ASSOSA UNIVERSITY

COLLAGE OF COMPUTING & INFORMATICS

DEPARTMENT OF COMPUTER SCIENCE
GROUP ASSIGNMENT OF COMPUTR SECURTY
NAME OF GROUP MEMBER ID.NO.
1.LEMI TURO RU/2465/12

2.RIHANA SEID RU/0936/12

3.YOHANES GETACHEW RU/1202/12

4.ISILEMAN ISHETU RU/2208/12

5.FIKRU ALAMU RU/0796/12

Instructor: AZEZE K .

itted Day:/15/2023 G.C

 The Top Security Threats Of
2021-2022
●
the threats are getting more and more serious, with greater potential to do
serious, long-term, expensive damage to your organization. For instance:
●
Ransomware not only encrypts and holds files in exchange for money, but now
punishes victims who fail to pay in a timely manner .
●
Trends like remote work, the Internet of Things (IoT), bring-your-own-device
trends and cloud initiatives have given hackers new ways to infiltrate your
organization by exponentially expanding the attack surface.
●
Technologies like artificial intelligence (AI) and machine learning (ML) have
given these hackers new tools to distribute malware, vector in on high-end
targets, and reach bigger and more diverse audiences.
●
And as these technologies evolve, cybercriminals are becoming increasingly
stealthy, sophisticated and evasive.
●
The security experts at Splunk recently built a collection of the Top 50 Security
Threats and we use a list of their top 15 “favorites” — a combination of the most
malicious, clever or insidious that should be on your radar right now. And while
many of these examples name companies that were targeted a few years ago,
rest assured the bad guys are still up to the same tricks today.
1. Social engineering and cryptocurrency
●
In an attack that uses social engineering, not only the technology is at focus.
Social engineering targets the human aspect. Social engineering can occur in
any form sensitive information can be gathered - In an email, face to face or
even via a phone call.
●
Sim swapping is an attack where the bad actor gains access to the SIM card
from the victim.
●
Due to clever social engineering,the mobile carrier is tricked into thinking that
the bad actor is the real customer. If successful, the bad actor gets the control of
the SIM card and receives the text messages and phone calls. This attack is
also used to gain access to social media accounts or cryptocurrency wallets.
●
2. Passwords - Knowledge vs. action
●
In an online security survey by Google, 52% of the people reported to
reuse the same password for multiple (but not all) sites.
●
This is alarming, because a bad actor could get access to multiple
accounts with just one password. Worth to mention here is that 79% of
the people think that updating security software is important, while 33%
don't update regularly. There's a gap between knowledge and action!
●
Passwords are still a top attack vector for organizations, a study found.
42% of the respondents indicated security breaches due to a password
compromise.
●
3. Insider threats - Do you trust your colleague?
●
A lesser publicly known threat that affects businesses small and big are insider
threats. Here, anyone that is or was in contact with the company's internal
structures is a possible suspect.
●
Verizon's report from 2019 reveals stunning data - 57% of all database
breaches involved insiders!
Small businesses are at greater risk, as employees are often able to access
●

more parts of the internal network compared to bigger businesses.

●
Tracking the action of employees is a double edged sword. It's good to detect
the bad guys, but it's bad for honest employees who could feel monitored.
●
4.Internet of Things
• where 70% of households have at least one smart device.
• Unsurprisingly, attacks on smart or “Internet of Things (IoT)” devices
spiked as a result, with over 1.5 billion breaches occurring
between January and June of 2021.
• IoT connectivity opens a world of vulnerabilities for hackers.
• The average smart device is attacked within five minutes of
connecting to the internet.
• experts estimate that a smart home with a wide range of IoT devices
may be targeted by as many as 12,000 hacking attempts in a
single week. 
5.Configuration Mistakes
• In system least one error in how the software is installed and set up.
• In 2022, impact of the COVID-19 pandemic, socio-political upheavals and
ongoing financial stress is likely to increase the number of careless
mistakes that employees make at work, creating more exploitable
opportunities for cybercriminals. 
• This strain will only exacerbate an existing issue: PonemonInstitute
 reports that half of IT experts admit they don’t know how well the
cybersecurity tools they’ve installed actually work, which means at
least half of IT experts already aren’t performing regular internal
testing and maintenance. 
Poor Data Management
Data management is about more than just keeping your storage and
organization systems tidy.
To put things in perspective, the amount of data created by consumers 
doubles every four years, but more than half of that new data is 
never used or analyzed. Piles of surplus data leads to confusion, which
leaves data vulnerable to cyber attacks.
To sort right data from unnecessary data, teams will increasingly rely on
automation, which comes with its own set of risks. 
Automated programs are like spider webs—a small event on one side of
the web can be felt throughout the entire structure. And while the data
processing itself relies on artificial intelligence, the rules and settings
the AI is instructed to follow are still created by humans and are
susceptible to human error.
7. Ransomware
●
In a 2021 survey of 1,263 cybersecurity professionals, 66% said their companies suffered
significant revenue loss as a result of a ransomware attack.
●
One in three said their company lost top leadership either by dismissal or resignation,
and 29% stated their companies were forced to remove jobs following a ransomware
attack.
• Ransomware has only become more sophisticated, more widely available, and more convenient
for hackers over time. In fact,
• cybercriminals can now subscribe to “Ransomware-as-a-Service” providers, which allow users
to deploy pre-developed ransomware tools to execute attacks in exchange for a
percentage of all successful ransom payments.
• The rise of RaaS means ransomware attacks are now significantly more affordable for small-
time cybercriminals, which in turn means the number of ransomware attacks will only
continue to climb.
8.Poor Cyber Hygiene
•   “Cyber hygiene” refers to regular habits and practices regarding technology
use, like avoiding unprotected WiFi networks and implementing
safeguards like a VPN or multi-factor authentication.
• Unfortunately, research shows that Americans’ cyber hygiene habits leave a
lot to be desired. 
•  The patch management capabilities of the organizations who were targeted in
2021 will determine whether or not they fall victim to another attack in the
coming year.
• One increasingly popular solution is the adoption of the subscription model for
patch management software.
• “Patching-as-a-Service” products provide continuous updates and patches,
increasing patch speed and efficiency. Automated patching also reduces
the likelihood of patch vulnerabilities created due to human error.  
•
•
9.Cloud crypto mining
●
Cloud crypto mining is in fact a method for using your
organization’s computers to make money — but not for you,
obviously.
●
Tesla fell victim to a cloud crypto mining attack when hackers took
advantage of an insecure Kubernetes console, stealing computer
processing power from Tesla’s cloud environment to mine
cryptocurrencies.
●
While all of the attacks on this list are to be avoided, there’s
something about this one that just seems especially galling.
10. DDoS attack
●
Perhaps the best-known distributed denial-of-service (DDoS)
attack occurred against popular online code management system
GitHub.
●
GitHub was hit by an onslaught of traffic, which at its peak came
in at a rate of 1.3 terabytes per second, sending packets at a rate
of 126.9 million per second.
●
In this attack, the botmasters flooded memcached servers with
spoofed requests, which gave them the ability to amplify their
attack by 50,000x. The good news? Administrators were alerted to
the attack and it was shut down within 20 minutes.