Moving into the fourth quarter of 2019, it’s a great time to reflect on the current cybersecurity landscape and the major events and trends which have happened this year. Almost everybody understands what cybersecurity means in the most basic sense, as the majority at least have some experience with anti-virus software.
But as we increasingly rely on computing systems to power our day-to-day lives, our cybersecurity software and processes have to become more sophisticated. With each new piece of technology, software, hardware, or device, there’s a new and increasingly complex way for our data to be accessed or stolen.
As every piece of technology we use is ultimately created by human developers, there are invariably some aspects of every technology which aren’t flawless. Each piece of technology calls for a unique way of exploiting its specific weaknesses – a flaw in its design which allows hackers to gain access.
Usually, hackers will deploy certain attacks to test computer systems, to try and identify these weaknesses. There’s not just one or two attack vectors which cyber-criminals and hackers use to compromise systems. Instead, hackers may deploy several attacks in tandem to gain access to a system.
From the widespread implementation of blockchain and internet of things (IoT) technologies to completely new threats on the horizon, Blokt explores how 2019 has shaped the cybersecurity space.
IoT Devices Present New Challenges
IoT devices are growing in popularity, used in home, office, and industrial situations for a range of use cases. But connecting a greater range of devices to our internet systems means a greater risk that they will become compromised. Connected devices, like internet routers or sensors, can be hijacked by hackers and used to send out spam mail, or incorporated into a botnet.
The National Institute of Standards and Technology (NIST) published updated guidelines in mid-2019 for the use of IoT devices, citing that the diverse range of IoT devices makes it difficult to protect and police. Among other things, NIST recommended that IoT devices keep logs of all potential cybersecurity events, however minor, to protect against them becoming part of a larger network of malicious bots.
Business Owners Bear Largest Costs of Attacks
Cyber attacks on small and medium businesses are increasing. In 2018, 61% of small to medium business owners reported that they had been victims of attacks, a 9% increase from 2017. In 2019, this figure is expected to increase further.
Each attack costs businesses an average of $383 thousand dollars, which for a small or medium business could mean significant financial hardship. Most of these attacks came from data breaches, of which 37% were identified to be a direct result of hacker attacks.
Phishing Has Increased by 65% in 2019 so Far
According to security firm Retruster, phishing attempts have grown an enormous 65% this year. Phishing attacks target information such as usernames, passwords, and payment information, using fake websites or legitimate-looking emails to steal information. Although we’re more aware of the risk of phishing attempts than ever before, people continue to fall for this attack, which is as old as email itself. So why is this?
It could be because our perception of phishing in 2019 is skewed. The majority of people are wary of opening emails and attachments from unknown senders in case they contain malware – commonly believed to be the most dangerous form of phishing. While it’s recommended not to open such mail, anti-phishing firm Phishlabs reported that 98% of phishing emails actually contained no malware.
Instead, most phishing attempts are actually perpetrated through incredibly legitimate-looking emails. For example, Phishlabs found that 31% of emails posed as internal HR or finance providers and a further 27% of phishing emails disguise themselves as e-commerce sites, which then prompt users to log in through a fake website.
It’s at this point that attackers lift your credentials and use them to log in to your real accounts – not malware, as commonly thought.
Polymorphic and Metamorphic Threats Are on the Rise
Polymorphic attacks, which evolve as they spread across a user’s computer, make up an estimated 93% of malicious executable computer viruses in 2019. Polymorphic and metamorphic malware adapt and evade traditional antivirus software, which makes identifying and eradicating these viruses incredibly difficult. Both consumers and businesses are targets of polymorphic malware, with consumers – that’s you and I – comprising 68% of malware endpoints.
Polymorphic malware programs can include spyware, which monitors your activity and reports your keystrokes to attackers; trojans, which disguise themselves as harmless programs or files and gives attackers remote access to your PC; or viruses and worms, which can disable host computers or siphon off data at will.
Digital Asset Theft
Whilst digital assets are promising a disruption to the way we store and transact value, they are also opening up whole new ways by which to steal value too! Although many digital asset thefts are caused by other common attack methods, most of which we discuss here, they are nevertheless proving to be an easier target for attackers to steal.
This is evidenced by the huge $1.2 billion in cryptocurrency, which was stolen in the first quarter of 2019 alone. According to blockchain crime prevention company Ciphertrace, over $355 million was stolen from exchanges and infrastructure alone, a huge part of which was drained directly from user wallets and accounts.
