DDoS attacks increasing, phone scams up, and ugly future cybersecurity predictions.
Welcome to Cyber Security Today. It’s Friday November 5th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Distributed denial of service attacks on Canadian and U.K.-based companies skyrocketed in the third quarter of this year. However, organizations in the U.S. were the biggest target by far. That’s according to the latest numbers from Cloudflare. DDoS attacks try to knock websites offline by overwhelming them with traffic. It’s like having thousands of people knocking on your door. Usually the goal is money — pay the attacker to stop or the attack continues. DDoS attacks can also be used to distract IT teams from a cyber intrusion elsewhere on the network to plant malware. DDoS attacks are launched from chains of hundreds of thousands of compromised internet-connected devices called bots. They get compromised because people have easily-guessed passwords and don’t keep their software patched.
Lots of crooks use email to spread their scams. But according to researchers at Proofpoint, old-fashioned telephone-based scams are not only still common but growing. One Canadian lost almost $50,000 to a scammer pretending to be from a cybersecurity company. Scammers recently have been seen doing everything from pushing fake computer security services to fake tickets to concerts by Canadian pop stars Justin Bieber and The Weekend. Some scams try to steal money from victims. Others try to get victims to install malware by asking them to download something under a number of pretexts. Scammers go after small businesses as well as individuals. So be suspicious when someone calls and offers a product at a price that’s too good to be true. Hang up the phone when someone calls and says they know your computer has been infected.
The U.S. Cybersecurity and Infrastructure Security Agency is urging IT administrators to install security patches released this week by Cisco Systems. One of the biggest problems is a vulnerability in the key-based SSH authentication mechanism in Cisco’s Policy Suite. It could allow an unauthenticated attacker to get root access to an affected Cisco system. There are also patches for Cisco’s Small Business Series switches, PON series switches and its Email Security Appliance.
Finally, what will the state of cybersecurity be in 2030? According to Trend Micro, artificial intelligence tools will allow people with no technical skills to launch cyber attacks, ultra high speed 6G wireless connectivity will allow cyber attacks to be more sophisticated and precise, and people who have cyber implants will be the victims of online attacks. These are possible scenarios because right now we have technologies AI and 5G. The report is aimed at making people think about the possibilities of emerging technologies. Will these and other predictions come true? 2030 is only nine years away.
Don’t forget later today the Week in Review podcast will be out. This week’s discussion will focus on the cyber attack on healthcare in Newfoundland and on password spraying attacks.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.