The following report is by Karim Hijazi from Yahoo Finance:
NOTE: Karim Hijazi is CEO of Prevailion, a cyber intelligence company that monitors and detects active threats by infiltrating hacker networks. Hijazi is also a former director of intelligence for Mandiant and a former contractor for the U.S. intelligence community.
Ransomware has taken the spotlight lately following a string of brazen attacks on major U.S. companies.
And as bad as this kind of malware is, businesses and investors can expect to face a growing number of sophisticated cyber threats that could be even more disruptive and difficult to prevent.
Here are five emerging threats to watch:
Wiper Malware
“Wipers” are a type of malware that can be even more destructive than ransomware because they are designed not for extortion — they’re for the sole purpose of erasing data.
Wipers haven’t been widely used up to today, but that is likely to change. As nation-states become more active and emboldened in cyberspace, we can expect to see more digital clashes that involve destructive cyber attacks.
There is nation-level precedent: Iran has been implicated in an ongoing series of wiper attacks against Israel amid an outbreak of cyber skirmishes between the two countries that escalated in 2020.
Iran has also been implicated in other wiper attacks over the years, including the 2012 ‘Shamoon’ attack on Saudi Aramco, which destroyed over 30,000 computers, and the 2014 wiper attack on Las Vegas Sands Corp. North Korea also used wiper malware in its infamous attack on Sony Pictures back in November 2014.
And wiper malware is an equal playing field, meaning that it will not be limited to state actors. While wipers have less financial value for criminals, they are a potent weapon for terrorists, political activists, and lone wolves who are only interested in causing damage.
Evil AI
The emerging field of artificial intelligence (AI) could be a future gold mine for cybercriminals and nation-state hacking groups.
AI will lead to smarter and autonomous malware that can adapt to changing circumstances and learn how to improve its tactics to pull off more advanced attacks.
Researchers have also recently demonstrated that early-stage AI is already significantly better than humans at launching phishing attacks and crafting viral tweets and social media phishing that can infect users.
It will also make it easier for hackers to hijack online accounts by predicting passwords and beating CAPTCHAs.
While “deepfake” videos are well known by now, an even more compelling use case for cybercriminals will be audio deepfakes which impersonate CEOs to trick employees into sharing sensitive information or authorizing payments.
Furthermore, deepfakes could potentially trigger political crises and incriminate innocent people.
Firmware Attacks
For the last 25 years, most cyber attacks have targeted software — rarely venturing below the operating system level of a device.
That is now beginning to change.
Hackers are figuring out how to target “firmware” with malware in order to gain God-level access to these devices and even physically sabotage them. A recent survey found that 83% of enterprises have already started to experience firmware attacks.
So what is firmware?
For high-functioning electronics, like a computer or smartphone, firmware is the code that runs beneath the operating system and is the bridge between the software and the hardware.
However, it is even more critical for lower-functioning “embedded devices” (i.e., the Internet of Things or Industrial Internet of Things) where firmware is often used in place of an operating system.
In a nutshell, if a hacker can gain control over the firmware, they can control the device. That is especially alarming for the embedded devices and industrial controllers that are used in safety-critical systems like the power grid, water treatment plants, nuclear plants, manufacturing, oil and gas pipelines, etc.
An attack on the firmware of those devices could lead to dramatic incidents of physical sabotage. For instance, this is how a hacker could trigger a months-long power outage, disrupt the water supply, cripple manufacturing plants, and even ‘brick’ gas station pumps, ATMs, hospital ventilators, and office buildings.
These types of attacks are not as far-fetched as they may sound: In 2016, Russian hackers used a special malware called “CrashOverride” to disrupt Ukraine’s power grid.
Supply Chain Hell
Supply chain attacks have become a buzzy term as of late, thanks to the high-profile breaches of SolarWinds, Microsoft Exchange, Kaseya, and Codecov.
The reality is that we are still in the early stages of supply chain exploitation, and these attacks will become more frequent, sophisticated, and brazen in the coming years.
Advanced nation-states like Russia and China will go further by breaching more sensitive, “backbone” IT services — think ISPs, chipmakers, app stores, security tools, source code libraries, etc. — to better infiltrate and persist inside of critical companies and organizations in the U.S.
Cybercriminals will do the same with lower-hanging fruit, such as retail systems and e-commerce platforms, and have already been busily exploiting supply chains: Various Magecart gangs have wreaked havoc on e-commerce sites by exploiting the open-source Magento platform.
In the coming years, hackers will also infiltrate millions of Internet of Things (IoT) devices (from smart thermostats to cars) by exploiting their software/firmware supply chains, such as source code libraries or the update processes of key vendors.
Far from being a minor inconvenience, these attacks could lead to widespread physical disruption if the hackers use that access to disable the devices.