Up to 57% of Attacks Make It Past Traditional Antivirus Software
This might be the most shocking statistic on our list, though it’s no revelation to cybersecurity experts that over half of all attacks make it past antivirus software. The reason for this is that most antivirus software, no matter how sophisticated it is, can only identify threats it has some prior knowledge of.
When a new threat emerges, which carries none of the hallmarks of a previously deployed exploit, it’s incredibly difficult for antivirus software to detect – so difficult, that only 43% of exploits are stopped. However, new technologies such as artificial intelligence and machine learning are helping to identify and stop new attacks as they emerge.
Mobile Threats See a Decrease From 2018
In 2019, more people access the web through their smartphones than through other devices, with 3.9 billion active mobile internet users. As a result, mobile attacks represent one of the most problematic forms of a cyber attack, usually deployed when a user downloads an app loaded with malware.
Despite this, the first quarter of 2019 saw a marked decrease in malicious installation packages from mobile users, down from over 1 million in Q1 2018, to just 905 thousand. While this may still seem high, a decrease of almost 100 thousand malicious installs is a big achievement for cybersecurity.
Local Government Agencies Are Falling Victim to More Attacks
Although 2018 saw a slight year-on-year decline in total cyber attacks, there has been a marked increase in ransomware attacks on local and regional governments. According to cybersecurity firm Recorded Future, in the first four months of 2019, there were 21 reported attacks against government agencies in the USA.
Many of these attacks will take control of internal systems, access and withhold data, and request government agencies to pay the attackers a ransom in Bitcoin to restore control of systems. Only around 17% of these agencies actually pay the ransom, but some of the reported ransom demands are as high as $250,000.
Denial-of-service Attacks (DoS) See a Huge Increase
As the name suggests, denial-of-service techniques prevent users of a service from accessing a resource. This could either be a website or a piece of software. In this attack, hackers will usually launch multiple techniques to either deny service to an individual user, or to all users of a service through a ‘distributed denial-of-service’ or DDoS attack.
Often, as there’s no opportunity for hackers to steal information through these attacks, they are motivated through blackmail, activism, or revenge. According to Kaspersky, DDoS attacks are on the rise, increasing a huge 84% in the first quarter of 2019 from Q4 2018.
Beware of Cryptojacking!
Cryptocurrency mining is, in many cases, increasingly unprofitable except for large scale mining operations. This is mainly due to the huge electricity costs associated with running mining hardware. Imagine then, if there was some way of mining on someone else’s machine without them knowing?
Unfortunately, there is – it’s called ‘cryptojacking.’ A new cybersecurity threat, cryptojacking, uses the victim’s processing power to imperceptibly mine cryptocurrency. This can be through software-based mining malware, or even through website scripts. The ESET Cybersecurity Trends Report 2019, reports that cybercriminals made off with an estimated $2.5 billion in the first half of 2018, and this threat could get worse during 2019.
Increased Focus on Data Privacy and GDPR
Data privacy has been a huge focus in the last two years, ushering in wide antitrust movements following breaches such as Facebook’s Cambridge Analytica scandal, and numerous cybercrime-related breaches. In Europe, this has culminated in strict GDPR rules being enforced to protect user data.
The U.S. hasn’t followed suit – yet. Sean Atkinson, Chief Information Security Officer for the Center for Internet Security, predicts that 2019 will be a year where greater accountability for data breaches will be at the front of lawmakers agenda, with the U.S. potentially following Europe’s lead on GDPR type regulation. But even with that in place, we always recommend using a good vpn service.
Cloud Computing Security
Over 50% of 786 business respondents who used cloud computing regularly, agreed that security risks were ‘somewhat of a challenge’ to their business processes, a report in January 2019 found. The compromise of cloud computing is on the rise, and with the average large company using 923 cloud-based services, this could be a serious problem.
Among the largest risks are loss and theft of intellectual property stored in the cloud, cloud services being used as a vector for data exfiltration, and malware delivery. Also, a real danger is employees uploading sensitive commercial data to the cloud, leaving the company with their access rights intact, and then using this data at a competitor firm – giving a new edge to corporate espionage.
