Emerging Cyber Threats You Should Be Aware Of
Mitigating the risk of a costly and damaging cyberattack isn't a one-and-done operation. New threats emerge daily, requiring continual review of the latest threats, evaluation of existing security measures, and development and adoption of new tactics to address new attack types and vectors.
The technologies you and your team use to carry out your mission are constantly becoming more advanced and sophisticated, easing your pain points and streamlining your operations. Unfortunately, that means that the tools available to bad actors are increasingly sophisticated. Thanks to advances in AI and other technologies, even traditional threats, such as phishing and DLL exploits, are becoming harder to detect and stop.
This month, we’ll look at some of the most significant emerging cyber threats and advances in existing threats that businesses should be aware of in the second half of 2024.
Emerging Cyber Threat: AI-powered Attacks
AI is the trend that's on the tips of everyone's tongues in the worlds of both legitimate and malicious computing. Cybercriminals are increasingly using AI-powered technologies to improve the sophistication and effectiveness of social engineering tactics like phishing and vishing. The most notable emerging malicious use cases for AI include:
Deepfakes
You’re going about your day when you suddenly receive a call. It's your supervisor – you quickly recognize the voice – asking you a question about one of your company's products. You answer the question despite the fact that your answer contains proprietary information. What’s the harm? You’re just talking to your boss.
Except you aren't. The increasing power of AI technology has granted bad actors the ability to create convincing photos, audio, and videos that look and sound authentic but are a complete fabrication. In one case, a victim was scammed out of more than $600,000 by a criminal using face-swapping technology. Voice cloning and video deepfakes are increasingly becoming powerful tools in the phishing arsenal.
More Sophisticated Phishing
Language barriers have long been a weak spot for phishing attacks. As users become more sophisticated, the almost cliched phishing email composed of misspelled words, awkward phrasing, and even writing that’s more-or-less unintelligible is becoming a thing of the past.
Bad actors are increasingly using AI technology not only to clean up their language and make their phishing messages more legitimate-sounding but also to emulate a specific individual's writing style. These highly sophisticated attacks are considerably more challenging for most users to detect and require hypervigilance on the part of both IT security teams and general system users.
Countering the AI Threat
While AI content may be difficult for humans to spot, several tools are available to cybersecurity teams that can help detect and flag deepfake and other AI technologies. But that isn't enough. Teams must be thoroughly and intensively trained on the dangers of sharing proprietary information on video chats, voice calls, and via email. A strict zero-trust policy for both online and phone communications should be in place to ensure that individuals requesting any information are actually who they say they are.
Emerging Cyber Threat: Internet of Things (IoT) Exploits
Both individuals and organizations continue to increase their reliance on Internet of Things (IoT) technologies for everything from simple convenience value adds to significant investments in security and other core functionalities. The level of interconnectivity between IoT devices and traditional corporate network topologies has made a renewed focus on IoT exploits profitable for bad actors.
IoT exploits can be used to perform any number of cyberattacks. Through security vulnerabilities, attackers can use IoT devices as:
- Entry points into corporate networks
- Vectors for other types of attacks, including ransomware and malware attacks
- Access gateways into cloud computing systems
- Distributed computing systems (botnets) performing attacks such as distributed denial of service (DDoS) and brute-force hacks.
Countering the IoT Threat
Cybersecurity policies must consider IoT devices, and system admins must ensure their security. Security patches and updates to product software and firmware must be performed regularly and in a timely manner to ensure that IoT usage doesn't open vulnerabilities in other systems.
Additionally, tight regulation of the addition of IoT devices and strict oversight of device procurement should be part of every company’s overall IT strategy to ensure that devices with low-quality security or known vulnerabilities are not connected to company assets.
Emerging Cyber Threat: Continued Growth of Ransomware
Ransomware remains one of the most significant threats facing businesses. More than two-thirds of all organizations were affected by at least one ransomware attack in 2023, and the threat continues to rise. While increased law enforcement activity and a general improvement in business continuity and disaster recovery (BCDR) schemes have noticeably reduced the payout of ransoms in the past several years, these attacks are still generally profitable enough to make them a still-increasing threat.
Countering the Ransomware Threat
There are two main avenues to mitigating the risk of a successful ransomware attack:
- Increased front-end monitoring and security practices can help reduce the likelihood of a bad actor being able to install ransomware on your digital systems.
- High-quality, consistent, and comprehensive BCDR policies, including frequent backups of all proprietary data, can help restore functionality in the event of an attack but will not help prevent ransomware attackers from broadly distributing data assets to third parties.
Emerging Cyber Threat: Increased Dynamic Link Library Abuse
Dynamic Link Libraries (DLLs) have been part of the Windows landscape since the very beginning, and many of the most damaging attacks in cybersecurity history have exploited vulnerabilities in their basic architecture. Put simply, a DLL is a file that allows multiple Windows applications to access and share use of a computer's resources—such as gdi.exe, a DLL that powered the entire display interface of early Windows versions.
DLL exploits allow attackers to install and execute malicious code on any Windows-powered device, including embedded applications in network hardware. A DLL exploit can drive nearly any type of malware attack. The most common emerging threat arises from removable storage devices, specifically USB drives.
While filesharing and collaboration platforms have reduced the use of physical storage, these drives are still commonly used to transfer large files. Increasingly, attackers are using USB storage devices' plug-and-play functionality to load and execute malicious code.
Countering the DLL Threat
Just as with IoT devices, cybersecurity managers should develop and implement strict controls over the use of USB storage devices. Whenever possible, users should be encouraged or required to use secure filesharing or collaboration platforms to share files instead of using removable storage. When the use of removable storage is unavoidable, employees should only use devices that have been supplied and secured by the company.
We're Monitoring These (And All Other) Threats. Schedule a Call to Learn More About Security+ From Nocwing.
Cyberattackers change tactics daily, and the penalty for being caught off-guard is an existential threat to your company. With Nocwing’s Security+ program, companies can be assured of proactive, comprehensive cybersecurity for all of their technology assets and data, led by a team of experts who stay on top of new and emerging threats to keep your business’s vital information safe and secure.
Nocwing is a full-service managed IT services company based in Griffin, Georgia, providing robust cybersecurity, IT management, business continuity/disaster recovery, user support, and VoIP solutions for companies throughout the Southeastern United States.