5G+ And Space-Based Internet
While many consumers may be somewhat underwhelmed by the current 5G rollout, internet connectivity is undergoing dramatic changes that will take time to develop.
This is just the beginning of a new future where wired-connection Internet speeds will be available via wireless delivery methods, ranging from cellular towers to satellites and high-altitude vehicles.
The capacity for higher, faster wireless speeds also has a downside: Hackers will learn to exploit the higher bandwidth, and we can expect to see a wide range of attacks such as increasingly powerful botnets, data theft at a massive scale, and device-on-device attacks.
Botnets are large networks of enslaved devices which a hacker uses to disrupt services and Internet connections by overwhelming them with a flood of bogus data requests. In 2016, a college student was able to knock out a huge slice of the Internet by creating a simple botnet consisting of thousands of insecure IoT devices.
And since future data transfer speeds will only continue to multiply (5G is already expected to be 10 times that of 4G speeds), these botnets will become exponentially more powerful.
Future botnet attacks could be used to disrupt Internet services for a large percentage of the population. They could endanger public safety by blocking emergency services throughout a state. They could even hold entire countries for ransom, similar to the 2016 attack on Liberia.
Data theft will also get a boost. The higher data transfer speeds will make it easier for hackers to harvest and exfiltrate large quantities of stolen data before victims are able to shut them down. This means data breaches will become significantly more expensive for companies and harder to recover from.
As devices become smarter and more autonomous in the wake of these greater connection speeds, hackers will also leverage these capabilities to attack other devices. For instance, a hacker who breaches a smart traffic light could then use that access to hack into every car that passes by.
Similarly, an infected self-driving car could be used to infect other vehicles within range of its radio signal. A compromised drone could be weaponized to sniff out other connected devices as it flies overhead and spread an infection over vast distances.
This tactic could also be used by hackers for targeting high-level executives and government officials as well as for carrying out more sophisticated “island hopping” attacks to breach corporate networks through overlooked transient connections between various smart devices.
The bottom line is that cybersecurity will become increasingly complicated in the coming years, as hackers develop greater capabilities to launch attacks. Ransomware will continue to be a serious problem for the foreseeable future, but there are many new attacks that are equally concerning and are likely to catch many companies off-guard.
AUTHOR COMMENTARY
A prudent man foreseeth the evil, and hideth himself: but the simple pass on, and are punished.
Proverbs 22:3
I am mentioning this because I have noted multiple times now of a definite collapse of the grid and internet, via a “flip of the switch” and a so-called “cyber attack.” This will, I believe, usher in the new internet and other transhuman control mechanisms. As I have noted before, the media loves to float out what is coming down the pike when very few are watching and paying attention. And by the time it happens, the masses will have long forgotten.
The Coming “Global Citizen” Test That Will Be Mandated For People To Use The Internet
U.S.A’s Own Social Credit Score System Is Coming Soon
NBC Warns Of Power Grid Attack Amidst Biden’s Push For Electrification
The Media Again Warns Of A Cyberattack. Fears Of “Jackware”
Because of these things, it should be yet another reminder to continue to do some extra prep work of having extra food, water, clothing, med kits, and other necessities for when the power goes out in general. Also, do not keep all your money in the bank. Close out unnecessary accounts and keep the bare minimums in there. If all your wealth are numbers on a screen, then they can get wiped clean in a second.
How To Keep Food And Drinks Cold Without A Refrigerator
New Study Reveals Intermittent Fasting May Help Protect Older Adults From Injury And Hospitalization
Sprouting: The Mega-Healthy, Simple, And Super Cheap Foods That Everyone Can Make
Basic First-Aid Tips When Doctors Are Not Available
Basic Tips To Survive Prolonged Power Outages
How To Build 5 Different Types Of Campfires
[7] Who goeth a warfare any time at his own charges? who planteth a vineyard, and eateth not of the fruit thereof? or who feedeth a flock, and eateth not of the milk of the flock? [8] Say I these things as a man? or saith not the law the same also? [9] For it is written in the law of Moses, Thou shalt not muzzle the mouth of the ox that treadeth out the corn. Doth God take care for oxen? [10] Or saith he it altogether for our sakes? For our sakes, no doubt, this is written: that he that ploweth should plow in hope; and that he that thresheth in hope should be partaker of his hope. (1 Corinthians 9:7-10).
The WinePress needs your support! If God has laid it on your heart to want to contribute, please prayerfully consider donating to this ministry. If you cannot gift a monetary donation, then please donate your fervent prayers to keep this ministry going! Thank you and may God bless you.
This is the new COVID on Technological devices. Imagine the panic amongst humans when the devices we rely on are sabotaged or erased. Businesses will fail, coming close to collapsing.