Bypassing 2FA Authentication
Hot off the press last month is news that the FBI is now warning users that two-factor authentication, or 2FA, is not as secure as they think. In a press release on the 17th September 2019, FBI cyber division experts warned that attackers are using social engineering to trick users into bypassing 2FA.
By tricking users into opening phishing emails as we’ve discussed above, hackers can lift access tokens for legitimate websites. The FBI press-release cites one incident earlier this year where hackers gained access to a US banking service. Attackers logged in with stolen credentials and used a manipulated 2FA string to gain access and transfer funds from a victim’s account.
Formjacking Is Increasing
Formjacking occurs when attackers use HTML code to take over certain sections of a website, usually at the point where users are entering identity and payment credentials into a form, such as an e-commerce checkout.
Cybersecurity giant Symantec reported that an average of 4,800 websites are compromised through formjacking each month. The number of formjacking attacks increased dramatically towards the end of 2018, in which Symantec researchers correlated with a drop in the value of cryptocurrencies. Security experts believed that attackers previously using cryptojacking attacks instead turned to formjacking to make more profit.
Google Project Zero Regularly ‘zeroes’ in on New Threats
Let’s end our list on a positive note. For all the malicious attacks which take place, there are plenty of benevolent ‘white hat hackers’ who are working to fix and prevent attacks compromising our computing systems.
Google Project Zero was established in 2014 to prevent hackers from exploiting vulnerabilities on the same day or soon after they are found – something known as ‘zero-day attacks.’ Remember, we discussed how antivirus software doesn’t have signatures for viruses and malware which have never been seen before? These are a great example of zero-day attacks.
In an update shared in May 2019, computer security expert Ben Hawkes shared how new exploits ‘in the wild’ are discovered every 17 days on average. Most software vendors or computing engineers will take around 15 days to patch vulnerabilities being exploited by attackers.
The good news is that researchers at Google are tracking these exploits, to help understand how attackers behave in real-world situations and discover what their capabilities are. By building databases of these exploits, cybersecurity experts can build more advanced tools to stop attackers before they strike – and the more they find, the safer our cybersecurity landscape in 2020 will be.
Top 15 Cybersecurity Trends for 2019 was originally found on Blokt – Privacy, Tech, Bitcoin, Blockchain & Cryptocurrency.
Dave Portnoy Says Bitcoin is a Big Ponzi Scheme But He’ll Be Back
Just months after making a grand entrance in the cryptocurrency space, the Barstool Sports Founder Dave Portnoy reaffirmed that he’s out of the field. In a recent podcast with Anthony “Pomp” Pompliano, the controversial day trader justified his exit by claiming that Bitcoin is a giant Ponzi scheme.
Portnoy’s Controversial Bitcoin History
Portnoy has become one of the most influential and controversial faces of legacy market day trading. Earlier this year, he declared that he’s “coming to Bitcoin,” which attracted lots of attention. Even the Winklevoss twins offered their help to educate him on Bitcoin.
However, his controversy quickly followed him in the vigilant cryptocurrency field, where the community rapidly spotted his pump and dump techniques. After buying several altcoins and claiming a loss of $25,000, Portnoy said that he’s out.
In Pomp’s recent podcast, he reaffirmed that he doesn’t own any digital assets as of now. He went even further by asserting that Bitcoin is “in my mind one big Ponzi scheme.” He argued that “you get in, and you just have to not be the one left holding the bag.”
Interestingly, though, his 2020 purchase of Bitcoin wasn’t the first. He admitted that he bought about $50,000 worth of BTC during the parabolic price increase in 2017 at about $15,000. When asked if he still holds the coins, Portnoy said that he lost the hardware wallet.
Lack Of Accountability Is A Problem, But I’ll Be Back: Portnoy
One of the most notable features regarding Bitcoin has been the anonymity of the creator – Satoshi Nakamoto. Although the pseudonym is well-known and disputed, and some people claim to be Nakamoto, the true identity remains a mystery to this day.
Portnoy believes that this is a problem. He argued that if he ends up losing money or being scammed, he prefers to know who’s the person behind the entire operation. With Bitcoin, though, this “lack of accountability” raises concerns that he’s not comfortable with. Nevertheless, he noted that he’s planning to get back into BTC:
“I’ll get back. I’ve been saying that I’ll be back into Bitcoin. I don’t know when, but I’ll be back.”
He argued that the community and mostly the memes attracted him the most in the first place, and it’s what he misses the most.
