Moving into the fourth quarter of 2019, it’s a great time to reflect on the current cybersecurity landscape and the major events and trends which have happened this year. Almost everybody understands what cybersecurity means in the most basic sense, as the majority at least have some experience with anti-virus software.
But as we increasingly rely on computing systems to power our day-to-day lives, our cybersecurity software and processes have to become more sophisticated. With each new piece of technology, software, hardware, or device, there’s a new and increasingly complex way for our data to be accessed or stolen.
As every piece of technology we use is ultimately created by human developers, there are invariably some aspects of every technology which aren’t flawless. Each piece of technology calls for a unique way of exploiting its specific weaknesses – a flaw in its design which allows hackers to gain access.
Usually, hackers will deploy certain attacks to test computer systems, to try and identify these weaknesses. There’s not just one or two attack vectors which cyber-criminals and hackers use to compromise systems. Instead, hackers may deploy several attacks in tandem to gain access to a system.
From the widespread implementation of blockchain and internet of things (IoT) technologies to completely new threats on the horizon, Blokt explores how 2019 has shaped the cybersecurity space.
IoT Devices Present New Challenges
IoT devices are growing in popularity, used in home, office, and industrial situations for a range of use cases. But connecting a greater range of devices to our internet systems means a greater risk that they will become compromised. Connected devices, like internet routers or sensors, can be hijacked by hackers and used to send out spam mail, or incorporated into a botnet.
The National Institute of Standards and Technology (NIST) published updated guidelines in mid-2019 for the use of IoT devices, citing that the diverse range of IoT devices makes it difficult to protect and police. Among other things, NIST recommended that IoT devices keep logs of all potential cybersecurity events, however minor, to protect against them becoming part of a larger network of malicious bots.
Business Owners Bear Largest Costs of Attacks
Cyber attacks on small and medium businesses are increasing. In 2018, 61% of small to medium business owners reported that they had been victims of attacks, a 9% increase from 2017. In 2019, this figure is expected to increase further.
Each attack costs businesses an average of $383 thousand dollars, which for a small or medium business could mean significant financial hardship. Most of these attacks came from data breaches, of which 37% were identified to be a direct result of hacker attacks.
Phishing Has Increased by 65% in 2019 so Far
According to security firm Retruster, phishing attempts have grown an enormous 65% this year. Phishing attacks target information such as usernames, passwords, and payment information, using fake websites or legitimate-looking emails to steal information. Although we’re more aware of the risk of phishing attempts than ever before, people continue to fall for this attack, which is as old as email itself. So why is this?
It could be because our perception of phishing in 2019 is skewed. The majority of people are wary of opening emails and attachments from unknown senders in case they contain malware – commonly believed to be the most dangerous form of phishing. While it’s recommended not to open such mail, anti-phishing firm Phishlabs reported that 98% of phishing emails actually contained no malware.
Instead, most phishing attempts are actually perpetrated through incredibly legitimate-looking emails. For example, Phishlabs found that 31% of emails posed as internal HR or finance providers and a further 27% of phishing emails disguise themselves as e-commerce sites, which then prompt users to log in through a fake website.
It’s at this point that attackers lift your credentials and use them to log in to your real accounts – not malware, as commonly thought.
Polymorphic and Metamorphic Threats Are on the Rise
Polymorphic attacks, which evolve as they spread across a user’s computer, make up an estimated 93% of malicious executable computer viruses in 2019. Polymorphic and metamorphic malware adapt and evade traditional antivirus software, which makes identifying and eradicating these viruses incredibly difficult. Both consumers and businesses are targets of polymorphic malware, with consumers – that’s you and I – comprising 68% of malware endpoints.
Polymorphic malware programs can include spyware, which monitors your activity and reports your keystrokes to attackers; trojans, which disguise themselves as harmless programs or files and gives attackers remote access to your PC; or viruses and worms, which can disable host computers or siphon off data at will.
Digital Asset Theft
Whilst digital assets are promising a disruption to the way we store and transact value, they are also opening up whole new ways by which to steal value too! Although many digital asset thefts are caused by other common attack methods, most of which we discuss here, they are nevertheless proving to be an easier target for attackers to steal.
This is evidenced by the huge $1.2 billion in cryptocurrency, which was stolen in the first quarter of 2019 alone. According to blockchain crime prevention company Ciphertrace, over $355 million was stolen from exchanges and infrastructure alone, a huge part of which was drained directly from user wallets and accounts.
