Share this
Yesterday’s Security Challenges Haven’t Gone Anywhere
by Reflare Research Team on May 3, 2022 1:15:00 PM
Cyber threats are always evolving, and so we’re forced to rethink our security strategies. Whether it’s new malware or an old threat that resurfaces, history shows us we need to stay vigilant to make sure our defences are up to par.
First Published 9th December 2015 | Latest Refresh 3rd May 2022
Kids will click on the darndest things.
4 min read | Reflare Research Team
Trends of Interest
Over the years, we have observed the emergence of many trends in cyber threats. Two that definitely caught our eye at the time were the 1) exploitation of children’s devices, and 2) poorly secured IoT. Now, these threats weren’t particularly new back then, but even after all these years, they have continued to increase in popularity with cybercriminals. Subsequently, these vulnerabilities of the past still persist, and are still an ongoing concern for the majority of IT security professionals today.
Children's Tablets as Targets
Mobile devices are becoming more integrated into school life for young children and teens, and this trend has been fast-tracked thanks to the COVID-19 pandemic and the rise of homeschooling. This makes such devices a target for cybercriminals.
For example, a major security breach was confirmed by the company VTech, which manufactures devices and monitors for children and their parents. The company confirmed that 6.4 million children’s profiles were stolen by hackers. Children’s names, birthdates, photos, email addresses, physical addresses, and even passwords were breached.
This comes as no surprise since tablets are rarely updated or have any type of malware installed. Efforts to block hackers from desktops make it more difficult to bypass security, so hackers turn to less secured mobile devices that rarely have any anti-malware features.
This is of concern given that trends in mobile device malware rather than desktop grows in the face of more consumers turning to mobile as a primary online source.
IoT Vulnerabilities
IoT devices continue to introduce new features for home automation, and new gadgets in the wearables space grow in popularity as manufacturers continue to integrate the Internet into their everyday devices for consumers.
These devices aren’t updated often, don’t have anti-malware implemented, and aren’t well monitored for new vulnerabilities. The result is that these devices are targets for malware, especially spyware that exposes user home information to the attacker. The biggest exposure is from the control system’s hub. For instance, a significant security threat was identified in Ubi hubs where the manufacturer left the debugging interface exposed. Simply disabling the debugging interface improves security, but manufacturers have yet to acknowledge the need for better security in their technology.
Additionally, there were a few other trends that are worthy of note.
Anti-Hacking Talks Between China and US Due Again?
Can't we all just get along?
Back in the pre-Trump era, the US and China were in discussions regarding anti-hacking agreements. The talks came after several years when both countries battled with cyber-attacks and espionage in the private sector. As much as a positive outcome was publicized at the time, the political world was insufficient to sufficiently address the challenge, and no real agreement was reached. This lack of outcome ultimately becomes the individual citizen’s problem.
Irrespective of international security policies to protect netizens-at-large, individual users find themselves between a rock and a hard place. It is difficult for consumers to even enact self-protection when they often don’t have the simple option of installing antimalware software on many of their most common devices.
For this reason, responsibility has fallen on the manufacturers to either better protect consumer products or provide users with the ability to better protect their private data. However, now we are in the post-Trump era. From a political standpoint, the question is will such anti-hacking agreements go back onto the table, and what would this mean to Internet users at large?
Ransomware is Making a Comeback
Crowdsourcing isn’t just for legal start-ups anymore. Some time back, ransomware developers created a site named Tox that crowdsources malware development and distribution. The site lets programmers and malware distributors come together and combine forces to demand payments from helpless victims that can’t access important documents without payment.
Although Tox shut down due to fear of being an FBI target, several others have since piggybacked off of the idea. These sites are a part of the dark web, so they can avoid detection from law enforcement. Ransomware isn’t a new concept, but crowdsourcing has given it an increased incentive and interest for cybercriminals.
There is much to be aware of in the trends listed above. However, these are not the only vulnerabilities that demand your attention. Learn how to proactively mitigate risks of specific attacks before they hit by reviewing our research briefs on the following related topics.
Share this
- December 2024 (1)
- November 2024 (1)
- October 2024 (1)
- September 2024 (1)
- August 2024 (1)
- July 2024 (1)
- June 2024 (1)
- April 2024 (2)
- February 2024 (1)
- January 2024 (1)
- December 2023 (1)
- November 2023 (1)
- October 2023 (1)
- September 2023 (1)
- August 2023 (1)
- July 2023 (1)
- June 2023 (2)
- May 2023 (2)
- April 2023 (3)
- March 2023 (4)
- February 2023 (3)
- January 2023 (5)
- December 2022 (1)
- November 2022 (2)
- October 2022 (1)
- September 2022 (11)
- August 2022 (5)
- July 2022 (1)
- May 2022 (3)
- April 2022 (1)
- February 2022 (4)
- January 2022 (3)
- December 2021 (2)
- November 2021 (3)
- October 2021 (2)
- September 2021 (1)
- August 2021 (1)
- June 2021 (1)
- May 2021 (14)
- February 2021 (1)
- October 2020 (1)
- September 2020 (1)
- July 2020 (1)
- June 2020 (1)
- May 2020 (1)
- April 2020 (2)
- March 2020 (1)
- February 2020 (1)
- January 2020 (3)
- December 2019 (1)
- November 2019 (2)
- October 2019 (3)
- September 2019 (5)
- August 2019 (2)
- July 2019 (3)
- June 2019 (3)
- May 2019 (2)
- April 2019 (3)
- March 2019 (2)
- February 2019 (3)
- January 2019 (1)
- December 2018 (3)
- November 2018 (5)
- October 2018 (4)
- September 2018 (3)
- August 2018 (3)
- July 2018 (4)
- June 2018 (4)
- May 2018 (2)
- April 2018 (4)
- March 2018 (5)
- February 2018 (3)
- January 2018 (3)
- December 2017 (2)
- November 2017 (4)
- October 2017 (3)
- September 2017 (5)
- August 2017 (3)
- July 2017 (3)
- June 2017 (4)
- May 2017 (4)
- April 2017 (2)
- March 2017 (4)
- February 2017 (2)
- January 2017 (1)
- December 2016 (1)
- November 2016 (4)
- October 2016 (2)
- September 2016 (4)
- August 2016 (5)
- July 2016 (3)
- June 2016 (5)
- May 2016 (3)
- April 2016 (4)
- March 2016 (5)
- February 2016 (4)