We’ve come a long way in the last few decades as far as technology is concerned. Everything from banking to renting a Friday night movie has become streamlined. You don’t even need to leave your couch anymore! With just a few quick taps on your phone, you can be watching Jason Statham take down the biggest shark since Jaws or depositing large sums of money into your Swiss bank account.
With every new year comes new technology and new conveniences. Unfortunately, it’ll also bring new hacking methods. Hackers, too, can take advantage of modern tech to steal your data or make illicit money without getting off their couch—and their methods become more sophisticated each year.
Let’s take a closer look at some of the ways new tech is making life easier for hackers and what you can do to protect your IT environment.
Don’t let hackers use your device against you
This first example is a doozy—if for no other reason than sheer ingenuity. When you think about the conveniences of modern tech advancement, the first thing likely coming to mind is your smartphone. Thanks to a bevy of intelligent sensors, that shiny rectangle in your pocket can see, hear, and even feel. While these senses qualify your smartphone as a superb distraction and even sometimes a tool for productivity, they also provide unique opportunities for clever hackers.
A recent research paper from the International Association for Cryptologic Research summarizes how your smartphone’s own sensors could be used to compromise it:
- Malware is deployed to your smartphone through a browser download, email attachment, etc.
- Said malware senses which numbers are pressed when entering the PIN to unlock the phone. Since each number is in a distinct physical location on the device, sensing the tilt of the phone after each press can reveal the unique PIN sequence.
- That PIN is then used to gain privileged access to the device and pilfer digital goods.
In a nutshell, these hacking methods use zero-permission sensors—like an accelerometer—to decipher the PIN you use to unlock your smartphone. Once the keys to the kingdom are harvested, so too is your personal information. Pretty clever, right?
Fortunately, the steps to combat sneaky hacking methods like this are simple:
- Opt for complex passwords and biometric measures over simple PIN numbers to secure mobile devices.
- Encourage safe browsing habits and employ mobile threat detection to eliminate malware threats before they get a chance to infect.
Protect all your devices—especially legacy tech
Next on the list of vulnerabilities is that dusty fax machine sitting in the corner. Who faxes these days, anyways? Well, as it turns out, hard copies are still important, and that fax machine is just under the radar enough to be a prime target for enterprising malware threats.
As CyberScoop points out, hackers are already sharpening their fax-hacking skills. One such method, dubbed “faxploit,” leverages a vulnerability in the fax protocol to hijack dated machines. In doing so, hackers can access potentially sensitive data from sent and received faxes.
Don’t have a fax machine? This new malware threat should still be on your radar. Emerging threats, like faxploit, represent a growing movement to target dated, often overlooked endpoints, like fax machines and legacy printers. The solution is simple: Increase visibility into these targets with centralized monitoring. It may even be time to consider investing in new technology that comes with stronger and smarter device security features, like self-monitoring, patching, and healing.
Defend against resource-stealing hacking methods
Not all malware threats are out to empty your bank account or run off with your digital identity. Some simply want to hitch a ride.
With the rise of cryptocurrency and the potential fortune to be made, crypto miners are always looking for ways to boost their efficiency. Since mining cryptocurrency requires intense and decidedly expensive processing power, those idle CPU/GPU cycles littering your network begin to look mighty tempting.
The result is malware that can take up residence without being noticed by the average user. As Symantec notes, these cryptojacking threats can propagate throughout your environment, attaching themselves to endpoints while leeching precious processing power. These systems then slow down as their computing efforts are diverted to authenticating cryptocurrency transactions.
The solution is proactive threat detection and performance monitoring. Ensure your endpoints are well-guarded at both the firewall and local levels with software that regularly scans and actively monitors for potential malware threats. As noted previously, maintaining high visibility of your endpoints is critical to spotting suspicious activity. Centralized solutions that can benchmark and monitor performance of key systems will help you catch these cryptojacking threats.
As the new year ushers in cool and convenient tech, remember that those same conveniences may also apply to the threats targeting your environment. As hackers update their techniques and search for new openings, make sure you stay on high alert, as well.
used with permission from Tektonika (HP)
by Joe Hewitson