China’s Blockchain-Based Service Network (BSN) Integrates Tezos
- The popular blockchain company Tezos has become the last integrated network into China’s ambitious Blockchain-based Services Network (BSN).
- Developers can employ the Tezos protocol through BSN’s global public city nodes and portals for a “simplified development and deployment experience.”
- All three global public city nodes, namely Hong Kong, California, and Paris, have integrated with the Tezos Blockchain in both mainnet and testnet.
- Developers wanting to utilize the Tezos blockchain need to set up an account on BSN’s website and head towards the “permissionless services” section.
- Upon choosing the preferred public city node, developers need to “create a new project” and “choose the chain” (mainnet or testnet).
- After seeing the new project’s creation based on the Tezos blockchain, the next step is to insert Project ID, Project Key, and Access Address from the Project List.
“All APIs provided by Tezos can be accessed in similar ways, and the original data format will be returned.”
- China’s BSN was released earlier this year after some delays prompted by the COVID-19 pandemic. It enables developers to build applications, smart cities, and even digital economies on top of it without participants having to design a new network from scratch.
- Prior to Tezos, BSN integrated other popular blockchain companies starting with Chainlink’s oracle.
- BSN also integrated the Chinese-based platform NEO to accelerate the adoption of the blockchain technology in the country.
Crypto Price Analysis & Overview September 25th: Bitcoin, Ethereum, Ripple, Chainlink, and Tezos
Bitcoin dropped by a total of 3% over the past seven days of trading as it reached the $10,600 level today. The cryptocurrency briefly pushed above the $11,000 mark last Friday but could not sustain this level as it broke beneath it during the weekend. On Monday, BTC saw a precipitous 7.5% fall as it dropped from $10,910 to reach as low as $10,200.
Bitcoin continued to head lower on Wednesday as it reached $10,140 before the buyers regrouped to initiate a rebound, which happened yesterday. During the rebound, BTC managed to break back above the 100-days EMA and reach as high as $10,760 – where it ran into resistance at the bearish .382 Fib Retracement.
The coin has dropped slightly from there to trade at $10,600 today.
Looking ahead, if the bulls can continue above the $10,760 level, higher resistance lies at $10,900 $11,000, and $11,200. Added resistance is expected at $11,340 (bearish .618 Fib Retracement), $11,500, and $11,600.
On the other side, the first level of support lies at $10,430 (100-days EMA0. This is followed by support at $10,330, $10,140, and $10,000.
Ethereum suffered a steeper 11.3% price decline over the past week as it reached the $346 level today. The coin was trading above $380 last Friday but started to drop lower during the weekend. On Monday, Ethereum fell from $365 to reach as low as $335 (100-days EMA).
The price decline continued on Wednesday, which saw ETH drop as low as $320. Luckily, the bulls regrouped for a rebound on Thursday in which ETH managed to reach the $252 resistance (bearish .236 Fib Retracement). It also produced a bullish engulfing candle, which is a strong bullish signal.
Moving forward, if the buyers can break the $352 level, resistance lies at $364 (2019 high), $382, $390, and $400.
On the other side, support is first expected at $336 (100-days EMA). Beneath this, support lies at $320, $306, and $300.
Ethereum also struggled against Bitcoin this week as it fell from 0.035 BTC to reach as low as 0.0311 BTC yesterday. The coin had found support yesterday at the .618 Fib Retracement, which allowed it to bounce higher to the current 0.0326 BTC level.
Looking ahead, if the bulls push higher, the first level of resistance lies at 0.033 BTC. Above this, resistance is located at 0.0337 BTC (March 2019 Support), 0.0347 BTC, and 0.0352 BTC.
On the other side, the first level of support lies at 0.032 BTC. This is followed by support at 0.0315 BTC (100-days EMA), 0.0311 BTC (.618 Fib Retracement), and 0.030 BTC.
XRP witnessed a 5.5% price fall this week as the coin dropped from $0.25 to reach as low as $0.22 yesterday. The cryptocurrency managed to rebound from there to get as high as $0.24 today. However, the market is facing resistance at the 100-days EMA and must pass this to continue higher.
If the bulls break $0.24, the first level of resistance lies at $0.251 (bearish .382 Fib Retracement). Following this, resistance lies at $0.261 (bearish .5 Fib Retracement), and $0.271 (bearish .618 Fib Retracement).
