2022-08-02 07:02Blog post

Trendy cyber security threats of 2022 - so far

A Guy Fawkes mask in bright neon colors and a diagram.

What's hot and what's not, in the digital virus world? What's trendy when it comes to hackerattacks and cybercrimes? Cyber security threats sure hasn't got its own fashion week, but it follows trends never the less, and you are wise to keep an eye on the them. Either you're in or you're out - to quote a famous runway model.

 

Define the illness - find the cure

Knowing the threat might help you prevent cyber security attacks from totally wrecking your organization.

“Viruses” are a common moniker for a number of cyber threats. However, sometimes we need to define more closely what has caused the illness – just like when we get ill in real life.

"The List"

So, without further ado, here are the most common cyber security threats as of 2022, so far. And some tips of how you can defend your business from them:

1. Malware

Malware is one of the most common cyber security threats. Malware is short for “Malicious Software”, and it also goes by other names such as “worms,” “spyware,” “ransomware,” and “viruses.”

Malware is normally activated when you click on a link or on an attachment that contains the virus. The bad link then starts to install on your computer, leading to further trouble such as:

  • Ransomware –  Blocking critical aspects of your networks.
  • Installing software that uses your networks without your permission.
  • Spyware –  Secretly finding information on your computer and sending it back to the attacker.
  • Trojans –  Powerful and costly viruses are able to deceive regular antivirus software by pretending to look safe, hence the name "trojan" borrowed from the greek wooden horse used in the Trojan war. Once it has gained access to the software, it then drops and reloads viruses and malware. A famous trojan virus known as “Emotet” initially targeted banks, but now the main target for Emotet malware is big businesses and governments - this doesn't automatically mean that small businesses are safe from these vicious attacks, but perhaps less likely to be attacked.
  • Break down your systems to make them unusable.

2. Denial of Service - DoS

Denial of Service is an attack that overwhelms your computer or your network so that it cannot respond to your requests. Your computer will freeze as it tries to respond to the viruses flooding data, and your software will likely stop working all together.

These types of attacks are often used to stop for example significant business agreements before they’re settled. This can cause businesses to miss out on huge opportunities as their rivals win a time. DoS are also used to stall the networks while more malicious attacks are entering into the software. When your computer is trying to process the overwhelming data, the anti-virus software is denied access. This leaves the computer vulnerable, and more dangerous malware can easily enter your cyberspace.

3. Man in the Middle - MITM

Man in the middle, or MITM cyber security threats, are the most dangerous to the public and to small businesses. These attacks happen for example through an unsecured public Wi-Fi network; a public user (a customer for example) connects to your business through an unprotected network, the hacker then spots this connection and manipulates the system to allow them to enter in the opened space between.

Once inside, the hacker has free access to both the customer’s and your business’ software and can send malware to do further damage. But the hacker may also fool you, pretend to be the business/the customer, and this way they receive private data without sending in any malware at all.

4. Phishing

Phishing is when for example an email is designed to look like a familiar company, but is actually a hacker in disguise trying to persuade you into clicking their links.

These phishing emails with links can be made to look like documents or like a possible investor, a new client, or a business loan late payment email. These will look as those they are coming from a legitimate source, which is why education about phishing emails are so important!

5. Structured Query Language Injection - SQLI 

SQLI stands for Structured Query Language Injection. This type of cyber security attack is normally aimed at big businesses, and it’s a data-stealing attack. To bring you the information you are looking for while searching online Structured Query Language is used in most search boxes.

The “injection” part then adds a powerful “kick” into the search, and this “kick” injection is so strong that it bounces back into the user and pulls out information about them. You will still get your search result, but the SQLI uses your question as a doorway back into your information. Here your credit card information is at risk for example.

6. Password Attacks

This cyber security threat is sadly so common, that most people no longer see it as a threat. But we beg to disagree! Even though most understand the importance of keeping a password secret, not everyone understands how to keep it secret. And there are still a range of generations of people using the internet, all to a different level of understanding.

  • Guessing – If your password is “1234”, a cyber criminal doesn’t have to try very hard to access your data.
  • Hacking a database – If your passwords are stored in one location, or if another company keeps passwords unprotected, then a hacker that manages to break through these locations will have total access. This is why it’s best to never have the same password for two or more areas. If a hacker manages to acquire one of your passwords, they will attempt to open all of your online locations using it.
  • Human interaction – We all read theposts on social media saying, “Your band name is your childhood pet, mother’s maiden name, and your hometown.” A funny game, we think, and submit our “band name” in the comments. These details are often a part of your security codes, information that will help cybercriminals either to guess your password or tell the website that you forgot your password and reset it.

Preventive steps

To try and stay ahead if cyber criminals, here is a list of preventive actions that You can do to take precautions:

  • Try to avoid public networks at all times!
  • Always keep your computer updated.

- PRIVATE – something that’s important only to You - not common knowledge!

- PERSONAL – no movie quotes, no song lyrics etc.

- PRACTICAL – easy to remember and write – make it long, but not complicated. A sentence is a great option!

 - PROVOCING – Something sexy, horny, pornographic (yes, you heard us!) - it should be something you don’t want to say out loud!

 "Something sexy, horny, pornographic (yes, you heard us!) - it should be something you don’t want to say out loud!"

  • To prevent malware of any kind, you should think one extra time before you click on a link, attachment, or download. This is how the worms enter your networks, and this should be ingrained into every employee - if you do not trust the source of the link, do NOT click on it!
  • Install antivirus software. When you choose antivirus software, don’t simply go with the cheapest option. Use virus protection software of high standards that have been peer-reviewed and proven to shut down heavy-hitting attacks.
  • Install a Virtual Private Network (VPN) on your computer, that will create automatic encryptions for you and your business in cyberspace.
  • To protect yourself from harmful emails, you should keep a list of legitimate email addresses close to hand. If you get an email from a supposedly legitimate source, but the email address doesn’t match the one confirmed on your list, you should reach out to the confirmed email address and ask them about the suspicious one.
  • If you have an online website, make sure it has a Principle of Least Privilege (PoLP) system. This means making sure each account only has access to its job – no more, no less – and if one section gets hacked, it doesn’t grant access to anything else.

Hand tapping on a keybord to a laptop, an image of a virus sign is crossed over and the text

Practice, practice, practice...

Last, but not least, you can also conduct penetration tests, to identifying the most likely pathways hackers might use to install malware into your organization. Of cause you should back up your data on a regular basis. Practice makes perfect as we all know, so keep up the good work and stay safe!

If cybercriminals follow "trends", then so should you - let's all make an effort to make sacurity and safety trendy! 

 

 



About Farsight Tech Nordic

Farsight is a Swedish IT development partner that makes people and organizations grow! We are your ”go-to-guys” regarding all your IT systems, technology and IT-security subject matters. At the same time, we are local community builders and ensue a sound labour market and good ethics. Our business is all about finding clever solutions for secure access, management and communication of business-critical information.


Contacts

Carina Sjövill
Head of Marketing & Communications
Carina Sjövill