Cybersecurity is not an industry that holds still. Every year, hackers come up with new ways to make trouble for businesses, and we develop new advanced defenses to stop them. Last year's threat reports were all about ransomware, mobile devices, and hacked IoT. Rest assured, these threats are still very real. But as we progress through 2019, the cybersecurity landscape is changing.
This year, we can expect an evolution of tactics developed last year. The popular rise of cryptocurrency, the effectiveness of social engineering hacks, and the addition of new regulations like GDPR are already causing changes. It's time for everyone to upgrade our roster of cybersecurity threats and start preparing for a new wave of hacker-trend attacks.
Let's take a look at what new hacker trends 2019 has in store for us.
You may recall that one of the great tech revelations of 2018 was that anyone with a graphics card and a desktop computer can mine cryptocurrency with the right software. Whether you experimented with this or not, you can bet that hackers have. And like everything else, they've turned it into something malicious.
Cryptojacking is the hot new hacking trend that turns cryptocurrency mining into malware. Or rather, incorporates mining into existing malware attacks. The way this works is that once your computer gets infected, a mining program will install itself and begin using your business workstation resources to mine currency that is then deposited in the hacker's digital wallet.
This eats electricity, raising your power bill, and can significantly slow down the function of a computer while the stealth miner is running. Smart hackers know how to set it up so that the miner only functions when the computer is otherwise in use, to hide the processor use and free up more resources for the mining itself.
Whaling is an evolution of the phishing trend, which you no doubt have already heard of. Whaling is what happens when social engineering hackers 'up their game' and go after the 'big phish'. In other words, hackers spend time learning how to impersonate an executive in your company so that they can speak with authority when phishing employees or fellow execs.
The thing about whaling is that the goal is almost never as simple as spreading malware. Instead, the hacker is directly engaging on purpose in order to get something. Like pretending to be the CEO in order to 'order' a quick wire transfer from an accountant or CFO. Or they might pose as a department head in order to request a copy of sensitive documents from a reporting employee in that department.
Sometimes, the goal of whaling is as lofty as corporate espionage, seeking insider secrets to sell to competitors or investors.
Hijacking has existed for a while now but has been growing in popularity over the last year. Hijacking is when a hacker gains control of an account or device in order to take over from the original owner while, simultaneously, locking the original owner out of their own account. They usually do this by hacking a DNS or service provider to gain control of at least one account, usually the target's primary email.
A hijacked cloud account, for example, would give the hacker complete control of all the cloud documents their target had access too. A hijacked phone (done by using minor identity theft to gain a 'replacement' sim card) starts sending all it's calls and messages to the hacker's device with the new sim card. And a hijacked website actually starts redirecting all your hard-earned traffic to a new IP address that contains the hacker's website instead. Potentially infecting and upsetting countless customers and site visitors.
Finally, perhaps the scariest new trend of all is ransom hacking. The new and very strict data regulations like PCI-DSS and GDPR are now holding companies to incredibly strict standards. And being hacked can get you into a lot of trouble. So much that hackers have already begun creating data breaches to use as blackmail.
Rather than trying to infect or directly steal from your computers, a hacker will instead create a data breach and then send a ransom letter. They will report your company for the data breach they created. Or your company pays up to keep this breach out of the public reporting system. This is a complication that the well-meaning regulators did not see coming.
Is your cybersecurity ready to take on 2019 hacking trends? Don't worry, few of us were prepared for the ransom hack thing. But while we figure that out, you can rely on advanced security and backup recovery solutions to keep your business data safe from even the strangest hacker innovations we'll see in the year to come. For more cybersecurity insights or ideas on how to prepare your defenses for this year's hacker trends, contact us today!