Review some of the biggest security threats to our data, and learn how to avoid them:
- Extortion Hacks. These are the opposite of ransomware attacks. Instead of encrypting data and requiring money, an attacker will obtain sensitive information and threaten to release it if the victim doesn’t pay. These types of hacks are more often targeted at large companies than at individuals. Notable examples include the "Sony hack" and the "Ashley Madison hack." Essentially a form of blackmail, this type of cyberattack is a growing concern for companies and executives. Experts expect these types of attacks to become much more prevalent in the coming year
- Attacks That Change or Manipulate Data. Identified by the head of the NSA as the "next nightmare" this type of cyber-crime compromises the integrity of digital data. Most likely targeting financial and stock-trading systems, an attack doesn't destroy data but alters it in small potentially unrecognizable ways. On a small scale, these alterations could lead to accounting miscalculations. On a larger scale the corruption of data, loss of money, or even forcing stock prices to spike or drop. A particularly worrisome aspect proposed by US military officials is the potential for foreign powers to alter or sabotage the integrity of US weapons systems.
- Chip-and-PIN Innovations. As of October of 2019, credit card companies are required to include a "chip" in all cards. The card chip, already widely used internationally, sends a new transaction code every time the card is used. This prevents hackers from putting your card number on a cloned card and using it in person. In countries that already have chip cards, card-present fraud has fallen drastically. However, hackers are nothing if not persistent and phone and online card fraud has skyrocketed. Online, a pin nor signature is required, making the theft of just a card number more efficient. The US should expect online card fraud to increase. It is important to make sure you are prepared by removing public personal data from social media, beefing up password strength, and adding 2-factor online authorization when available.
- The Rise of the IoT Zombie Botnet. Smart devices—such as cars, thermostats, lighting, appliances—are all interconnected and online as part of the Internet of Things (IOT). As with anything that is connected to the outside world, there are people who want to get in. Traditionally, botnets referred to a group of hacked computers that could be used for malicious purposes by attackers (Usually denial-of-service attacks, or distribution of malicious email). Attackers began testing the waters, hacking connected things and taking control. Hijacked devices are sometimes known as "thingbots." The future will see a more coordinated effort, using any device with its own IP address to carry out DDoS attacks. Unfortunately, knowing whether a device has been hijacked is much more difficult than a computer.
Have questions? We're here to help!
If you have recognized an incident and need to report it, take the following steps. Send your email to infosec@miami.edu with the subject: Security Incident - High Priority
Provide the computer's IP address. Describe the nature of the problem to the best of your ability. Include the date/time of discovery, how the incident was detected, the duration, impact (loss/compromise of data, system downtime, damage to the systems, etc).
Copy/paste email message headers, activity logs showing the suspicious or offensive activity. Do not modify the files in any way. Provide your name, title, department, and phone number.
