The four biggest cyber threats to our future

“It’s not about whether the pirates will get through. They go. It’s just a question of how.

There are those who say that a “cyberpandemic” is inevitable. And there are those who say we’re in it right now.

Gil Schwed, founder and director of Israeli cybersecurity pioneer Check Point Software Technologies, belongs to the latter camp.

Cybercriminals already have the sophisticated tools to infect the websites of government organizations and large corporations, says Schwed. And we can’t count on the attack. Rather, he says, “We must defend ourselves against [attacks] from day zero,” like a vaccination against disease.

A recent Allianz Risk Barometer survey found that businesses in 89 countries are more concerned about ransomware attacks, data breaches or major IT failures than supply chain disruptions, natural disasters or the Covid-19 pandemic.

And it’s no wonder: in the rapidly changing online landscape, tantalizing opportunities for bad actors are popping up like mushrooms overnight.

“It’s not about whether the pirates will get through. They go. It’s just a matter of how,” says Edo Yahav, vice president R&D and general manager of SafeBreach Israel in Tel Aviv.

Israel’s approximately 450 cybersecurity companies play an important role in predicting and protecting against cybercrime, largely because the Israeli military serves as a unique incubator for talent and innovation in this sector.

“I don’t think anyone in the world has that kind of advantage,” says Liel Strauch, director of cybersecurity research at PerimeterX of Tel Aviv and Silicon Valley.

Within the emerging metaverse, what are the biggest cyber risks that experts expect to tackle in the coming years?

Beware of robots

Liel Strauch, director of cybersecurity research at PerimeterX. Photo courtesy of PerimeterX

PerimeterX secures e-commerce, media and travel websites against automated fraud and client-side attacks by proactively detecting and managing risks to web applications, Strauch explains.

For example, the company’s Bot Defender deflects attacks from bots – pieces of software programmed to do anything from takeover an account to capturing and scalping limited-edition items like trainers. (Read more about sneaker bots here.)

The growing popularity and value of limited-edition items and unique NFTs (non-fungible tokens) are attracting attackers, Strauch says.

“We can assume that we will see bots attacking NFT sales and the metaverse in general in order to make profits in cryptocurrency or converted into real money,” she told ISRAEL21c.

“Another thing we’ve seen gain traction with attackers…is supply chain attacks,” she adds.

A supply chain attack occurs when a hacker infiltrates a website through the “blind spot” of software vulnerabilities from third-party vendors operating on that site and having access to its data. Google Analytics is an example of a third-party provider.

“This will be one of the main ways for attackers to gain access to data from different companies,” Strauch says.

Through the third party, attackers inject a piece of code into different JavaScripts that run on a website, collecting users’ personal information such as credit card numbers.

“As this creates a lot of profit for cybercriminals, we can assume that supply chain attacks will increase in the coming years,” she says.

The unfolding metaverse will drive far more traffic to the digital world, providing more opportunities for bad actors to take advantage — and therefore more opportunities for cybersecurity companies to take advantage, Strauch predicts.

What is the Metaverse? Also called “Web 3.0”, it is a set of technologies that add an immersive 3D dimension to our digital interactions.

On the bright side, the move to the metaverse means “everything happens in the same world, the same way it was easier to deal with physical ‘skimming’ when it happened on ATMs and you knew exactly where it was going to be and what to do,” Strauch says.

“Now that everything will be transferred to digital assets, it will help companies invest more in technologies to protect these digital assets.”

Avoid account takeovers

Elad Cohen, vice president of data science for Riskified. Photo by Sarale Gur Lavie

“One of the biggest trends we’re seeing is account takeover,” says Elad Cohen, vice president of data science for Riskified, one of four cybersecurity companies we featured in our recent report. on anti-fraud technologies.

“We conducted a survey showing that at least 17% of consumers had one of their accounts repossessed. We believe the number of attempts has increased fivefold over the past three years. account takeover. We expect this to continue to increase.

E-commerce businesses face a dilemma: customers prefer a purchase process that is as simple (“frictionless”) as possible, for example when their password and credit card number are saved on the website . Using passwordless authentication (such as SMS messages with a temporary code to enter) adds friction and leads to lost sales.

