The document discusses top security threats facing organizations in 2021-2022. It outlines 10 threats: 1) social engineering and cryptocurrency theft, 2) password reuse enabling account takeovers, 3) insider threats from employees, 4) vulnerabilities from Internet of Things devices, 5) configuration mistakes expanding attack surfaces, 6) risks from poor data management practices, 7) sophisticated ransomware attacks, 8) risks from poor cyber hygiene habits, 9) cloud crypto mining hijacking organizational resources, and 10) large distributed denial of service attacks disabling websites. The threats have become more serious due to remote work trends and involve using new technologies like artificial intelligence against organizations.
The document discusses top security threats facing organizations in 2021-2022. It outlines 10 threats: 1) social engineering and cryptocurrency theft, 2) password reuse enabling account takeovers, 3) insider threats from employees, 4) vulnerabilities from Internet of Things devices, 5) configuration mistakes expanding attack surfaces, 6) risks from poor data management practices, 7) sophisticated ransomware attacks, 8) risks from poor cyber hygiene habits, 9) cloud crypto mining hijacking organizational resources, and 10) large distributed denial of service attacks disabling websites. The threats have become more serious due to remote work trends and involve using new technologies like artificial intelligence against organizations.
The document discusses top security threats facing organizations in 2021-2022. It outlines 10 threats: 1) social engineering and cryptocurrency theft, 2) password reuse enabling account takeovers, 3) insider threats from employees, 4) vulnerabilities from Internet of Things devices, 5) configuration mistakes expanding attack surfaces, 6) risks from poor data management practices, 7) sophisticated ransomware attacks, 8) risks from poor cyber hygiene habits, 9) cloud crypto mining hijacking organizational resources, and 10) large distributed denial of service attacks disabling websites. The threats have become more serious due to remote work trends and involve using new technologies like artificial intelligence against organizations.
The document discusses top security threats facing organizations in 2021-2022. It outlines 10 threats: 1) social engineering and cryptocurrency theft, 2) password reuse enabling account takeovers, 3) insider threats from employees, 4) vulnerabilities from Internet of Things devices, 5) configuration mistakes expanding attack surfaces, 6) risks from poor data management practices, 7) sophisticated ransomware attacks, 8) risks from poor cyber hygiene habits, 9) cloud crypto mining hijacking organizational resources, and 10) large distributed denial of service attacks disabling websites. The threats have become more serious due to remote work trends and involve using new technologies like artificial intelligence against organizations.
DEPARTMENT OF COMPUTER SCIENCE GROUP ASSIGNMENT OF COMPUTR SECURTY NAME OF GROUP MEMBER ID.NO. 1.LEMI TURO RU/2465/12
2.RIHANA SEID RU/0936/12
3.YOHANES GETACHEW RU/1202/12
4.ISILEMAN ISHETU RU/2208/12
5.FIKRU ALAMU RU/0796/12
Instructor: AZEZE K .
itted Day:/15/2023 G.C
The Top Security Threats Of 2021-2022 ● the threats are getting more and more serious, with greater potential to do serious, long-term, expensive damage to your organization. For instance: ● Ransomware not only encrypts and holds files in exchange for money, but now punishes victims who fail to pay in a timely manner . ● Trends like remote work, the Internet of Things (IoT), bring-your-own-device trends and cloud initiatives have given hackers new ways to infiltrate your organization by exponentially expanding the attack surface. ● Technologies like artificial intelligence (AI) and machine learning (ML) have given these hackers new tools to distribute malware, vector in on high-end targets, and reach bigger and more diverse audiences. ● And as these technologies evolve, cybercriminals are becoming increasingly stealthy, sophisticated and evasive. ● The security experts at Splunk recently built a collection of the Top 50 Security Threats and we use a list of their top 15 “favorites” — a combination of the most malicious, clever or insidious that should be on your radar right now. And while many of these examples name companies that were targeted a few years ago, rest assured the bad guys are still up to the same tricks today. 1. Social engineering and cryptocurrency ● In an attack that uses social engineering, not only the technology is at focus. Social engineering targets the human aspect. Social engineering can occur in any form sensitive information can be gathered - In an email, face to face or even via a phone call. ● Sim swapping is an attack where the bad actor gains access to the SIM card from the victim. ● Due to clever social engineering,the mobile carrier is tricked into thinking that the bad actor is the real customer. If successful, the bad actor gets the control of the SIM card and receives the text messages and phone calls. This attack is also used to gain access to social media accounts or cryptocurrency wallets. ● 2. Passwords - Knowledge vs. action ● In an online security survey by Google, 52% of the people reported to reuse the same password for multiple (but not all) sites. ● This is alarming, because a bad actor could get access to multiple accounts with just one password. Worth to mention here is that 79% of the people think that updating security software is important, while 33% don't update regularly. There's a gap between knowledge and action! ● Passwords are still a top attack vector for organizations, a study found. 42% of the respondents indicated security breaches due to a password compromise. ● 3. Insider threats - Do you trust your colleague? ● A lesser publicly known threat that affects businesses small and big are insider threats. Here, anyone that is or was in contact with the company's internal structures is a possible suspect. ● Verizon's report from 2019 reveals stunning data - 57% of all database breaches involved insiders! Small businesses are at greater risk, as employees are often able to access ●
more parts of the internal network compared to bigger businesses.
