

However, AI can also be implemented by cybercriminals. Whilst the AI can be used to make detection systems, AI is also being used to create smart malware, capable of avoiding detection. The emergence of deepfake technology, which uses an AI learning algorithm to create digital replicas of someone's likeness, is also posing a unique challenge to the cyber security world. By impersonating someone’s face and voice advanced spear phishing attacks can be performed, tricking the victim into handing over sensitive information to someone they believe to be seeing/speaking to.

4. Threats from within - Matt

The number one threat that can come from within an organisation is the employee themselves. This can happen in a variety of ways, such as human error like disclosing private information to a third party or general incompetence, so it's important to keep staff training current regarding security. An employee can purposefully introduce a flaw in the system that can cause devastating losses for a business as well as creating breaches in company-wide privacy.

An example from the United States, according to the Verizon 2022 DBIR (Data Breach Investigations Report) in Mining, Quarrying, and Oil & Gas Extraction + Utilities, there were.

Frequency

• 2337 Incidents.
• 338 Confirmed data disclosure.

Pattern

• System Intrusion, Basic Web Application Attacks, and Social Engineering.
• 88% of breaches

Threat Actors (Hackers, Malicious actors)

• External (96%)
• Internal (4%)

Criminal Motivations

• Financial (88%)
• Espionage (11%)
• Grudge (1%)
• Breaches (1%)

Data Compromised

• Personal (58%)
• Credentials (40%)
• Other (36%)
• Internal Breaches (14%)

Ways to protect your company from breaches:

• Current staff training.
• Up-to-date Software and methodologies.
• Giving staff the least amount of account privileges to complete their task (prevents the employee from doing things that could potentially harm company).
• Training on avoiding social engineering: like not blindly accepting an email to send money as someone posing as a CEO.

 

5. Ransomware - Dayan & Abdullah

Ransomware is a type of malware which prevents you from accessing your device and the data stored on it, usually by encrypting your files. A criminal group will then demand a ransom in exchange for decryption.

If you’ve been keeping up with the news, you will see ransomware is a big problem in today’s cybersecurity world.

The AIIMS (All India Institute of Medical Sciences) attack is one recent example. At least five servers have been infected as a result of the cyber-attack. The hospital services have now been operating in manual mode since the cyber-attack.

The primary goal of the hackers was to extort money. According to the PTI news agency, hackers allegedly demanded a ransom of Rs 20 million (roughly £199,202) in cryptocurrency.

The personal information of millions of patients, including government employees and politicians, has been compromised by this cyberattack.

A ransomware incident on Rackspace Technology Inc. resulted in an outage that stopped its users from accessing email for five days. The cyberattack last week "may result in a loss of revenue for the Hosted Exchange business, which generates roughly $30 million of yearly revenue," according to the cloud computing company based in Windcrest.

Ransomware attacks on local governments, businesses, schools, and healthcare providers are proliferating. Examples from the San Antonio area include the attack on the Judson Independent School District last year, which led to the payment of more than $500,000 to the hackers to prevent the release of private data on the dark web. For more than a month, the hack rendered the district's phones, computers, and emails inoperable.

3,729 complaints regarding ransomware were filed with the FBI's Internet Crime Complaint Centre last year, with losses totalling more than $49.2 million. The industries with the biggest casualties were healthcare, financial services, and information technology.

If you are interested in Ransomware attacks, NHS released a document stated ‘Lessons learned review of the WannaCry Ransomware Cyber Attack’ which you can freely access on their website: https://www.england.nhs.uk/wp-content/uploads/2018/02/lessons-learned-review-wannacry-ransomware-cyber-attack-cio-review.pdf