Emerging Cybersecurity Threats

- Emerging Trends in Cybersecurity

Cybersecurity trends - a result of technological developments, cultural shifts and attackers’ innovations - build upon the past. The risk and severity of cyber-attacks have clearly grown over the past few years. In fact, since the year 2018, mankind has witnessed the most horrific cases of cybercrimes related to massive data breaches, flaws in microchips, cryptojacking, and many others. 

Cyberspace and its underlying infrastructure are vulnerable to a wide range of risk stemming from both physical and cyber threats and hazards. Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services.  

It goes without saying that the advancement of technology and the wide use of digital media is making attackers smarter by the day. Further, these cybercriminals take advantage of individuals and firms who pay less heed to cybersecurity. They target everything from a newly-launched blog to an established online store to gain access to sensitive information.r daily life, economic vitality, and national security depend on a stable, safe, and resilient cyberspace. 

Cybersecurity is all about staying ahead of threats rather than managing them later. Following are the top cybersecurity threats that organizations will face in the coming years ahead.

- Deepfakes

Deepfakes is a combination of the words "deep learning" and "fake." Deepfakes happen when artificial intelligence (AI) technology creates fake images and sounds that appear real. A deepfake might create a video in which a politician's words are manipulated, making it appear that political leader said something they never did. Other deepfakes superimpose the face of popular actors or other celebrities onto other people's bodies.

Deepfakes are so-named because they use deep learning technology, a branch of machine learning that applies neural net simulation to massive data sets, to create a fake. AI effectively learns what a source face looks like at different angles in order to transpose the face onto a target, usually an actor, as if it were a mask. Huge advances came through the application of generative adversarial networks (GANS) to pit two AI algorithms against each other, one creating the fakes and the other grading its efforts, teaching the synthesis engine to make better forgeries. 

Hollywood has transposed real or fictional faces onto other actors, for example, bringing Peter Cushing back to life in 2016’s Rogue One: A Star Wars Story, but the technique used complex, expensive pipelines and face-mounted cameras. 

Deepfake video and audio technologies could become a major threat to businesses over the next few years, leading to substantial financial losses,

- Deepfake Voice Technology

Deepfake voice technology allows people to spoof the voices of other people - often politicians, celebrities or CEOs - using AI. As the world of AI and deepfake technology grows more complex, the risk that deepfakes pose to firms and individuals grows increasingly potent. This growing sophistication of the latest software and algorithms has allowed malicious hackers, scammers and cyber criminals who work tirelessly behind the scenes to stay one step ahead of the authorities, making the threat of attacks increasingly difficult to both prepare for and defend against.  

The audio deepfake scam is, without a doubt, one of the more bizarre applications of deepfake technology. However, as we’ve seen, it’s one which can clearly be applied successfully ­– so successfully and convincingly, in fact, that the CEO who fell victim to the cyberattack stated on the record that he recognized his boss’s voice by its ‘slight German accent’ and ‘melodic lilt.’  Furthermore, by all accounts, the cybercriminals’ tech is becoming more difficult to detect by the month. 

Sophisticated technology aside, the process behind the construction of audio deepfakes is a surprisingly simple one. Hackers have tweaked machine learning technology in such a way as to clone an individual’s voice, usually by utilizing spyware and devices that allow the cyber attacker to gather several hours of recordings of their victim speaking. The more data they are able to collect – and the better the quality of the recordings – the more accurate and potentially harmful the voice clone will be in practice. 

Once a voice model has been created, the malicious hacker’s AI gets to work ‘learning’ how to mimic the target. The AI will use what are known as generative adversarial networks (GAN), systems which continuously compete against one another through which one creates a fake and the other attempts to identify its flaws. With each new attempt, the AI is able to exponentially improve upon itself. This process continues until a reliable mimic is achieved and often succeeds after analyzing as few as twenty minutes of recordings.

- Synthetic Identities

Synthetic identities are a form of identity fraud in which scammers use a mix of real and fabricated credentials to create the illusion of a real person. Synthetic identity fraud is a problem that is growing in sophistication, intensity, and frequency. Synthetic identity fraud, one of the fastest-growing financial crimes in the United States, has become an increasing concern for regulators, as banks struggle to find common ways of tackling the innovative theft technique that combines real and fictitious data about individuals.

For instance, a criminal might create a synthetic identity that includes a legitimate physical address. The Social Security number and birthdate associated with that address, though, might not be legitimate.

The fraudster can leverage legitimate processes, such as “piggybacking” – adding a synthetic identity as an authorized user on an account belonging to another individual with good credit. In many cases, the synthetic identity acquires the primary user’s established credit history, rapidly building a positive credit score. Fraudsters also can piggyback new identities onto accounts owned by established synthetic identities, or “sleepers,” within a portfolio.

- AI-powered Cyberattacks

Using artificial intelligence, hackers are able to create programs that mimic known human behaviors. These hackers can then use these programs to trick people into giving up their personal or financial information.

- Hackers Attacking AI while it’s Still Learning

Artificial Intelligence evolves. It’s most vulnerable to cyberattacks, though, when it’s learning a new model or system. In these attacks, known as poisoning attacks, cybercriminals can inject bad data into an AI program. This bad data can then cause the AI system to learn something it’s not supposed to. An example? Some cybercriminals have used poisoning attacks on AI systems to get around spam detectors.

