Is your business prepared for these new cloud security threats?

By Nicola Wright

Cybersecurity threats are so prevalent today that it’s not a case of “if” cyber-criminals target your business, but “when.”

The tactics used by organized cyber-criminals the world over are constantly evolving. Cybersecurity is an arms war, and the best defense you have against these relentless attacks is awareness.

Though hacking is prevalent, a much higher percentage of cyberattacks involve the distribution of malware, phishing, or social engineering, all tactics that target and exploit the unawareness of users.

Keeping up to date with the latest trends and innovations in cybercrime that could threaten your business is vital in defending against inestimably damaging attacks.

The cybercriminals’ old favorites, like ransomware and phishing, aren’t going anywhere, but as the digital world evolves, new risks arise. Our increasing use of cloud computing and our growing network of online assets and infrastructure increases the surface area and can leave businesses more vulnerable to attack if they don’t take proper precautions.

Cybersecurity is a journey, not a destination; a set-it-and-forget-it approach can be a death sentence for many businesses. No tool or technology can offer 100% protection, so to safeguard your organization to the best of your ability, you need to remain in step with developments in the security space.

To help you stay ahead of the curve, we’ve put together a few things to watch out for in the coming year.

Cybercrime will cost the world more than $6tn annually by 2021, up from $3tn in 2015 - CyberSecurity Ventures

Exploitation of IoT devices

The Internet of Things continues to expand by the second. We’re connecting more of the devices we use every day to the cloud all the time, and this interconnected web of assets brings not only productivity and convenience to our lives but also increased risk when it comes to cybersecurity.

Every new device that joins the IoT is a new target for hackers and extortionists, who’re employing increasingly sophisticated AI and machine learning tools to listen in on our day-to-day lives. These digital infiltrators are using personal and commercial information gathered through compromised devices like smart TVs and voice assistants to extract cash from users.

We’ve already seen this business model employed in attacks on consumer devices, and soon, we’re likely to experience a rise in cases targeting industrial machinery too.

Cybercriminals are also using IoT devices to access unsecured corporate networks and deliver malware. Once compromised, these infected IoT devices can be used to drive wide-reaching DDoS attacks, as we saw with 2017’s Reaper botnet attack which targeted vulnerabilities in IP cameras.

In 2019, it’s estimated that more than 100 million IoT attacks occurred across the world, often exploiting unpatched software or lax security practices by device owners.

How important is security when selecting a cloud vendor? AWS customers weigh in.

Packed with over 60 pages of insights, stats, and commentary, the Jefferson Frank Salary Survey is the ultimate guide for anyone working with Amazon Web Services products.

Take a look

Deepfake phishing

By the time awareness of new technology hits mainstream consciousness, you can guarantee that cybercriminals are already working on ways to employ it in their attacks. Deepfakes are no exception.

We’ve already seen the mind-blowing power of a well-executed deepfake. As the technology becomes not only increasingly convincing but also accessible, we’ll see these AI-powered counterfeits unleashed against businesses more regularly.

Whether its manipulating employees into sharing sensitive information or funds, by imitating a trusted person of authority, using deepfake images to bypass biometric security measures or the creation of deepfake video as a means of blackmailing users, deepfake is coming into its own as a weapon of cybercrime.

Last year, hackers defrauded a UK energy company out of €200,000 using software that mimicked the voice of its CEO. The thieves instructed an employee, who believed he was speaking to his boss, to wire the cash to a supplier. By the time the employee realized the call was fishy, the money had been dispersed around the world.

Forrester estimates that deepfake-based cybercrime will cost businesses over a quarter of a billion dollars in 2020.

The average cost of a data breach is $3.92m as of 2019 - Security Intelligence

Increasingly sophisticated ransomware

If you think your business is wise to ransomware, think again.

Cyber-crooks are developing new techniques to maintain the effectiveness of their ransomware, including partnering up with other malicious actors to exploit opportunities.

Security firm MacAfee has reported a rise in hackers pitching access to businesses they’ve penetrated to developers, intending to create customized ransomware that can be deployed for maximum effect.

In 2020, we’ll likely see this increasingly personalized targeting of organizations more often, with more criminals seeking to maximize the profitability of their attacks. Many are doing this by not only distributing destructive ransomware and extorting victims for the return of access to their systems, but also wringing victims a second time by threatening to leak sensitive data stolen during the first strike.

Others are installing cryptocurrency miners into compromised business networks before deploying the ransomware itself, allowing the hackers to use the infected machine to mine cryptocurrency. While this growing and hard-to-detect practice, known as cryptojacking, does no damage to devices or their data, it is a massive drain on computing resources and can be a symptom of more significant security issues.

“Patch gap” attacks

With so many of today’s popular platforms utilizing open-source components, many organizations are vulnerable to attack thanks to patch gaps.

When a flaw in an open-source component is resolved and a patch issued, it may not always immediately be applied to the software that uses it; this window of exposure in which software isn’t fully up-to-date is known as a patch gap.

According to a recent survey, a massive 57% of organizations who’ve been the victim of a cyberattack stated that the breach could’ve been prevented by installing patches. In many cases, businesses lack either the knowledge or the resources to keep on top of patching their software.

Hackers attack every 39 seconds - 2,244 times a day on average - University of Maryland

Code injection attacks

Code injection attacks take advantage of poorly written code that enables hackers to introduce their own code into an application for malicious purposes. Code injection attacks, also known as Remote Code Executions, can take many forms and target many platforms, from SQL Server to languages like Python and PHP.

Once an application is compromised, code is inserted and executed, causing all kinds of damage, from modifying data and privacy properties to stealing information and even bypassing authentication controls to gain access to the broader network.

Often, hackers hide these malevolent blocks of code in third-party libraries to be unsuspectingly downloaded and deployed by users.

Already this year, security professionals have identified a JavaScript vulnerability in WhatsApp’s desktop and iOS applications that could allow hackers inject code and create destructive push notifications that hoodwink the user into downloading malware.

Targeting of 5G networks

The roll-out of 5G networks will revolutionize how we communicate, work and access information, bringing data transfer rates up to 10 times faster than the 4G networks we’re accustomed to.

This breakneck speed is excellent news for anyone accessing web-based data and services on the go, including cybercriminals. Through the interconnected web of the 5G network, more devices, housing more information, will be connected to one another than ever.

Despite boasting more robust encryption and improved user verification, 5G opens up a whole new channel of information transfer, making it far more difficult for organizations to keep track of the massive volumes of data being exchanged and the vast number of access points being used.

And then there’s the unavoidable fact that new technology is automatically more vulnerable simply by virtue of being new; hackers will seek out vulnerabilities as yet unforeseen and take advantage of new users’ lack of awareness of security best practice.

Need cloud security professionals to help lock down your business?

Take a look at our database of pre-screened AWS professionals and take the first step toward landing the best administrators, developers, and architects in the market.

Take a look

AWS Insights Now

Get the latest AWS news and views delivered straight to your inbox

We'd love to send you Jefferson Frank’s AWS career insights and tips by email, phone or other electronic means.