On the other side, the first level of support lies at $0.235 (200-days EMA). This is followed by support at $0.23, $0.22, and $0.217.
XRP is also struggling against BTC as it posted a fresh 2-month low at 2165 SAT (downside 1.414 Fib Extension) yesterday. The coin had slipped from 2300 SAT last Friday and continued lower until it hit the 2165 SAT support.
XRP has since bounced higher to reach the 2250 SAT level today.
If the bulls can break 2250 SAT, resistance is first located at 2300 SAT (bearish .382 Fib Retracement). Above this, resistance lies at 2350 SAT (bearish .5 Fib Retracement), 2400 SAT, and 2460 SAT.
Alternatively, support lies at 2200 SAT, 2165 SAT, and 2111 SAT.
LINK saw a substantial 10% price fall over the past seven days, which saw the coin breaking beneath the $10 level and hitting as low as $7.31. There, it found support at a downside 1.272 Fib Extension level, which allowed it to rebound yesterday to reach the $9.90 resistance level today.
If the bulls can break $10, the first level of resistance lies at $10.40. Above this, resistance is found at $11.37 (bearish .382 Fib Retracement), $12, and $12.63 (bearish .5 Fib Retracement).
On the other side, support first lies at $9.00. Beneath this, support is found at $8.67, $8.00, and $7.31.
Against BTC, LINK dropped as low as 0.00072 BTC during the week. It was trading above a 3-month-old rising trend last Friday, but it went on to collapse beneath this support over the weekend. After reaching 0.00072 BTC, LINK bounced higher to get to the current 0.000935 BTC level today. Notice that it has returned to the previous rising trend line, which is now acting as resistance.
Looking ahead, the first level of resistance lies at 0.00095 BTC. This is followed by resistance at 0.001 BTC, 0.00103 BTC (bearish .382 Fib Retracement), and 0.00112 BTC (bearish .5 Fib Retracement).
On the other side, support is first found at 0.00091 BTC. This is followed by support at 0.0082 BTC, 0.00072 BTC, and 0.0007 BTC.
XTZ saw the steepest price fall on this list as it dropped by 13% over the past 7 days. The coin fell beneath the $2.32 (.618 Fib Retracement) support on Friday and continued lower to crate a new 5-month price low as it reached $1.91. This support held over the past few days, and Tezos rebounded from here yesterday to reach $2.15 today.
Looking ahead, if the bulls break $2.20, resistance is found at $2.32, $2.53 (bearish .382 Fib Retracement), and $2.72 (bearish .5 Fib Retracement).
On the other side, the first two levels of support lie at $2.00 and $1.91. Beneath this, support is expected at $1.74 (.786 Fib Retracement), $1.68, and $1.56.
Tezos is suffering further against BTC as it produced a 7-month price low this week after reaching 18,600 SAT. The coin has since bounced from here to break back above 20,000 SAT today.
Looking ahead, the first level of resistance lies at 21,000 SAT. This is followed by resistance at 22,000 SAT, 21,750 SAT, and 24,300 SAT.
On the other side, beneath 20,000 SAT, support lies at 19,380 SAT, 18,600 SATm ad 17,600 SAT (.886 Fib Retracement). Added support lies at 16,600 SAT and 15,600 SAT.
Binance Futures 50 USDT FREE Voucher: Use this link to register & get 10% off fees and 50 USDT when trading 500 USDT (limited – first 200 sign-ups & exclusive to CryptoPotato).
Click here to start trading on BitMEX and receive 10% discount on fees for 6 months.
Cryptocurrency charts by TradingView.
Blockchain4 weeks ago
Market Wrap: Bitcoin’s Powell-Induced Price Swing; Ethereum Still High on Gas
Blockchain1 month ago
The US Post Office Files a Patent for a Blockchain-Based Voting System
Blockchain4 months ago
How to Identify the ‘Third Wave’ of Cannabis Investments
Blockchain2 months ago
Wealthfront Lures Millenials With Crypto Memes and Tactics
Blockchain2 weeks ago
Blockchain Bites: Is DeFi an Inside Deal?
Blockchain2 months ago
Top Five Most Advanced Cryptocurrencies
Blockchain4 months ago
5 Tips to Interest the Press in Your Cannabis Business
Blockchain3 months ago
Top 5 Most Effective Cannabis Marketing Strategies