Let’s not forget about these emerging cybersecurity threats

From deepfake phishing to malware that ‘learns’, never underestimate the rapidly changing threat landscape.
3 October 2019

Deepfake could provide a new avenue for phishing attacks. Source: AFP

Data breaches are a global problem dominating the news cycle and businesses are paying a heavy price for it.

It emerged this week that Yahoo, who has been repeatedly hacked and billions of user’s information stolen in the process, has been forced to set up a data breach settlement fund for former users to the tune of US$117 million.

Many companies have an incident response platform to detect any abnormity in the system but are often not up to speed to defend the system from cybercrime.

The reason being, “hackers capitalize on people’s lack of understanding” on technology to successfully hack into a system. Hackers identify loopholes and weak spots to infiltrate a system; in some cases, stealing millions of data in a span of days without being noticed.

Besides global giants such as British Airways, Marriott and Hydro falling victim to cybersecurity failures, the successful ransomware extortion of entire cities in the US shows the true scale of the problem.

The problem with cybersecurity is that as soon as we think we have a handle on the problem, a more sophisticated method is used, or another weakness exploited.

Here, we revisit some of the ways that threats could continue to develop in the coming years as technology continues to advance.

A hacker with many faces

Deepfakes” a term used to describe the realistic faces developed by artificial intelligence (AI) has advanced to produce even more genuine looking fabrication of images and videos.  

Cybersecurity experts are concern that hackers may use this technology to assume different identities, making it easier to access sensitive data or spread false information. Imagine employees receiving an email, call or video call form their ‘managers’ to hand over passwords and private information. If constant verification is needed, organizations may find it harder to maintain a smooth operation. 

So how would individuals be able to distinguish the real from the fake?

Based on developments by Google, deepfakes are being used to identify other deepfakes. An open-source database with thousands of deepfakes is released to accelerate the development of detection tools. Detection tools are being developed but are still in its infancy.

Quantum computing the breaker of encryption

The announcement of Google’s success in building quantum computers and IBM’s upcoming launch of the technology has marked an important progress in its field but experts are also concerned in its ability to crack down security walls. 

Quantum computing can potentially break encryptions used to protect medical records, private messages, and online transactions. Taking into consideration the potential threats, the US National Institute of Standards and Technology (NIST) are working on measurements to protect data vulnerable from quantum attacks.

Trouble in the cloud

Another popular way for hackers to access large sets of data is through the clouds. Businesses that store client’s data in the cloud while managing it remotely are susceptible to cybercrime due to the large amount of data stored. The data mine enables hackers to not only access a single company’s information but also other institutions sharing a public cloud.

Besides that, the growing trend of “supply chain” attacks also highlight the importance of securing the ecosystem for IT providers and their clients.

The price for going digital

While organizations are reaping the benefits of online-connected operations and the contribution of smart devices in boosting efficiency, hackers are utilizing AI to detect weak points of security systems.

CEO of cybersecurity firm Darktrace, Nicole Egan predicts that AI and machine learning would play a big role in helping hackers pull off a high profile data breach. A paper by Malwarebytes called When Artificial intelligence Goes Awry predicted that AI technology could soon bring us into the unwelcome age of ‘malware 2.0’.

With the promising features of 5G such as faster internet speed and larger bandwidth to support a network of internet devices, hackers can take full advantage of this development and launch more malevolent attacks.

One thing is clear, regardless of the nature of business, all organizations operating online with valuable data are prone to cybercrime. Therefore, an understanding of the potential threats faced by emerging technology is crucial.