Up to 57% of Attacks Make It Past Traditional Antivirus Software
This might be the most shocking statistic on our list, though it’s no revelation to cybersecurity experts that over half of all attacks make it past antivirus software. The reason for this is that most antivirus software, no matter how sophisticated it is, can only identify threats it has some prior knowledge of.
When a new threat emerges, which carries none of the hallmarks of a previously deployed exploit, it’s incredibly difficult for antivirus software to detect – so difficult, that only 43% of exploits are stopped. However, new technologies such as artificial intelligence and machine learning are helping to identify and stop new attacks as they emerge.
Mobile Threats See a Decrease From 2018
In 2019, more people access the web through their smartphones than through other devices, with 3.9 billion active mobile internet users. As a result, mobile attacks represent one of the most problematic forms of a cyber attack, usually deployed when a user downloads an app loaded with malware.
Despite this, the first quarter of 2019 saw a marked decrease in malicious installation packages from mobile users, down from over 1 million in Q1 2018, to just 905 thousand. While this may still seem high, a decrease of almost 100 thousand malicious installs is a big achievement for cybersecurity.
Local Government Agencies Are Falling Victim to More Attacks
Although 2018 saw a slight year-on-year decline in total cyber attacks, there has been a marked increase in ransomware attacks on local and regional governments. According to cybersecurity firm Recorded Future, in the first four months of 2019, there were 21 reported attacks against government agencies in the USA.
Many of these attacks will take control of internal systems, access and withhold data, and request government agencies to pay the attackers a ransom in Bitcoin to restore control of systems. Only around 17% of these agencies actually pay the ransom, but some of the reported ransom demands are as high as $250,000.
Denial-of-service Attacks (DoS) See a Huge Increase
As the name suggests, denial-of-service techniques prevent users of a service from accessing a resource. This could either be a website or a piece of software. In this attack, hackers will usually launch multiple techniques to either deny service to an individual user, or to all users of a service through a ‘distributed denial-of-service’ or DDoS attack.
Often, as there’s no opportunity for hackers to steal information through these attacks, they are motivated through blackmail, activism, or revenge. According to Kaspersky, DDoS attacks are on the rise, increasing a huge 84% in the first quarter of 2019 from Q4 2018.
Beware of Cryptojacking!
Cryptocurrency mining is, in many cases, increasingly unprofitable except for large scale mining operations. This is mainly due to the huge electricity costs associated with running mining hardware. Imagine then, if there was some way of mining on someone else’s machine without them knowing?
Unfortunately, there is – it’s called ‘cryptojacking.’ A new cybersecurity threat, cryptojacking, uses the victim’s processing power to imperceptibly mine cryptocurrency. This can be through software-based mining malware, or even through website scripts. The ESET Cybersecurity Trends Report 2019, reports that cybercriminals made off with an estimated $2.5 billion in the first half of 2018, and this threat could get worse during 2019.
Increased Focus on Data Privacy and GDPR
Data privacy has been a huge focus in the last two years, ushering in wide antitrust movements following breaches such as Facebook’s Cambridge Analytica scandal, and numerous cybercrime-related breaches. In Europe, this has culminated in strict GDPR rules being enforced to protect user data.
The U.S. hasn’t followed suit – yet. Sean Atkinson, Chief Information Security Officer for the Center for Internet Security, predicts that 2019 will be a year where greater accountability for data breaches will be at the front of lawmakers agenda, with the U.S. potentially following Europe’s lead on GDPR type regulation. But even with that in place, we always recommend using a good vpn service.
Cloud Computing Security
Over 50% of 786 business respondents who used cloud computing regularly, agreed that security risks were ‘somewhat of a challenge’ to their business processes, a report in January 2019 found. The compromise of cloud computing is on the rise, and with the average large company using 923 cloud-based services, this could be a serious problem.
Among the largest risks are loss and theft of intellectual property stored in the cloud, cloud services being used as a vector for data exfiltration, and malware delivery. Also, a real danger is employees uploading sensitive commercial data to the cloud, leaving the company with their access rights intact, and then using this data at a competitor firm – giving a new edge to corporate espionage.
Bypassing 2FA Authentication
Hot off the press last month is news that the FBI is now warning users that two-factor authentication, or 2FA, is not as secure as they think. In a press release on the 17th September 2019, FBI cyber division experts warned that attackers are using social engineering to trick users into bypassing 2FA.
