Below is a roundup of the biggest cybersecurity news stories from the past month.

January is over, and it’s time for security professionals around the world to sweep up the confetti and start digging in on their New Year’s resolutions. During the first month of 2018, we saw everything from a CPU vulnerability to advanced Internet of Things (IoT) exploits, physical ATM attacks and new cybercriminal trends driven by the cryptocurrency gold rush.

Let’s take a closer look at how these stories are shaping the cybersecurity landscape as the industry gears up for another year of escalating threats.

Taking Stock of the Top Cybersecurity News Stories From January

On Jan. 9, a Ponemon Institute report titled “What CISOs Worry About in 2018” revealed that chief information security officers (CISOs) are less confident than ever about their susceptibility to cyber risks. According to the study, two-thirds of security leaders believe their organizations will suffer a cyberattack or data breach this year, and many fear that third-party partners will be the vulnerability point. In addition, 70 percent of CISOs cited lack of competent staff as their top challenge. Their concerns are understandable considering that cybercriminals stole $172 billion from 978 million consumers in 20 countries last year, according to Symantec.

January also saw an explosion of cryptomining attacks. In recent weeks, threat actors made off with $400 million worth of a digital currency by penetrating Japanese cryptocurrency exchange Coincheck. That news came just days after Ernst & Young estimated that nearly $400 million worth of funds raised in initial coin offerings had been lost or stolen. That’s more than 10 percent of the proceeds.

Cryptocurrency has become a playground for attackers, who have recognized that they can score bigger payoffs by turning users’ computers into nodes on a massive coin-mining network than they can by attacking users individually. In fact, SiliconANGLE reported that ransomware attacks are on the decline as criminals seek safer and more lucrative returns in mining.

One such attack has been ongoing for more than four months, affecting an estimated 30 million users around the globe. In most cases, victims don’t even know they’ve been compromised. Miners can use rogue JavaScript controls to hijack a system from an open browser window. Some attackers even buy their ads legitimately before replacing the contents with malicious code.

Top Exploits of 2018 So Far

In cybersecurity, there’s always something new to worry about. This month’s headache is jackpotting, a physical compromise scheme in which thieves hijack ATMs and force them to spit out cash. Brian Krebs first exposed the phenomenon, which encompasses a variety of techniques, such as using an endoscope — a device used by doctors to look inside the human body — to locate ports inside the machine where a crook can attach a cable that syncs with his or her laptop.

Voice-activated assistants have also found themselves squarely in cybercriminals’ crosshairs. According to Communications of the ACM, sound waves can be used to rewire circuits in IoT devices to deliver incorrect readings, cause control systems to malfunction or even execute commands using voice instructions hidden in music. Because the threats use analog media, they aren’t easily combated with digital protection.

Emerging Malware Trends

One thing that defines every January is predictions for the year ahead. What trends will define the security landscape in 2018? The IBM X-Force team has a few ideas.

  • Botnet attacks will become more frequent as cybercriminals exploit vulnerabilities in IoT devices. Last summer, a consortium of technology firms took down a botnet that compromised tens of thousands of Android devices using exploits in seemingly legitimate apps from the Google Play store. Any device can now potentially become a participant in a distributed denial-of-service attack (DDoS).
  • Failure to patch known vulnerabilities continues to be the primary culprit in large-scale attacks. Less than 1 percent of vulnerabilities in 2016 were considered zero-day, according to the IBM X-Force vulnerability database. Applying patches has never been more important.
  • Cloud services are presenting new attack vectors as misconfigured permissions or simple oversight leaves data exposed. Cloud databases leaked over 2 billion records in 2017, and the X-Force team asserted that server misconfigurations were responsible for 70 percent of them.
  • Thieves are increasingly extorting large ransoms for stolen high-value data. Victims in 2017 included a popular video streaming service from which preproduction versions of popular shows were stolen and several plastic surgery clinics whose photos of celebrity clients were held for ransom. With ransomware becoming a hit-or-miss proposition, attackers are focusing more on big money opportunities.
  • Phishing attacks will become more sophisticated as perpetrators use spear phishing to target individual victims, often spoofing their email accounts and writing style with personalized messages.
  • As noted above, cryptocurrency theft will soar with the growing value of blockchain-based digital money.

Risk Management Resolutions

Failure to patch is only one of the five epic security fails we outlined this month that put organizations at increased risk. Another is the tendency to become complacent once compliance is achieved on paper and neglect to update certifications and skills. A third major blunder is failure to centralize data security, which can impede efforts to keep up with the constantly shifting threat landscape.

Organizations that do not assign responsibility for data put themselves at even further risk. After all, if no one owns the data, no one is likely to protect it. Finally, failure to monitor data access enables cybercriminals to simply walk in through the front door, so to speak. It’s important to shut down access privileges immediately once an employee is terminated or otherwise leaves the company.

Consumers Warm Up to Security

IBM Security’s new “Future of Identity Study,” which surveyed nearly 4,000 adults from around the globe, revealed that consumers are beginning to prioritize security above convenience. Respondents ranked security as their top priority, over both convenience and privacy, when logging in to the majority of applications, especially apps dealing with money and financial transactions. The survey also found that biometrics are becoming mainstream, with 87 percent of consumers saying they’ll be comfortable with the technology in the future.

In addition, the study noted that although millennials have grown up with information technology, they aren’t as careful as their elders about passwords. Young people are less likely than other groups to use complex passwords and more likely to use the same password many times. However, they are also more inclined to use password managers and biometrics, which can help provide additional security layers without adding extra passwords to memorize.

Read the complete IBM Study on The Future of Identity

Gearing Up for Six More Weeks of Winter

With the new year in full swing, the start of February is an excellent time to take stock of the past month’s cybersecurity news headlines and trends, and gear up for whatever threats will emerge in the coming weeks. It’s a lot to take in at once, but awareness of the latest shifts in the threat landscape can go a long way toward helping enterprises and individual users steer clear of the cybercriminal flavor of the month.

More from Risk Management

Working in the security clearance world: How security clearances impact jobs

2 min read - We recently published an article about the importance of security clearances for roles across various sectors, particularly those associated with national security and defense.But obtaining a clearance is only part of the journey. Maintaining and potentially expanding your clearance over time requires continued diligence and adherence to stringent guidelines.This brief explainer discusses the duration of security clearances, the recurring processes involved in maintaining them and possibilities for expansion, as well as the economic benefits of these credentialed positions.Duration of security…

Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709

4 min read - On February 19, ConnectWise reported two vulnerabilities in its ScreenConnect product, CVE-2024-1708 and 1709. The first is an authentication bypass vulnerability, and the second is a path traversal vulnerability. Both made it possible for attackers to bypass authentication processes and execute remote code.While ConnectWise initially reported that the vulnerabilities had proof-of-concept but hadn’t been spotted in the wild, reports from customers quickly made it clear that hackers were actively exploring both flaws. As a result, the company created patches for…

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today