2017 has not been a great year for online security. From ransomware to disastrous data thefts, stories that would once have been confined to tech news sites have played out across the popular media. Ransomware extracted hundreds of millions of dollars from the economy, money which now bloats the electronic wallets of crime organizations. I’d be surprised if anyone reading this post doesn’t at least know someone who was affected by the Equifax data leak.
It’s not all bad: we never hear about the websites and online services that managed to hold the line against criminals. It is safe to say that but for smart developers, system administrators, and security professionals, things would have been much worse.
The criminals aren’t going anywhere and we can expect to see new and more sophisticated attacks and malware in 2018. The security landscape is constantly evolving and server hosting clients need to keep abreast of the threats their servers and users face so that, this time next year, we’ll still be able to say that it could have been worse.
Ransomware was the story of 2017. Attacks decimated healthcare services and businesses across Europe and the US. The unfortunate fact is that ransomware has proven itself a money spinner for criminals, so we can expect to see redoubled investment in increasingly sophisticated ransomware attacks against both servers and personal devices.
Remember: you don’t have to be a victim. Update your software regularly and take comprehensive offsite backups: they can’t take your data from you if it’s safely stored away from your servers.
Cryptomining malware became increasingly prevalent in 2017. Attackers inject cryptocurrency mining code into compromised websites and servers, abusing the computing resources of users to generate coins. Like all malware, the best defense is to keep your systems up-to-date and to use regular malware scans to quickly spot malicious code.
Many Internet Of Things devices are horrendously insecure and they are a favorite tool of hackers building DDoS botnets. Botnets aren’t the only problem: when businesses bring insecure IoT devices inside their networks they create an attack vector that criminals are only too happy to exploit.
In 2018, take advantage of the IoT but be careful about what you let inside your network.
Targeted Attacks Against Small Businesses
Small business owners are accustomed to the risks posed by phishing attacks — it’s a common vector for ransomware and other nastiness. But they are less cognizant of the dangers of targeted spear phishing attacks. Historically, targeted attacks of this sort have focused on large businesses. So-called whaling attempts to trick executives and others with privileged access into transferring money or data to the criminals.
But the incidence of such attacks against smaller businesses has increased, often motivated by the desire to gather information that can be used to take out loans and other sources of credit in the name of the company. Small business identity theft is rife because the controls and credit checks that apply to people don’t exist for small businesses. The ease with which criminals can steal the identity of small businesses will make them an attractive target in 2018.
This one’s not so much related to 2018 as it is a constant factor of the human condition. The vast majority of security breaches and malware infections are the result of human error. Elementary security blunders that could easily have been avoided cause massive economic damage every year.
My advice here is simple: if you’re not a server administration expert, hire someone who is or use managed server hosting.