By tricking users into opening phishing emails as we’ve discussed above, hackers can lift access tokens for legitimate websites. The FBI press-release cites one incident earlier this year where hackers gained access to a US banking service. Attackers logged in with stolen credentials and used a manipulated 2FA string to gain access and transfer funds from a victim’s account.
Formjacking Is Increasing
Formjacking occurs when attackers use HTML code to take over certain sections of a website, usually at the point where users are entering identity and payment credentials into a form, such as an e-commerce checkout.
Cybersecurity giant Symantec reported that an average of 4,800 websites are compromised through formjacking each month. The number of formjacking attacks increased dramatically towards the end of 2018, in which Symantec researchers correlated with a drop in the value of cryptocurrencies. Security experts believed that attackers previously using cryptojacking attacks instead turned to formjacking to make more profit.
Google Project Zero Regularly ‘zeroes’ in on New Threats
Let’s end our list on a positive note. For all the malicious attacks which take place, there are plenty of benevolent ‘white hat hackers’ who are working to fix and prevent attacks compromising our computing systems.
Google Project Zero was established in 2014 to prevent hackers from exploiting vulnerabilities on the same day or soon after they are found – something known as ‘zero-day attacks.’ Remember, we discussed how antivirus software doesn’t have signatures for viruses and malware which have never been seen before? These are a great example of zero-day attacks.
In an update shared in May 2019, computer security expert Ben Hawkes shared how new exploits ‘in the wild’ are discovered every 17 days on average. Most software vendors or computing engineers will take around 15 days to patch vulnerabilities being exploited by attackers.
The good news is that researchers at Google are tracking these exploits, to help understand how attackers behave in real-world situations and discover what their capabilities are. By building databases of these exploits, cybersecurity experts can build more advanced tools to stop attackers before they strike – and the more they find, the safer our cybersecurity landscape in 2020 will be.
Top 15 Cybersecurity Trends for 2019 was originally found on Blokt – Privacy, Tech, Bitcoin, Blockchain & Cryptocurrency.
Bitcoin to Surpass $20,000 ATH By Early 2021 According to Raul Pal
Former hedge fund manager and CEO of Real Vision, Raoul Pal, believes that the real impact of the COVID-19 pandemic is about to reach the financial markets. By outlining several upcoming cornerstones among traditional financial assets, he highlighted Bitcoin as the “life raft” in this situation.
Raoul Pal: Everything Has Changed
In a recent Twitter thread, the Wall Street veteran outlined the rapidly growing COVID-19 cases worldwide. The total number of infected has neared 45 million, while the death toll is almost 1,2 million.
Pal predicted that these rising numbers in Europe, the US, and Canada are about to “exert economic pressures and extinguish the Hope phase of reflation dreams.” He believes that the upcoming consequences will harm the economy even more than the early 2020 developments. A real economic recovery “will take more than a post-election stimulus in January.”
He continued by looking at several markets that have started to feel the adverse consequences and have fallen to long-term support levels. Those included the oil price, Spain’s benchmark stock market index – the IBEX 35, the EU Banks Index, the euro, the British pound, the US dollar, and more.
As such, he broached a few possible solutions – “you can buy bonds and dollars, or you can take the life raft – Bitcoin.”
“Or, to dampen the volatility of a risk-off event (we can and will see sharp BTC corrections), you can have all three for a near-perfect portfolio for this phase.” – Pal concluded.
Bitcoin Will Eat The World And Price Predictions From Pal
Pal further highlighted his positive views on Bitcoin by saying the cryptocurrency “will eat the world.” He attributed it to its performance, which is so dominant and so “all-encompassing” that it will “suck in every single asset narrative dry and spit it out.”
“Never before in my career have I seen a trade so dominant that holding any other assets makes almost no sense.”
As far as price predictions go, Pal said that $14,000 is the only resistance left in Bitcoin’s way to the all-time high at $20,000. He expects that BTC should overcome the December 2017 high by “early next year at the latest.”
Additionally, CryptoPotato recently reported an even more optimistic and long-term forecast. By using a regression on the logarithmic chart since inception, Pal brought up a model that sees Bitcoin reaching $1 million by 2025.
Featured Image Courtesy of BusinessInsider
Coinbase Launches A Crypto Debit Card With 1% Reward on Bitcoin Spendings
- The largest US-based cryptocurrency exchange Coinbase announced today the launch of a Visa debit card, allowing customers to spend digital assets for everyday purchases.
- According to the official statement, the Coinbase Card will provide clients the opportunity to earn up to 4% back in cryptocurrency rewards.