- Disinformation in Social Media

You probably have heard the term “fake news.” This is also known as disinformation, the deliberate spreading of news stories and information that is inaccurate and designed to persuade people — often voters — to take certain actions or hold specific beliefs. Social disinformation is often spread through social media such as Facebook and Twitter. “Fake news” became a hot topic during and after the 2016 presidential election.

- New Cybersecurity Challenges That 5G Creates

Tech experts worry that 5G will create additional cybersecurity challenges for businesses and governments. A 2019 study by Information Risk Management, titled Risky Business, said that survey respondents worried that 5G technology will result in a greater risk of cyberattacks on Internet of Things (IoT) networks. They also cited a lack of security in 5G hardware and firmware as a worry.

- Advances in Quantum Computers Pose a Threat to Cryptographic Systems

The idea of quantum computing is still new, but at its most basic, this is a type of computing that can use certain elements of quantum mechanics. What's important for cybersecurity is that these computers are fast and powerful. The threat is that quantum computers can decipher cryptographic codes that would take traditional computers far longer to crack — if they ever could.

[Paris, France - world_walkerz]

- Vehicle Cyberattacks

As more cars and trucks are connected to the Internet, the threat of vehicle-based cyberattacks rises. The worry is that cybercriminals will be able to access vehicles to steal personal data, track the location or driving history of these vehicles, or even disable or take over safety functions.

The emergence of smart cars has opened the door to limitless possibilities for technology and innovation -- but also to threats beyond the car itself. 

The smart features built into new cars open the door to serious cyber threats. Linked to the internet, connected cars offer cybercriminals the potential ability to remotely access and manipulate the data these systems rely on, which can lead to problems such as exposure of personal information, compromised vehicle security mechanisms or even full control of the vehicle itself. 

As vehicles become smarter and more connected to Wi-Fi networks, hackers will have more opportunities to breach vehicle systems. Connecting your smartphone through a USB port can give a hacker backdoor access to data from both your phone and your car. Additionally, Google Android users who can download apps from unverified sites are even more at-risk.

The risk with vehicles isn't just personal data -- though that is still a real concern, the car is compromised and a hacker alters certain alert systems that tell a driver when tire pressure is low or so the emergency brake sensory systems don't kick in. That could lead to loss of life.

- Cloud Vulnerability and Jacking

Cloud vulnerability is and will continue to be one of the biggest cybersecurity challenges faced by organizations. This is because enterprises are leveraging cloud applications and storing sensitive data related to their employees and business operations on the cloud. Cloud jacking is a form of cyberattack in which hackers infiltrate the programs and systems of businesses, stored in the cloud, and use these resources to mine for cryptocurrency. 

Today, most of enterprise workload will be on the cloud. These organizations make tempting targets for malicious hackers. Data breach, misconfiguration, insecure interfaces and APIs, account hijacking, malicious insider threats, and DDoS attacks are among the top cloud security threats that will continue to haunt firms failing to invest in a robust cloud security strategy. 

Cloud companies like Google and Amazon storing other companies’ data are heavily investing in improving their cloud security. However, that doesn’t make them immune to deep cyber intrusions like the Operation Cloud Hopper.

- Cyberattacks Against Less-developed Nations

The residents of developing nations might be more vulnerable to cyberattacks. People in these countries often conduct financial transactions over unsecured mobile phone lines, making them more vulnerable to attacks.

- Election Security

The U.S. government fears that hackers from other countries might target the voter-registration databases for state and local governments, with the intent to either destroy or disrupt this information. This could prevent people from being able to vote. The U.S. government, then, has boosted efforts to protect this election information from criminals.

- Ransomware Attacks on the Public Sector

In a ransomware attack, hackers access the computer systems of an end user, usually freezing them. These attackers will only unlock the infected systems if the victim pays a ransom. Hackers today often target the computer systems of government bodies, including municipalities, public utilities, and fire and police departments, hijacking their computer systems until these government agencies pay a ransom.

- Data Privacy

Companies, medical providers and government agencies store a large amount of important data, everything from the Social Security numbers of patients to the bank account numbers of customers. Data privacy refers to a branch of security focused on how to protect this information and keep it away from hackers and cybercriminals.

- Breaches in Hospitals and Medical Networks

It seems that every day another hospital is in the news as the victim of a data breach. The routine is familiar - individuals receive notification by (e)mail of the breach, paired reassuringly with two free years of credit and identity monitoring. Hospitals and other medical providers are prime targets for cybercriminals. That’s because these medial providers have access to the personal and financial information of so many patients. Data breaches can expose this information, which hackers can then sell on the dark web.

Breaches are widely observed in the healthcare sector and can be caused by many different types of incidents, including credential-stealing malware, an insider who either purposefully or accidentally discloses patient data, or lost laptops or other devices. Personal Health Information (PHI) is more valuable on the black market than credit card credentials or regular Personally Identifiable Information (PII). Therefore, there is a higher incentive for cyber criminals to target medical databases, so they can sell the PHI or use it for their own personal gain. 

[More to come ...]