We discussed Smartwatch Security in one of our recent newsletters and it completely makes sense when we look into the cyberattacks (DDoS) that happened on IoT devices this year. We also discussed the importance of PCI DSS security scans and implementing DevSecOps to minimize cyberattacks. Security attack trends in 2019 also convey the necessity of security scans and measures as well as the need for a strong security approach while developing a product. In this newsletter, we will discuss some of the critical cyberattacks of this year.
Formjacking
According to Symantec's Internet Security Threat Report, formjacking techniques are being used by cybercriminals to compromise more than 4,800 unique retailer websites every month. Well-known as well as SMEs faced losses estimated to be tens of millions of dollars.
-
Recent Occurrences
- Cyber criminals used formjacking to steal credit card information of British Airways customers.
- Magecart’s attack on British Airways
-
Recommended Solution(s)
- Monitor the outbound traffic of your website
- Use subresource integrity (SRI) tags to ensure files do not contain malicious content
Symantec’s Internet Security Threat Report (ISTR), Volume 24
Malware
Malware: According to IBM X-Force Incident Response and Intelligence Services (IRIS), organizations hit with destructive malware may experience a total cost of $200 million and can lose more than 12,000 devices. Multinational companies may face an average cost of $239 million per incident.
Impact
-
A ransomware attack can grind any organization to a halt
-
Data theft and loss
-
High cost of remediation, equipment replacement, and other damages
Recent Occurrences
-
Talos found that a hacking group targeted iPhones in India and abused mobile device management (MDM) protocol
-
Tomorrowland festival-goers affected by data breach
Recommended Solution(s)
-
Do not click on unknown links (like pop-up ads)
-
Avoid downloading files from unknown sources
-
Keep OS updated as these are less likely to get affected by cyber threats
-
Consider firewall protection
-
Download apps from official stores only
-
Get a good anti-malware
Top 10 Malware in 2019
Phishing
Phishing: The number of worldwide phishing attacks detected by Kaspersky hit 129.9 million during the second quarter of 2019. Spammers and cybercriminals targeted seasonal events and news topics to catch the attention of potential victims. In the second quarter, tax refunds reached many people and spammers focused on this subject.
Impact
-
Cybercriminals acquired personally identifiable information (PII)
-
Personal information can be sold to identity thieves
-
Stolen information can be used for credit card or banking frauds
Recent Occurrences
-
Fraudulent websites related to China CITIC Bank International Limited
-
Phishing email related to The Hongkong and Shanghai Banking Corporation Limited Phishing Threat details by HKMA
Recommended Solution(s)
-
Run random phishing simulations
-
Push HTTPS on your website to create secure, encrypted connections
-
Use reliable email and spam filters
-
Use two-factor authentication
-
Use email encryption and email signing certificates
Proportion of spam in global mail traffic : Q4 2018 – Q1 2019
DDoS
DDoS: According to TechRepublic, in Q1 2019, there was an increase of 967% for attacks sized 100Gbps or higher, compared to Q1 2018. The largest DDoS attack was approximately 70% larger than the biggest one for the same Quarter in 2018, with 587Gbps compared to that of 345Gbps. According to a report, attacks under 5Gbps increased by 257% in the last year.
-
Impact
- DDoS attack affects company's reputation and costs a large amount of time and money.
- The impact of DDoS is greater in the era of the Internet of Things.
-
Recent Occurrences
- The website of the National Union of Journalists of the Philippines was hit with DDoS attacks. The site was disabled for several hours by a series of powerful attacks, peaking at 468 GB/s of traffic. DDoS Attack on NUJP
- In early June, a powerful DDoS attack hit Telegram. The attack was carried out primarily from Chinese IP addresses
-
Recommended Solution(s)
- Have more bandwidth available to your Web server to get more time to handle DDoS attacks
- Limit your router to prevent your Web server from being overwhelmed
- Outsourcing DDoS prevention to cloud-based service providers
Percentage Of Attacks (Within Specified Size Range)
Comparison of attacks by size Q1, 2019 vs. Q1,2018
Outro
Different security threats may need different security solutions. From a business perspective, we need to ensure that a good strategy, awareness, policies, procedures, and processes are in place along with the support of a security solutions partner to minimize the impact of cyber threats.
Have Suggestions?
We would love to hear your feedback, questions, comments and suggestions. This will help us to make us better and more useful next time.
Share your thoughts and ideas at knowledgecenter@qasource.com
