The top four cyber security risks of the first half of 2018

by Olivia Morelli - - 2018-07-21

Virus and scam developers are not leaving us alone in 2018

Threats and scams evolving 2018 The most dangerous threats of this year.

Technology keeps evolving, so do cybercriminals. Every day, we are warned about new viruses, data breaches or data leaks. Cyber attacks become even more dangerous because of the new tactics and changed perspectives. When hackers with malicious goals evolve, we need to take cybersecurity more serious. The major key here is awareness and implementation of preventative actions. Let's look at the biggest threats of 2018 so far.

Data leaks continue affecting users of big companies

Facebook-related Cambridge Analytica scandal is probably the most shocking news we have been dealing with so far. It is believed that it involved nearly 100 million users and could influence the Presidential election in the USA, and Brexit voting.^[1] At the moment, Cambridge Analytica is still neglecting these scenarios.

The recent events of Singapore's health database leakage prove that even the country's prime minister cannot be sure about the safeness of his data.^[2] This major cyber attack, which is believed to be “deliberate, targeted and well-planned,” involved 1.5 million people.

If you happen to become a victim of the data breach, make sure you change your passwords in all social media accounts for the more complex ones. Use two-factor authentication as an extra layer of security.

Ransomware attacks keep emerging

Ransomware viruses are still considered one of the main threats in today's cyber world. When one version becomes decryptable, hackers launch the new one with the more sophisticated code, and files' recovery becomes impossible.

Probably the most notorious ransomware attack so far is called WannaCry.^[3] Hackers who were hiding behind this threat managed to affect such giants as Spanish Telefonica, NHS hospitals in the UK, Renault, FedEx, Deutsche Bahn. The biggest victim, NHS hospitals, found themselves paralyzed and couldn't operate after the attack at all.

This year, GandCrab ransomware^[4] is considered the most active ransomware. After being discovered in January, today the virus has six different versions. The most worrying fact related to this ransomware is that it has been using several exploit kits to spread around:

Magnitude EK;
GrandSoft EK;
Rig EK.

We have also seen speculations that it is using SMB exploit to spread around, but it hasn't been confirmed yet.^[5]

Paying demanded ransom or contacting the cybercriminals behind ransomware is not the solution. Often, there is no decryption key that developers promote they have. To protect yourself, make sure you backup your important data as this is the main problem victims of ransomware viruses run into.

Cryptojacking — a new way to misuse victim's computer resources

Cryptojacking is quite a new term used to describe the misusing of victim's computer for cryptocurrency mining. Hackers have been relying on a few techniques for this attack, but the most common way to generate cryptocurrencies is in-browser cryptojacking which uses JavaScript in the web page and doesn't need to infect the system to use its resources.

This year, these attacks took the leading position, leaving ransomware in the second place. What makes this activity so popular? Probably the increasing price of some well-known cryptocurrencies and the less danger the attacker as to deal with.

Tech support scams are getting serious as well

Tech support scams have always been a huge problem even for the government and such big companies as Microsoft.^[6] Each year, the Internet complaint centers receive reports from people who claimed to have lost millions because of these scams. Criminals claim to provide technical support after displaying a fake error message with the phone number. Their goal is to gain access to personal devices, trick victims into signing for misleading services, install malware, and so on.

People need to know that legitimate tech support companies and their employees do not contact users via ads on their web browser. Additionally, Microsoft's or other tech giants' employees do not ask to provide the remote access to users' computers. To avoid being scammed, ignore ads while browsing the web, especially when they have nothing to do with the reality.

About the author

Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at 2-Spyware.com. She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions

References

^ Facebook data gathered by Cambridge Analytica accessed from Russia, says MP. The Guardian. News and media.
^ Matthew Field . Cyber attack on Singapore health database steals details of 1.5m including prime minister. Telegraph.co.uk.
^ Cara Mcgoogan. One year on from the WannaCry attack, are we more vulnerable than ever?. The Telegraph. Lifestyle. The filter.
^ Julie Splinters. GandCrab ransomware explained. 2-spyware. Spyware and security news.
^ Lindsey O'Donnell. No Evidence of GandCrab Leveraging SMB Exploit – Yet. Threatpost. Could security, malware, vulnerabilities, privacy.
^ Sam Rutherford. Microsoft Warns That Tech Support Scams Are Still on the Rise. Gizmondo. Science and technology website.