Security trends

• Ransomware
Several big ransomware attacks make headlines in past years. Most of their
damage was in reputation, legal cost and confidence to the institutions (though
the scammers made their own pay). Interesting drivers of this growth are RaaS
(ransomware as a service) where unskilled cybercriminals can launch attacks
and a growing underground economy. Ransomware is also growing in concert
with Phishing and social engineering.
• Block chain Security
Speaking of crypto-currency, there has already been significant investment
in block chain as security technology. Block chain has the potential to
eliminate passwords, provide advanced encryption, and create tamper proof
infrastructure.
• Artificial Intelligence - powered attacks
AI/Machine Learning (ML) software has the ability to "learn" from the
consequences of past events in order to help, predict and identify cyber security
threats. However, AI may prove to be a double-edged sword as 91% of security
professionals are concerned that hackers will use AI to launch even more
sophisticated cyber-attacks.
For example, AI can be used to automate the collection of certain information —
perhaps relating to a specific organisation — which may be sourced from support
forums, code repositories, social media platforms and more. Additionally, AI may
be able to assist hackers when it comes to cracking passwords by narrowing down
the number of probable passwords based on geography, demographics and other
such factors.
• Vulnerabilities & Attacks
The common vulnerability that exists in both wired and wireless networks is
an “unauthorized access” to a network. An attacker can connect his device to
a network though unsecure hub/switch port. In this regard, wireless network
are considered less secure than wired network, because wireless network can
be easily accessed without any physical connection.
After accessing, an attacker can exploit this vulnerability to launch attacks
such as –
▪ Sniffing the packet data to steal valuable information.
▪ Denial of service to legitimate users on a network by flooding the
network medium with spurious packets.
▪ Spoofing physical identities (MAC) of legitimate hosts and then
stealing data or further launching a ‘man-in-the-middle’ attack.