However, the smoother the process, the easier it is for hackers to take control of the account.

“There is always a balance between ease of use and difficulty for hackers to crack,” says Cohen.

Additionally, loyalty points or discounts that entice loyal customers to use their stored account add value and vulnerability that further attract hackers.

“It makes the potential for account takeover much more lucrative. And once the fraudster has credentials for an account, it’s easier to monetize it,” says Cohen.

Ephraim Rinsky, who manages product marketing for account security at Riskified, adds that credential theft is getting easier and easier.

“Two years ago, to access an account, I had to go to the dark web and search for credentials. Today, you can buy credentials on Telegram groups or even on the normal web. A teenager sitting at home can get credentials to log into an e-commerce site in a minute.

Merchants will need increasingly sophisticated fraud prevention technologies to block fraudsters, especially if the password stealer uses bots which, as Riskified often sees, make up to 40,000 attempts per hour. to break into accounts on many e-commerce sites.

“If you close one door in authentication fraud, fraudsters will open the next,” says Rinsky. “It’s a game of cat and mouse.”

While Riskified and others work behind the scenes to fix vulnerabilities across authentication methods, anyone can help protect their own accounts simply by never reusing a password, say Cohen and Rinsky.

Monitor your digital wallet

Shy Datika, Founder and President of INX. Photo courtesy of INX

Smart password management can also be the best protection against cybercrimes targeting digital assets, says Shy Datika, founder and president of INX, which offers regulated trading platforms for digital securities and cryptocurrencies.

CB Insights report “12 Tech Trends to Watch for in 2022” reveals that although illicit activity affects less than 1% of crypto transactions, reports of crypto crimes are on the rise.

“These include hackers stealing coins from investors, individuals falling victim to crypto investment scams, etc. … in December 2021, cybercriminals stole $150 million in cryptocurrency from the BitMart exchange following a security breach involving stolen private keys,” the report states.

Read this carefully and you will understand why Datika says that cybercrimes involving cryptocurrency are “just regular dumb hacking.”

“If someone hacks into your phone or computer and steals your password and uses it to enter your hot wallet, that’s not a crypto-related cybercrime. It’s just done by stealing passwords. pass,” he said.

While a small percentage of crypto-related crimes (Datika estimates 10-20%) occur when transferring cryptocurrency between a “cold” (physical) wallet and a “hot” (internet-connected) wallet, Datika points out that it is impossible to directly hack the blockchain.

As for scammers tricking people into sending cryptocurrency to the scammer’s digital wallet, that’s another old trick applied to a new form of money. And it is likely to increase as cryptocurrency becomes more popular.

Ransomware, quantum computing

Edo Yahav, Vice President R&D and General Manager of SafeBreach Israel. Photo courtesy of SafeBreach Israel

“In the coming years, large enterprises like financial and healthcare companies will see more of the same types of attacks but much more complex – for example, much more ransomware,” predicts Edo Yahav of SafeBreach, the platform of most widely used continuous security validation. .

“Why? Because it works and it’s lucrative. Companies usually pay the ransom because they don’t want to lose their data. As long as it pays, it will continue and it will get harder to stop it” , Yahav said.

“Due to the ability to work from home or anywhere, the need to support a highly dynamic workplace means more tools need to be introduced into the mix. Additional tools and complexity lead to human error and hackers can take advantage of that,” he adds. “That’s why companies need to keep evaluating and evaluating their arsenal.”

Another big threat is the rise of quantum computing over the next decade, Yahav says. Quantum computers can crack the encryption algorithms that secure online commerce, communications and financial services.

“It will change the security industry by keeping big companies on their toes. They will have to identify and secure their most valuable assets with the right software instead of trying to secure everything,” says Yahav.

Israel will continue to be an important source of cybersecurity solutions for new and upcoming threats, he predicts.

“The security mentality is ingrained in Israel,” he says. “Unless something dramatic changes in the Middle East, we will increasingly see a security mindset among Israeli youth and opinion leaders.

Comments are closed.