Top 5 Security events of 2018

The first half of 2018 was hit with some notable security events just days into the new year. And, unfortunately, these vulnerabilities are just getting started and are expected to get stronger and pose an even bigger threat. Here are the top five threats that we’ve seen in the first half of 2018:

1.       Meltdown and Spectre

These complex vulnerabilities exploited fundamental issues in speculative execution. Meltdown is specific to Intel CPU’s, while Spectre affects systems on any platform. Both hold brand new vulnerabilities and still only have proof-of concept exploits available with no know exploits in the wild.

2.       Ransomware

While ransomware isn’t exactly a new vulnerability, there’s new variants of ransomware that are popping up every day with different avoidance techniques, such as slower encryption speeds to avoid triggering file access count thresholds, delaying execution and hiding malware within different file types. This type of malware is only going to get more difficult to detect.

3.       Cryptojacking

Making a strong appearance over the past six months, cryptojacking isn’t the traditional kind of security threat. Most are out to steal data on PCs or convince infected users to send malicious actors money directly. Instead, this falls more into authorization arena of security by using hosts for unauthorized activities. With increasingly lucrative (and erratic) nature cryptocurrency markets, malicious actors are looking for ways to perform the costly computations necessary to ‘mine’ new currency without paying for equipment, space and electricity themselves.

4.       VPNFilter

We first saw a version of a VPNFilter in 2016 which infected IoT devices to perform some of the largest DDoS attacks on the internet. This year we saw VPNFilter, a botnet that used very similar techniques to infect upwards of a half a million home routers and IoT devices, using credentials and old, unpatched exploits. Due to the increase in sourcing hardware and related firmware from small pools of companies with little to no changes to the code before release, these kinds of attacks are only expected to increase.

5.       Fileless Malware

Over one third of malware comes in a fileless form now. Fileless Malware, malware that can launch without being stored on a disk, is outsmarting defenses and are exploiting tools that are already stored on the victim’s machine, becoming smarter and more powerful. We’re seeing that this Fileless Malware is posing a major threat for businesses. Because Fileless Malware lives in data, it’s possible to carry this malware in spreadsheets or word documents that get emailed back and forth in businesses, allowing it to blow right past any security system.

As a tech expert, it’s crucial to stay on top of these threats, how to prevent them and what’s ahead. And, if you’re interested in learning more about these events and the best way to prevent them, you can sign up for our free webinar on June 27 here.

The threat landscape is about large volumes, and all signs point to that continuing. A little bit of prevention by everyone means a huge amount of protection for everyone else.

 

Article is written by Dan Hoban, Chief Strategy Officer of Nuspire Networks, a state-of-the-science managed security service provider (MSSP) for some of the largest and most distinctive companies around the world. For more information, visit www.nuspire.com

 

 

Ad
Dan Hoban
Nuspire is a leading managed security services provider (MSSP) that is revolutionizing the cybersecurity experience by taking an optimistic and people first approach. Our deep bench of cybersecurity experts, world-class threat intelligence and 24×7 security operations centers (SOCs) detect, respond and remediate advanced cyber threats. We offer comprehensive services that combine award-winning threat detection with superior response capabilities to provide end-to-end protection across the gateway, network and endpoint ecosystem. Our client base spans thousands of enterprises of all sizes, across multiple industries, and achieves the greatest risk reduction per cyber-dollar spent. At Nuspire, we are laser-focused on delivering an extraordinary cybersecurity experience that exceeds client expectations. For more information, visit www.nuspire.com and follow @Nuspire

No posts to display