Dear Black Bag Confidential Reader,
In 2017, we witnessed several of the largest cyberattacks to date. From Yahoo to Uber, millions of people were targeted by hackers trying to steal personal information for financial gain. And it’s only expected to get worse…
According to the 2017 Cybercrime Report by Cybersecurity Ventures, it’s expected that cybercrime will cost victims a combined $6 trillion annually by 2021.
One of the largest cyberattacks perpetrated in 2017 was the massive Equifax breach. In July, hackers stole the data of over 145 million people — including names, Social Security numbers, birth dates, addresses and driver’s license information, plus credit card information for over 200,000 cardholders.
Obviously, this is one of the more serious cyberheists to have ever occurred. As one of the three big credit-reporting agencies, Equifax stores highly sensitive financial information on hundreds of millions of people. And unlike credit cards, which can be cancelled and reissued, it’s not likely that people will ever change their name or Social Security number.
Equifax did admit there were multiple security failures on their part. One of the biggest missteps was that the company failed to update their security software. The fact is a patch for this particular hack had been released two months prior to the attack. But Equifax failed to use it, in the same manner you would update your smartphone or computer to the latest software.
To make matters worse, Equifax has updated the numbers on those potentially exposed multiple times, which makes it difficult to gauge how bad the damage really is. (We may never know the truth.) The best thing you can do is monitor your credit report regularly, along with your monthly bank statements.
There is no doubt in my mind that we will see cyberattacks increase in the coming year. Whether it’s stealing personal information or attacking a company with ransomware, these crimes are easy to commit from anywhere in the world, making them extremely profitable for hackers.
With that in mind, here are the top three cyber threats I believe we will face in 2018:
PowerShell
PowerShell is a Windows-based user interface developed by Microsoft for purposes of task automation and configuration management. It is a built-in tool used on versions of Windows XP and later that lets users access the various services and programs of their operating system.
Why do I think this will be a target? The biggest reason is scale. Hundreds of thousands of people use this tool since so many companies run their business using Windows. Plus, a hacker wouldn’t have to trick people into downloading anything, because the targeted software is already installed. This is what’s known as a “fileless attack.”
Also, since PowerShell is a legitimate part of Windows, it makes it that much harder to detect a viable threat. In other words, it would be difficult for someone to tell whether a hacker had accessed their computer or their IT department were simply doing something with the system.
Cryptojacking
This is a term many people aren’t familiar with but I imagine it will start to come up more and more in the future. Basically, cryptojacking is a behind-the-scenes process that uses your computer to mine for cryptocurrencies such as bitcoin.
Cryptojacking used to require an unwitting victim to install a program that secretly mined for cryptocurrencies. Nowadays this can be done through your internet browser — you don’t have to download anything for hackers to exploit your computer. They can simply use your CPU to mine profitable currencies for their use.
One thing that makes this type of hack challenging to avoid is that it uses JavaScript, which runs on just about every website you visit. So you type in a web address, the page loads and the in-browser mining code starts to run — you don’t even notice.
That being said, depending on the browser you use, there are JavaScript-blocking extensions you can download to protect yourself like NoScript (for Firefox) or ScriptSafe (for Chrome).
Security Software
I predict many hackers will start to target security software companies, especially for antivirus software. These companies are the big fish in the pond and they continually develop state-of-the-art security solutions. So if hackers can expose or figure out how to get around the security protocols created by these companies, many individuals and businesses will be at risk.
The scary thing is there are already hackers working on this idea. There is evidence that Russian hackers tapped into antivirus software developed by Kaspersky Lab to steal classified NSA files from an employee’s home computer. This is the main reason I would never install antivirus software from a foreign company on my computer.
The bottom line is criminals will continue to carry out cyberattacks as long as there is little risk of getting caught and the profit margin remains high. As difficult as it is to protect yourself from every threat, the No. 1 thing you can do is always update your devices with the latest software and security patches. Don’t be like Equifax, which learned this lesson the hard way — to the tune of millions of dollars in lawsuits and payouts.
Stay safe,
Jason Hanson