The cyber threat landscape continues to evolve with new threats emerging almost daily. The ability to track and prepare to face these threats can help security and risk management leaders improve their organization resilience and better support business goals. There are multiple threats impacting organization but below are the two threads like Crypto-jacking and Internet of Things (IoT) device threats.
Crypto-jacking: Ransomware has been one of the biggest threats impacting business in the past two years exploiting basic vulnerabilities including lack of network segmentation and backup. These are strains of malware that are very similar to strains that different types of ransomware like Petya and Not Petya has in place but instead it’s kind of running in the background silently mining for cryptocurrency. Just like other malicious software through ransomware finds a way to a victim’s system by exploiting a vulnerable software’s security hole or by tricking a potential victim into downloading or installing it. Ransomware is very dangerous for the organization and it requires to be prevented with security measures like Patch and Update system and software on regular basis, Trained user and don’t click unfamiliar links and emails, back up your files, etc.
Internet of Things (IoT) device threats: - Nowadays companies are adding more and more devices to their infrastructures. IoT is defined as everyday objects with computing devices embedded in them that have the means to send and receive over the internet. IoT devices have many applications that are designed to make life easier and simpler. Think of engineers being able to access a device perform remote diagnosis and remediating any issue. One of the reasons of IoT device threats is insecure web interface is security-related issue with the web interface built into IoT devices that allow a user to interact with the device but at same time could allow an attacker to gain unauthorized access to the device such as Account enumeration, Weak default credentials, cross-site scripting, etc. security professionals can implement some countermeasure to protect against the threats like Default password and ideally default username to be changed during initial setup, ensuring password recovery mechanisms are robust and do not supply an attacker with information indicating a valid account, Ensuring account lockout after 3-5 failed login attempts.
References: -
Pal, Ashwin. (2018). The Internet of Things (IoT)- Threats and countermeasures. Retrieved from https://www.cso.com.au/article/575407/internet-things-iot-threats-countermeasures/
Rayome, D. A. (2019). Five emerging cybersecurity threats you should take very seriously in 2019. Retrieved from https://www.zdnet.com/article/five-emerging-cybersecurity-threats-you-should-take-very-seriously-in-2019/
luckyqloo
W4D1..SJ.docx
0
