Defining the Eight Most Nefarious Cyber Threats.

Posted on
Mobile Ransomware graphic

Here’s what very business professional should be informed about:

  1. Data breaches

    When a security incident involving protected or confidential data is copied, distributed, read, stolen, or used by unauthorized individuals, it can become a serious problem for the victims involved. The majority of data breaches happen due to vulnerable unstructured data such as files, documents, and sensitive information. A bad security process, or lack there of, can leave businesses exposed.

The data can be any kind of information, including health information, financial information, personally identifiable information, trade secrets, and intellectual property. The risk of data breach is not exclusive to cloud computing, but it invariably ranks as a top concern for cloud customers. 

  1. Bots

    There are many different kinds of bots. These include website crawlers, spam bots, chat rooms and other dangerous bots. They run as automated and executed programs on the Internet. It’s estimated that one in three visits to any website is a malicious bot. It may have been designed to search your interface for security flaws.

The bots perform many tasks such as stealing user credit card information, and malware links. Online cybercriminals use viruses to breach the security of computers. They can take over your computer and use all of the compromised machines into a network of ‘bots‘ that can be remotely managed.

3. Insufficient identity, credential, and access management

Data breaches enabling attacks can happen because of a lack of scalable identity access management systems, failure to use proper authentication, weak passwords, and not updating passwords and certificates.
Credentials and cryptographic keys must not be embedded in source code or distributed via public facing storage like GitHub. There is a high incidence of problems that may occur. Keys need to be appropriately secured and a well-secured public key infrastructure (PKI) is needed to ensure key-management activities are carried out.

  1. Unsafe interfaces & application programming interfaces (APIs)

    APIs are a system of tools and resources in an operating system, enabling developers to create software applications. Cloud providers expose a set of software user interfaces (UIs) or APIs that customers use to manage and interact with cloud services. Provisioning, management, and monitoring are all performed with these interfaces, and the security and availability of general cloud services depends on the security of APIs, CSA says. They need to be designed to protect against accidental and malicious attempts to circumvent policy.

  1. System vulnerabilities

 This cyber-security term refers to an inadequacy, in a system that can leave it open to attack. Vulnerability may also refer to any type of weakness in a computer system itself, in a process, or anything that leaves your security exposed to a threat. This may attract attackers who will steal data by taking control of the system, or destroying service operations. With the advent of multi-tenancy in the cloud, systems from various organizations are placed close to each other and given access to shared memory and resources, creating a new attack surface.

6. Account hijacking

A process in which an individual or organization’s account is stolen or hijacked by an attacker. Cloud account hijacking is a common strategy in identity theft. The assailant uses the stolen account information to engage in malevolent and/or unauthorized activity.

They can eavesdrop on activities and transactions, mess with your data, return misleading information and redirect clients to illegitimate sites. With your stolen data, attackers can often access key areas of cloud computing services. This enables them to compromise the privacy, integrity, and availability of those services.

7. Bogus Social Media

Bogus social media pages and accounts are created to mirror the actual people or businesses. The idea is to target your network, including your employees and their devices. The goal is to get to your private information through the sharing of disruptive malware links. These appear harmless like links to coupons, photos, or websites that may peak your curiosity encouraging you to click.

There are also many phishing scams, or fraudulent messages that lure people to divulge their private information via social media.  Credit card numbers and passwords are particularly at risk and when infiltrated can be detrimental to your important software, and more!

8. Denial of Service Attacks

In this instance the perpetrator wants to make a computer or network unavailable to its intended. This is achieved by temporarily (or permanently), altering services of a host connected to the Internet.

Most websites are designed to accommodate a certain level of web traffic, much in the same way roads are created for a certain volume of vehicles at one time. With denial of service attacks (DoS), cyber criminals flood your site with an extortionate amount of traffic. This in turn effectively slows everything down and may collapse the web page. DoS attacks are serious business. They make you to loose valuable time and resources trying to resolve the issue.

Contact The JDL Group for pragmatic solutions to cyber threats.

 

Sources:

 

 

 

Uber Attack

Bloomberg reported that Uber lost the personal data of 57 million users in a data breach in October 2016.
Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services accounts that handled computing tasks for the company. https://arcticwolf.com/uncategorized/recently-revealed-uber-attack-shows-that-multi-cloud-cyberthreats-are-already-coming-for-you/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.