Information protection is typically a top priority for businesses today – and for good reason. Cybercriminals are using ever-advancing strategies to take businesses by force and steal sensitive data that is not only attractive to them, but a large underground community of hackers as well.
For this reason, many company security leaders are always on the lookout for emerging data protection trends they can utilize to better safeguard their organization’s mission-critical content. Sometimes, however, it is not only best to examine the newest protection strategies, but the top approaches cybercriminals are using to breach businesses. In this way, corporate protection administrators can head off attackers before they are ever able to threaten the organization.
In this spirit, let’s take a look at the top strategies hackers are using this year to target their victims and break into their systems:
1) Attacks on the Internet of Things
The Internet of Things is an increasingly attractive target for cybercriminals, especially as it becomes more popular in a number of different environments. For example, businesses may be inclined to install an IoT-based heating and cooling system, where managers are able to control the office’s internal temperature from their smartphones. Or, an office manager may be interested in other connected appliances, such as a refrigerator or coffee pot, to help keep tabs on snacks and supplies. However, PCWorld contributor Tony Bradley noted that the IoT can create significant vulnerabilities, and dubbed the platform “the Insecurity of Things.”
“[T]hese technologies typically have access to sensitive, personal information, and they also introduce a wide variety of new security issues for attackers to exploit,” Bradley wrote.
In this way, if a business has a system of connected devices in place, they should be sure not to treat it like any other appliance or system. Just like the corporate network itself, these platforms need additional security to ensure that they do not become an exploitable target for hackers.
2) Attacks as a Service
Although malware for sale is certainly nothing new, Waggener Edstrom Communications senior vice president Nicole Miller noted that today’s cybercriminals are now not only putting their samples up for sale, but their expertise as well. As-a-service solutions are becomes more popular in the enterprise sector, and hackers have taken note and are now utilizing the strategy for the benefit of themselves and their customers’ malicious purposes.
“While malware has long been available for purchase on the back market, the trend of Attacks as a Service now allows people to select a malware platform, choose what they want (bank records, IP, cripple a network) and request a particular infection rate,” Miller wrote.
Thankfully, Miller noted that oftentimes, the strategies employed during these attacks are nothing new. In this way, as long as business security experts are up on their main protections and understand current malware samples, they likely already have security in place to prevent attacks like these.
3) Continual targeting of customer payment cards
The trend of breaching retail enterprises to gain access to their customers’ payment card information has only been on the rise. In fact, recent years have brought some of the most high-profile payment card breaches, impacting millions of customers. Wired contributor Kim Zetter noted that these can take place through a number of different strategies, including skimmers placed on card readers and hacking of point-of-sales systems. Thankfully, the retail and banking sectors are responding to these instances by implementing new protection systems for preventing breaches of this kind.
“Card issuers and retailers are moving to adopt more secure EMV or chip-‘n’-PIN cards and readers, which use an embedded microchip that generates a one-time transaction code on in-store purchases and a customer-entered PIN that makes stolen data less useful to card thieves,” Zetter wrote. “As a result, card breaches like this are expected to decline.”
The new EMV systems is similar to two-factor authentication as both require unique user information in addition to single-use codes to better safeguard sensitive information. Although these systems may take a while to be widely implemented, they are a first step toward preventing the high-profile payment card-focused attacks that have been so popular in recent years.
4) Increasingly advanced denial-of-service attacks
Although Bradley noted that DDoS attacks are more annoying than damaging – in that they don’t enable hackers to steal information, but simply overload a site with traffic to the point that it suffers an outage – these intrusions can have damaging effects on a company’s brand reputation. If clients are unable to reach a business’s website, they may turn to a competitor, causing the organization to miss out on a potential customer connection or sale. Worse still, is that these attacks are becoming increasing complex, making it harder to prevent or stop them.
“In 2014, DDoS attacks became much more sophisticated,” noted Barry Shteiman, Imperva security strategy director. “Though much of the reporting focused on the size of the attacks, a more troubling trend was the advancement in attack techniques.”
For instance, today’s hackers don’t just flood a website with traffic. They are now able to alter their approaches based on the network protections in place. One of the best ways to prevent DDoS attacks is with network monitoring protection that can flag when traffic levels are increasing. In this way, the company is able to mitigate the damages and ensure their website remains online.