The cyberattacks and the cybercriminals are constantly updated. They update their techniques, their methods, as well as their means of access.
Predictions based on trends,
predict that you will hear about computer attacks with objectives mainly
towards Companies, of course, ordinary users will continue to be attacked in
many ways and suffer the consequences, but as discussed below, what These new
attacks will be the main target of the sophisticated companies.
Internet of Things: Object and means of Cyberattacks
The Internet of things (IoT) sector in all
its forms:
·
Industry 4.0.
·
e-Health.
·
e-Car.
·
SmartCities.
·
Consumer.
·
Security,
etc.
It is a niche that is not
neglected by cybercriminals ,
used as an object and as a tool.
We are talking about millions
of devices that connect, have connected and will connect to the
Internet. Devices as simple as a light meter
on a street lamp, but that coexist with large systems on
the network such as ATMs and servers of all kinds.
Network and system
administrators protect their servers, corporate
networks and data centers with Firewalls , VPN solutions , monitoring
systems (NM) and intrusion detection (IDS) ,
on the other hand, many of the installers of these thousands of internet
devices of the things they do not do it with such impetus, and without blaming
anyone, because it is a booming sector where the first barrier of protection
has to come from the manufacturers who, in many cases, omit or neglect
important aspects such as security against the cybercriminals.
This is a fact that is not left
out of the criminals who take advantage of this situation. The use of the
Internet of Things, with its millions of smart devices connected to the network
and without any protection, remains under the control of cybercriminals , who prepare them to be able to
massively attack other infrastructures.
DDoS
(Deny of Service) service drop due to Cyberattacks
In 2016, massive cyberattacks were detected that caused the fall of services due to the well-known DDoS (Deny of Service) or denial of service, where telematic forensics and experts indicated that the attacks came from devices such as: cameras, sensors, CCTV video recorders , PLCs , and a long list of active components of the well-known Internet of Things , a new network that manufacturers and installers must become aware of and begin to secure.
The DynDNS company was also a focus of
cybercriminals, specifically on October 21, 2016, where a DDoS occurred . This attack was carried
out by thousands of devices infected by the “Mirai” malware, which takes advantage of
vulnerabilities such as the “default password” to
infect the device and use it as an attacker.
This attack left countless
companies without service since the “Dyn” service offers
the resolution of the domain or URL, the Internet address, used for remote
access to millions of facilities of all kinds: industrial, cameras, servers,
etc.
It was also the Sierra Wireless company that alerted its
customers to the need to review and change the default passwords due to the
high risk of intrusion.
Cyberextortion
multiplies
The Ciberextorsión be a popular term in the coming
years, where they are and will be several forms of attacks will proliferate:
·
Business Email Compromise (BEC): or
attacks on corporate emails, are based on attacking or reaching the subject's
email account to insert, for example, payment orders destined for the
criminal's current account. This type is best known for its relative ease.
·
Business Process Compromise (BPC): or
attacks on corporate processes, it is even more sophisticated, and represents a
twist in the criminals' strategy, as it attacks the company's processes, such
as its servers and databases to cause unauthorized modifications or
transactions in the company's internal processes. Thus, the criminal can,
for example, receive not only money but also material goods (eg product
shipments from online stores).
This second mode is the most
profitable one, since companies carry out innumerable daily transactions
(payments) and it is very complex to control each and every one of
them. There have already been several cases of infections in systems that
produce invoices with account numbers that have been modified and whose
destination is the criminal's pocket.
For this reason, all companies
and in particular those of electronic commerce, as well as financial
departments, must pay special attention to this type of more sophisticated and
therefore difficult to detect threats.
Cybercrime as a service
Interpol in one of its reports
mentions the “crime-as-a-Service” ,
referring to a new way of orienting the purposes of the attacks; turn them
into pay-on-demand services.
Thus, for example, the war
between industries, corporations and countries is facilitated, all orchestrated
by groups of cybercriminals, who, as if it were a company, put these malicious
commercial accessions at the service. Let's say it is a cyber-hitman at
the service of whoever hires him.
Be that as it may, it is
necessary to take some basic measures, measures that must be considered by all
the actors involved, not only the users, but also the installers, distributors
and manufacturers.
The effects and consequences of
a security breach are unimaginable, but they are latent in the heads of
ingenious cybercriminals. It is not only to think about economic damage,
but about natural, personal disasters, etc.
Fortunately, today there are
many professionals who have been trained in the protection of networks and
equipment, therefore, let yourself be advised, and let's not take cybersecurity
as a more fashionable word, but as a necessary discipline to avoid unimaginable
greater evils.
Cyber
attacks on devices
The number of devices such
as computers, smartphones and payment terminals (card holders or dataphones) is
increasing , which
implies increasing attention by cybercriminals in fake applications that steal
credentials, payment applications, access to the camera. photos, credential
hijacking, sending payment SMS, etc.
E hese
are many techniques that will increase the portfolio of actions of
technological cybercriminals, from the shade and with less exposure than a
criminal street embezzlements increase both businesses and individuals.
We are in a new era to which it is not necessary to get used to, but to
be updated ,
where every measure is little and where investment in cybersecurity has to be
part of every budget item.
How
to prevent a cyber attack
There are manufacturers of 4G routers that do not
allow opening ports if the default password has not been changed, which,
although it is something simple, implies a first barrier of protection.