The cyber threat landscape continues to shift and evolve. No sooner do organisations get on top of one threat than another more dangerous one emerges. Meanwhile the existing ones are given added potency through the application of new technologies such as generative AI. Here’s 10 of the most common and dangerous threats to watch out for at the moment.
1 AI-powered attacks
Generative AI has been a gamechanger in the cyber world. Hackers don’t even need coding abilities anymore. They are also using AI to analyse security systems to identify vulnerabilities that can be exploited. The technology is also being used to automate ever more sophisticated phishing and other forms of attack making them far more frequent as well as more potent.
2 Social engineering
READ MORE
Social engineering relies on human error rather than technical vulnerabilities. Attack types include phishing, spoofing, whaling and baiting. Phishing involves criminals sending realistic messages through email or text with the aim of getting individuals to reveal sensitive information and data such as bank account details. Spoofing is where the attacker impersonates a legitimate sender or website to deceive individuals. Whaling targets high-ranking executives with the aim of accessing sensitive information or executing transfers of large sums of money. Baiting is where individuals are lured into clicking on fake advertisements that install malware onto the device or ask for personal information.
3 The inside job
Employees are frequently responsible for cyberbreaches, either intentionally or unintentionally. In unintentional cases it is where they click on a malicious link in an email or fall for a phishing scam. Intentional breaches range from sophisticated industrial espionage operations where employees are recruited and paid large sums to enable a cyber breach to lone wolf situations where disgruntled employees deliberately leave a cyber door open.
4 The outside job - supply chain attacks
Cybercriminals are hacking into the systems of suppliers to their primary target. In many cases, smaller organisations in the supply chain have much less secure networks than those of their large customers making them particularly attractive to hackers.
5 Configuration errors
Even the smallest error in the configuration of a cybersecurity system can leave an organisation wide open to attack. These errors can be as simple as weak passwords or a poorly configured firewall. For example, printers or point of sale devices that have network access may come with easily hacked default security settings and passwords that need to be updated. In addition, many organisations fail to set strict password rules for employees.
6 DNS tunnelling
Put simply, domain name systems (DNS) translate a website name like irishtimes.com into a numerical IP address, the internet’s equivalent of map co-ordinates. DNS tunnelling hides malware inside what looks like a routine DNS query, thereby getting through the firewall and other lines of security. It’s a very common form of cyberattack due to the fact that it doesn’t require a lot of skill, is cheap to do, and can be highly effective for the hacker.
7 Ransomware
Just about everyone not living under a rock at the time remembers the May 2021 HSE ransomware attack. As if the Covid-19 pandemic weren’t enough to contend with, the nation’s health system was seriously compromised. As the name suggests, ransomware typically blocks access to software or data in a system until a ransom is paid. It is not a new threat, but the criminals involved are becoming cleverer in how they deploy it as well as in the ways they extract the cash.
8 Cloud threatening
“Cloud-related threats driven by misconfigurations and access control issues have emerged as a significant concern, as more organisations migrate to cloud-based operations,” says Leonard McAuliffe, a partner with PwC Ireland’s cybersecurity practice. Generally speaking, cloud data is more secure than the on-premise alternative but one configuration error can open an organisation to a major breach. For example, last year millions of AT&T customers in the US had their personal details compromised as a result of a vulnerability in the company’s cloud service provider Snowflake.
9 The vulnerability in your pocket
Our smartphones bring a new dimension to cybersecurity due to the vast amount of sensitive data stored on them. They don’t tend to have the same security measures as other devices, such as firewalls, encryption, and VPNs making them more vulnerable to cyberattacks. In addition, many people use their phones to access corporate networks thereby providing criminals with a new attack vector.
10 Beware the cyber ambush
Sometimes the criminals don’t bother to actively target you. They just compromise webpages causing them to download malware when opened. After that, they just lie in wait ready to ambush unsuspecting visitors. Make sure to configure your security software to prevent access to suspicious or insecure websites.
