Cyberthreat trends: 2019 cybersecurity threat review
How serious of a problem is cybercrime? A study by Cybersecurity Ventures predicts these crimes will cost the world $6 trillion a year by 2021.
This is a big number, but it’s no surprise to anyone who has followed the exploits of hackers and online scammers in 2018. Cybercrimes have become big news, with large data and security breaches at companies such as Facebook and Under Armour generating headlines, and cyberthreats from foreign locales such as China and Russia threatening U.S. businesses and elections.
Here’s a look at some of the most troubling cybersecurity threats we saw in 2018, and how these trends might impact businesses, governments, and individuals in the coming year and beyond.
2018 data breaches
Here are three of the most notable breaches from 2018.
In September, Facebook said that hackers exploited a network vulnerability which allowed them to gain access to user accounts, potentially exposing the personal information of nearly 30 million users. Reuters said that this exposure ranks as the worst security breach in Facebook’s history. Reuters reported, too, that the vulnerability hackers attacked had existed since July 2017. This big security breach provided yet another example that the huge social media companies, even as tech-savvy as they are, are not immune to cyberattacks.
MyHeritage, a family networking and genealogy site, announced its own big security incident in June 2018. This security breach, which Reuters said took place on Oct. 26, 2017, exposed the personal data of more than 92 million users. Hackers were able to access the email addresses and hashed passwords of users. The company did not learn of the breach until June 2018. What’s most disturbing about this attack? How long it took to discover the breach.
In March 2018, Under Armour notified users of its popular MyFitnessPal app that hackers had accessed usernames, email addresses and hashed passwords of 150 million users. Fortunately, payment information was not compromised. This incident provided another reminder that even the most popular apps may not be immune to hackers.
Cyberthreat review: 2018 cyberattacks
Cyberattacks in 2018 illustrated the breadth of threats.
Data breaches often draw the biggest headlines. But cybercriminals in 2018 didn’t limit themselves to stealing information. Many have turned to potentially more dangerous crimes, including using their attacks to target public electrical grids and transportation systems. Known as cyber-physical attacks, these crimes have the potential to shut down entire cities or countries.
A good example? The MIT Technology Review reported on a cyberattack in 2016 that left 20 percent of Kiev, the capital city of Ukraine, in darkness. Hackers used malware designed to break into power systems and then control electricity substation switches and circuit breakers in them, causing a power outage. The fear here? Municipal infrastructure is often outdated. This could leave it especially defenseless against sophisticated cyber-physical attacks.
Bitcoin and cryptocurrency hacking and cyberattacks
Do you use bitcoin or other types of cryptocurrency to make online purchases? Then you’d better be careful. Hackers have long targeted cryptocurrency exchanges, and this didn’t change in 2018. Cointelegraph, a news source covering the cryptocurrency industry, said that, in 2018, hackers stole about $59 million worth of cryptocurrencies from the Japanese cryptocurrency exchange Zaif. This included the theft of 4.5 billion yen from the online wallets of exchange users and 2.2 billion yen from the exchange itself.
This is just one example, too. The Wall Street Journal, quoting a report from London financial-services firm Autonomous Research, said that there have been 56 cyberattacks on cryptocurrency exchanges since 2011.
How serious is this problem? Blockchain security firm CipherTrace said that cybercriminals stole $927 million from cryptocurrency exchanges and other platforms during the first nine months of 2018. This is another trend to watch as cryptocurrency only becomes more widely accepted.
Cloud ransomware cyberattacks
You might think your data is safe if it’s stored in the cloud. Cloud service providers have the tools necessary to block cybercriminals from stealing your data, right?
Maybe not. The MIT Technology Review took a closer look at ransomware attacks and found that the country’s smaller cloud providers are likely to be more vulnerable to this type of malware.
Ransomware is a type of malware that blocks users from accessing their data. The hackers behind this malware demand that users pay a fee to unlock their data. The MIT Technology Review said that the biggest cloud service providers — companies such as Google and Amazon — won’t be as easy to attack. Smaller providers, though, might not have the same level of protection as their larger competitors, potentially putting those clients who store their data with these companies at risk.
Artificial intelligence hacking?
Each of these trends is scary enough, but the future of hacking might be even more frightening: Think artificial intelligence and how it could help make cybercriminals more effective.
Computer security experts predict that criminals will soon, if they haven't already, use artificial intelligence to build hacking programs that are clever enough to evade detection by the best security programs.
A story by the Reuters news service explains how an artificial intelligence technique known as machine learning can train programs to stay dormant until a specific target is reached. These programs can then activate, causing havoc. Because the programs are quiet until a target is reached, it can be difficult for virus protection software to detect them before they activate.
The lesson here? Cybercriminals can use artificial intelligence to build better malware.
It’s also one more example — like other cyberthreat trends of 2018 — of how security threats tend to evolve in unexpected ways.
Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.
Norton by Symantec is now Norton LifeLock. LifeLock™ identity theft protection is not available in all countries.
Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec logo, the Checkmark logo, Norton, Norton by Symantec, LifeLock and the LockMan logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the United States and other countries. App Store is a service mark of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution Licence. Other names may be trademarks of their respective owners.