Online threats and attacks are growing in leaps and bounds. In 2016, there were over 401 million unique versions of malware generated, most of which were distributed via email attacks.

The wide spectrum of online threats

While online threats are growing, they aren’t all as sophisticated as WannaCry or Mirai. In fact, some of the most devastating threats are perpetrated by hackers using basic tools like email, but can cost businesses millions of dollars.

In this blog post, I share seven kinds of online threats that captured our attention in 2017.

1. Phishing attacks

A phishing attack takes place when a hacker sends a fraudulent email to a victim. Phishing emails usually take two forms: they appear to be sent from a trusted email address, or the email’s design and formatting is made to appear legitimate.

Phishing emails typically include an attachment, which when clicked on unleashes malware onto your computer or mobile device.

 

online threats

Source: Symantec Internet Threat Report 2017

—-

NOTABLE STAT:

The email malware rate increased significantly during 2016, from 1 in 220 emails sent containing malware in 2015, to 1 in 131 emails in 2016.

Symantec Internet Security Threat Report 2017

—-

2. Whaling attacks and Business Email Compromise scams

‘Whaling’ is a form of phishing with a twist. Hackers target businesses by sending email requests to financial staff while pretending to be senior staff members or C-level executives. The request is for a large money transfer.

Whaling attacks pose a serious threat to businesses globally, as they require very little expertise to execute but can be highly rewarding for scammers.

Over the years, BEC scams have gathered momentum and the FBI has warned all corporates with offices in and outside of the US to pay special attention to requests for money transfers.

—-

NOTABLE STAT:

In 2016, an Austrian aerospace company, FACC, fired its CEO after it lost almost US$50 million to BEC scammers.

Symantec Internet Security Threat Report 2017

—-

3. Ransomware

Ransomware is a type of malware designed to block access to a computer system until a sum of money is paid.

In 2017, the world was rocked by Petya and WannaCry, both ransomware threats with requests for low sums of money. While the attacks were designed to target individuals, businesses were hardest hit.

Ransomware has become and will continue to be an easier form of threat that more cybercriminals will use due to the rise of the Ransomware-as-a-Service industry.

—-

NOTABLE STAT:

Cyber risk modeling firm Cyence estimates the potential costs from the WannaCry hack at $4 billion.

Cyence

—-

4. Malware infecting mobile devices

Malware is a term used to refer to malicious software and is a combination of the two words.

Malicious intent is any form of action that is performed by a piece of software without your permission, and these threats have grown in the mobile space.

Recently, Apple’s App Store found that dozens of apps with malware had somehow entered the App Store undetected.

We see malware as a dark cloud that will continue to loom over the mobile phone industry.

—-

NOTABLE STAT:

Symantec observed 18.4 million mobile malware detections in total in 2016, an increase of 105 percent on 2015.

Symantec Internet Security Threat Report 2017

—-

5. Business Process Compromise attacks

A somewhat new kind of attack, Business Process Compromise, happens when hackers manipulate the day-to-day operations of a business in their favor.

In 2013, South American drug traffickers intercepted the Port of Antwerp’s network to track the movement and location of containers.

With access, traffickers were able to retrieve the cargo at a secluded place before the naval police could swoop in and foil their operation.

—-

NOTABLE STAT:

In 2016, $81 million was lost by the Bangladesh Central Bank due to a Business Compromise Attack.

Trend Micro

—-

6. DDos attacks

DDos (Distributed Denial Service) is a type of attack where a hacker takes control of a large group of computers or devices and uses them to flood a victim’s device (server, computer or mobile phone) with requests for information.

With the increase in requests that the victims cannot manage, the device crashes.

In 2016, Mirai became the most famous form of Ddos attack on IoT devices. According to Symantec’s Internet Threat Report for 2017, Mirai attached an IoT device once every minute.

—-

NOTABLE STAT:

The Mirai botnet came from as many as 100,000 endpoints, and data packets were coming at it at a speed of up to 1.2tbps.

Dyn, Inc.

—-

7. Artificial Intelligence-enabled attacks

AI is a topic that few are comfortable approaching. While many businesses see the upside to using AI to streamline processes and ultimately generate more revenue, there are others who see the darker side of what it can become.

AI-enabled attacks are possible and can also be highly successful; in fact, more successful than those perpetrated by humans.

In 2016, an experiment by security firm ZeroFOX proved that AI hackers were able to simulate more spear-phishing attacks (sending fraudulent tweets from a known or trusted account to induce targeted individuals to reveal confidential information) faster, and at a higher success rate than their human counterparts.

—-

NOTABLE STAT:

SNAP_R, an AI, sent simulated spear-phishing tweets to over 800 users at a rate of 6.75 tweets per minute, luring 275 victims. By contrast, Forbes staff writer Thomas Fox-Brewster, who participated in the experiment, was only able to pump out 1.075 tweets a minute, making just 129 attempts and luring in only 49 users.

GIZMODO

—-

Online threats are growing, and scammers are using both sophisticated and simple means to exploit sensitive information.

Do you have any thoughts on what the next big threat will be?

Beat Man-in-the-middle attacks with Strong SSL Encryption on your website

TrustTheSite.com is a platinum reseller of VeriSign, Thawte, GeoTrust, Comodo, RapidSSL and Digicert SSL certificates. We offer the best pricing backed by personalised client support.

Call us on +27 23 004 0196 for a free no obligation discussion about your business needs and we’ll help you find the right certificate for your brand.

Share This