Research

Yesterday’s Security Challenges Haven’t Gone Anywhere

Written by Reflare Research Team | May 3, 2022 12:15:00 PM

Cyber threats are always evolving, and so we’re forced to rethink our security strategies. Whether it’s new malware or an old threat that resurfaces, history shows us we need to stay vigilant to make sure our defences are up to par.

First Published 9th December 2015  |  Latest Refresh 3rd May 2022

Kids will click on the darndest things.

4 min read  |  Reflare Research Team

Trends of Interest

Over the years, we have observed the emergence of many trends in cyber threats. Two that definitely caught our eye at the time were the 1) exploitation of children’s devices, and 2) poorly secured IoT. Now, these threats weren’t particularly new back then, but even after all these years, they have continued to increase in popularity with cybercriminals. Subsequently, these vulnerabilities of the past still persist, and are still an ongoing concern for the majority of IT security professionals today. 

Children's Tablets as Targets

Mobile devices are becoming more integrated into school life for young children and teens, and this trend has been fast-tracked thanks to the COVID-19 pandemic and the rise of homeschooling. This makes such devices a target for cybercriminals.


For example, a major security breach was confirmed by the company VTech, which manufactures devices and monitors for children and their parents. The company confirmed that 6.4 million children’s profiles were stolen by hackers. Children’s names, birthdates, photos, email addresses, physical addresses, and even passwords were breached. 



This comes as no surprise since tablets are rarely updated or have any type of malware installed. Efforts to block hackers from desktops make it more difficult to bypass security, so hackers turn to less secured mobile devices that rarely have any anti-malware features.

This is of concern given that trends in mobile device malware rather than desktop grows in the face of more consumers turning to mobile as a primary online source. 

IoT Vulnerabilities

IoT devices continue to introduce new features for home automation, and new gadgets in the wearables space grow in popularity as manufacturers continue to integrate the Internet into their everyday devices for consumers.

These devices aren’t updated often, don’t have anti-malware implemented, and aren’t well monitored for new vulnerabilities. The result is that these devices are targets for malware, especially spyware that exposes user home information to the attacker. 

The biggest exposure is from the control system’s hub. For instance, a significant security threat was identified in Ubi hubs where the manufacturer left the debugging interface exposed. Simply disabling the debugging interface improves security, but manufacturers have yet to acknowledge the need for better security in their technology. 

Additionally, there were a few other trends that are worthy of note.

Anti-Hacking Talks Between China and US Due Again?

Can't we all just get along?

Back in the pre-Trump era, the US and China were in discussions regarding anti-hacking agreements. The talks came after several years when both countries battled with cyber-attacks and espionage in the private sector. As much as a positive outcome was publicized at the time, the political world was insufficient to sufficiently address the challenge, and no real agreement was reached. 

This lack of outcome ultimately becomes the individual citizen’s problem.

Irrespective of international security policies to protect netizens-at-large, individual users find themselves between a rock and a hard place. It is difficult for consumers to even enact self-protection when they often don’t have the simple option of installing antimalware software on many of their most common devices.

For this reason, responsibility has fallen on the manufacturers to either better protect consumer products or provide users with the ability to better protect their private data. However, now we are in the post-Trump era. From a political standpoint, the question is will such anti-hacking agreements go back onto the table, and what would this mean to Internet users at large?

Ransomware is Making a Comeback

Crowdsourcing isn’t just for legal start-ups anymore. Some time back, ransomware developers created a site named Tox that crowdsources malware development and distribution. The site lets programmers and malware distributors come together and combine forces to demand payments from helpless victims that can’t access important documents without payment. 



Although Tox shut down due to fear of being an FBI target, several others have since piggybacked off of the idea. These sites are a part of the dark web, so they can avoid detection from law enforcement. Ransomware isn’t a new concept, but crowdsourcing has given it an increased incentive and interest for cybercriminals. 

There is much to be aware of in the trends listed above. However, these are not the only vulnerabilities that demand your attention. Learn how to proactively mitigate risks of specific attacks before they hit by reviewing our research briefs on the following related topics.