● Tracking the action of employees is a double edged sword. It's good to detect the bad guys, but it's bad for honest employees who could feel monitored. ● 4.Internet of Things • where 70% of households have at least one smart device. • Unsurprisingly, attacks on smart or “Internet of Things (IoT)” devices spiked as a result, with over 1.5 billion breaches occurring between January and June of 2021. • IoT connectivity opens a world of vulnerabilities for hackers. • The average smart device is attacked within five minutes of connecting to the internet. • experts estimate that a smart home with a wide range of IoT devices may be targeted by as many as 12,000 hacking attempts in a single week. 5.Configuration Mistakes • In system least one error in how the software is installed and set up. • In 2022, impact of the COVID-19 pandemic, socio-political upheavals and ongoing financial stress is likely to increase the number of careless mistakes that employees make at work, creating more exploitable opportunities for cybercriminals. • This strain will only exacerbate an existing issue: PonemonInstitute reports that half of IT experts admit they don’t know how well the cybersecurity tools they’ve installed actually work, which means at least half of IT experts already aren’t performing regular internal testing and maintenance. Poor Data Management Data management is about more than just keeping your storage and organization systems tidy. To put things in perspective, the amount of data created by consumers doubles every four years, but more than half of that new data is never used or analyzed. Piles of surplus data leads to confusion, which leaves data vulnerable to cyber attacks. To sort right data from unnecessary data, teams will increasingly rely on automation, which comes with its own set of risks. Automated programs are like spider webs—a small event on one side of the web can be felt throughout the entire structure. And while the data processing itself relies on artificial intelligence, the rules and settings the AI is instructed to follow are still created by humans and are susceptible to human error. 7. Ransomware ● In a 2021 survey of 1,263 cybersecurity professionals, 66% said their companies suffered significant revenue loss as a result of a ransomware attack. ● One in three said their company lost top leadership either by dismissal or resignation, and 29% stated their companies were forced to remove jobs following a ransomware attack. • Ransomware has only become more sophisticated, more widely available, and more convenient for hackers over time. In fact, • cybercriminals can now subscribe to “Ransomware-as-a-Service” providers, which allow users to deploy pre-developed ransomware tools to execute attacks in exchange for a percentage of all successful ransom payments. • The rise of RaaS means ransomware attacks are now significantly more affordable for small- time cybercriminals, which in turn means the number of ransomware attacks will only continue to climb. 8.Poor Cyber Hygiene • “Cyber hygiene” refers to regular habits and practices regarding technology use, like avoiding unprotected WiFi networks and implementing safeguards like a VPN or multi-factor authentication. • Unfortunately, research shows that Americans’ cyber hygiene habits leave a lot to be desired. • The patch management capabilities of the organizations who were targeted in 2021 will determine whether or not they fall victim to another attack in the coming year. • One increasingly popular solution is the adoption of the subscription model for patch management software. • “Patching-as-a-Service” products provide continuous updates and patches, increasing patch speed and efficiency. Automated patching also reduces the likelihood of patch vulnerabilities created due to human error. • • 9.Cloud crypto mining ● Cloud crypto mining is in fact a method for using your organization’s computers to make money — but not for you, obviously. ● Tesla fell victim to a cloud crypto mining attack when hackers took advantage of an insecure Kubernetes console, stealing computer processing power from Tesla’s cloud environment to mine cryptocurrencies. ● While all of the attacks on this list are to be avoided, there’s something about this one that just seems especially galling. 10. DDoS attack ● Perhaps the best-known distributed denial-of-service (DDoS) attack occurred against popular online code management system GitHub. ● GitHub was hit by an onslaught of traffic, which at its peak came in at a rate of 1.3 terabytes per second, sending packets at a rate of 126.9 million per second. ● In this attack, the botmasters flooded memcached servers with spoofed requests, which gave them the ability to amplify their attack by 50,000x. The good news? Administrators were alerted to the attack and it was shut down within 20 minutes.