Cyber threats and security are finally being seriously addressed due to the volume and intensity of attacks this year. With the continuously changing threats, it’s important to proactively adhere to preventive approaches.
We discussed Smartwatch Security in one of our recent newsletters and it completely makes sense when we look into the cyberattacks (DDoS) that happened on IoT devices this year. We also discussed the importance of PCI DSS security scans and implementing DevSecOps to minimize cyberattacks. Security attack trends in 2019 also convey the necessity of security scans and measures as well as the need for a strong security approach while developing a product. In this newsletter, we will discuss some of the critical cyberattacks of this year.
According to Symantec's Internet Security Threat Report, formjacking techniques are being used by cybercriminals to compromise more than 4,800 unique retailer websites every month. Well-known as well as SMEs faced losses estimated to be tens of millions of dollars.
Symantec’s Internet Security Threat Report (ISTR), Volume 24
Malware: According to IBM X-Force Incident Response and Intelligence Services (IRIS), organizations hit with destructive malware may experience a total cost of $200 million and can lose more than 12,000 devices. Multinational companies may face an average cost of $239 million per incident.
A ransomware attack can grind any organization to a halt
Data theft and loss
High cost of remediation, equipment replacement, and other damages
Talos found that a hacking group targeted iPhones in India and abused mobile device management (MDM) protocol
Tomorrowland festival-goers affected by data breach
Do not click on unknown links (like pop-up ads)
Avoid downloading files from unknown sources
Keep OS updated as these are less likely to get affected by cyber threats
Consider firewall protection
Download apps from official stores only
Get a good anti-malware
Top 10 Malware in 2019
Phishing: The number of worldwide phishing attacks detected by Kaspersky hit 129.9 million during the second quarter of 2019. Spammers and cybercriminals targeted seasonal events and news topics to catch the attention of potential victims. In the second quarter, tax refunds reached many people and spammers focused on this subject.
Cybercriminals acquired personally identifiable information (PII)
Personal information can be sold to identity thieves
Stolen information can be used for credit card or banking frauds
Fraudulent websites related to China CITIC Bank International Limited
Phishing email related to The Hongkong and Shanghai Banking Corporation Limited Phishing Threat details by HKMA
Run random phishing simulations
Push HTTPS on your website to create secure, encrypted connections
Use reliable email and spam filters
Use two-factor authentication
Use email encryption and email signing certificates
Proportion of spam in global mail traffic : Q4 2018 – Q1 2019
DDoS: According to TechRepublic, in Q1 2019, there was an increase of 967% for attacks sized 100Gbps or higher, compared to Q1 2018. The largest DDoS attack was approximately 70% larger than the biggest one for the same Quarter in 2018, with 587Gbps compared to that of 345Gbps. According to a report, attacks under 5Gbps increased by 257% in the last year.
Comparison of attacks by size Q1, 2019 vs. Q1,2018
Different security threats may need different security solutions. From a business perspective, we need to ensure that a good strategy, awareness, policies, procedures, and processes are in place along with the support of a security solutions partner to minimize the impact of cyber threats.
We would love to hear your feedback, questions, comments and suggestions. This will help us to make us better and more useful next time.
Share your thoughts and ideas at knowledgecenter@qasource.com