- It will be available in nearly 30 countries, including the US, the UK, and across Europe. It will be connected to customers’ Coinbase accounts, and they can spend the funds without having to move funds to their bank accounts.
- The designated cryptocurrency asset spent by users will be automatically converted to US dollars prior to completing the purchase or the ATM withdrawal.
- The rewards will be available for US-based customers only initially and will depend on the cryptocurrency used. For instance, customers can get 1% back if they spend bitcoins and 4% back if they choose Stellar Lumens (XLM).
- The Coinbase app will serve as a fund manager. All spendings, reward details, and preferences will be manageable through the app.
- US customers can start applying to receive the card through the exchange’s app or the website. The first approved clients will be announced “this winter,” and they can start spending with a virtual card. The physical one will be delivered within two weeks.
Bitcoin-Friendly Avanti Receives License to be The Second Crypto Bank in The US
Now the United States can boast a new crypto bank: Welcome Avanti.
Avanti Financial Group, a firm founded by the former managing director at Morgan Stanley, Caitlin Long, announced that it had been granted a license to offer banking services by the Wyoming State Banking Board.
Avanti is The Second Crypto-bank Operating in the United States
With this decision, Avanti becomes the second crypto company to receive a banking license after the crypto exchange Kraken was also authorized by the Wyoming State Banking Board.
This license allows Avanti to offer financial services in the same way that a traditional bank would, only that these are in addition to the crypto services already provided by the platform.
According to Avanti, the application in the state of Wyoming was key to meeting its expectations —just like Kraken did— as it is the only state in the country that has a regulator with a bank supervisory and regulatory program for digital assets mature enough to ensure the operations of a banking platform that offers risk-free custody services.
Currently the only type of U.S. financial institution that can provide final and simultaneous settlement of trades between digital assets and the U.S. dollar-because it is the only type currently approved to handle both within the same legal entity-is a Wyoming special purpose depository institution like Avanti.
Blockchain and Banking Working Together
Avanti said in a tweet that the first crypto product the company will launch will be a stablecoin pegged to the dollar and backed by physical deposits made to its bank accounts. The token will be called Avit and will be available for its customers in the first quarter of 2021.
AVANTI IS OFFICIALLY A BANK! Our charter & business plan were approved 8-0 today, incl. #Avit (a tokenized US dollar, which we announced we’ll issue initially on #Liquid (#Bitcoin sidechain) & #Ethereum. Open for commercial customers early Q1. More here:https://t.co/CgNazN08zV
— Avanti Bank & Trust (@AvantiBT) October 28, 2020
Avanti revealed that Avit tokens will run on Ethereum – a critical blockchain for those seeking to take advantage of programmable smart contracts – and Liquid – a Bitcoin sidechain developed by Blockstream for those seeking to benefit from inter-exchange transfers for arbitrage operations.
Avanti had previously confirmed its collaboration with Blockstream to develop this token, explaining that it would not be like a normal crypto-currency and that it would be “just bank money that happens to be issued on a blockchain.” So it may look more like JPM Coin than the famous USDT.
Caitlin Long promised that Avanti “will provide products and services that do not exist in the market today. They did not refer to what they had in mind, so we can only hope.
There has been a lot of activity around cryptocurrency and financial services with blockchain technology in the United States. After MicroStrategy announced a major investment in Bitcoin, Square revealed a $50 million investment in BTC. Also, PayPal started providing support for cryptocurrencies and JP Morgan started using its own cryptocurrency commercially days after it talked about Bitcoin’s potential to triple its price.
Most of these announcements helped boosting BTC’s price. Will this have a bullish effect too?
Blockchain1 month ago
Bitcoin price volatility expected as 47% of BTC options expire next Friday
Blockchain2 months ago
Market Wrap: Bitcoin’s Powell-Induced Price Swing; Ethereum Still High on Gas
Blockchain1 month ago
Bitcoin Bouncing From Bull Market Support Points To 2021 As The Year Of Crypto
Blockchain2 months ago
Blockchain Bites: Is DeFi an Inside Deal?
Blockchain1 month ago
Ethereum: Is the HODLing in yet?
Blockchain1 month ago
Hackers Have Been Trying To Crack Bitcoin Wallet Worth $750 Million But Here’s The Catch
Blockchain1 month ago
YFI Founder Puts Himself Forward for Uniswap (UNI) Delegation Duties
Blockchain3 months ago
Wealthfront Lures Millenials With Crypto Memes and Tactics