New Trends in Cyber Security (Part 3)
Forrester Research predicts costs related to scams involving deep fakes will exceed $250 million in 2020. Deep fakes can take the traditional phishing scams to a new level. Through widely available deep fake technology, you could receive a voicemail or even a video of someone you know — like your boss instructing you to wire money to a fraudster. Using artificial intelligence, deep fakes can accurately mimic voice and tonality of the victims and follow up with an email or text message confirming the instructions. The software and technology necessary to perform such attacks is even being created by household names such as Google in their controversial Duplex service which mimics a user’s voice to make phone calls on their behalf.
Deep fake scams are still in their infancy. As scammers get a couple of wins under their belt and the technology becomes more widespread, we expect the attacks to increase rapidly. On a global level, the geopolitical risks are extreme as nations extend their disinformation campaigns. But even on a small business level, our ability to trust our eyes and ears may be changed forever.
Windows 7 Sunset
Windows 7 has finally reached its official end of life from Microsoft after an eleven-year run. This means security updates will no longer be available for some 200 million PCs still running Windows 7. Even if your organization is no longer running Windows 7, the threat remains in the millions of vulnerable PCs that are now more likely to become part of a botnet carrying out other attacks. It also means that any personal data stored on a Windows 7 device could now be more easily compromised. Passwords, personal information or financial information stored on a Windows 7 device can be more easily stolen as new vulnerabilities go unpatched. Any Windows 7 device left on your network is now an unmanaged threat to your network. With prolific BYOD policies in place, IT managers must be vigilant in restricting how these devices can access corporate networks.
In the current work from home environment, you’ve probably been invited to a Zoon meeting or at least heard of Zoom in the media because of their unprecedented growth rate. Early this year Zoom reported a 50% month-over-month increase in daily meeting participants as they hit the 300 million participant milestone. At the same time as Zoom’s incredible growth, the software was also being banned by the likes of Google, SpaceX, Taiwan, NASA, German Foreign Ministry, New York City Department of Education and the United States Senate. In fact Zoom’s security flaws are so severe that Arvind Narayanan, an associate computer science professor at Princeton University states, “Zoom is malware.” When we think of malware, we usually think of software installed without our knowledge or apps downloaded from non-credible sources. We hardly think of public companies with exponential user growth rates. Zoom isn’t undeserving of the malware classification. In 2019 it was revealed Zoom had quietly installed a hidden web server on user devices that allowed users to be added to calls without permission. Zoom has also implemented in-app surveillance measures as well as selling user data making it a privacy disaster. Whether from supposedly credible sources or intentionally malicious sources, malware remains a credible threat. Over 439,000 new malware variants were detected in 2019 and with the strong growth in IoT devices and their limited security potential along with classification of products like Zoom, we expect to see an uptick in malware going forward.
While the cyber threats continue to increase in complexity and occurrences, the tools available to harden networks and systems are also advancing rapidly. Hardware and software from innovative companies like WatchGuard are leveraging artificial intelligence to create intelligent protection systems with simplified management. And cybersecurity analysts, who spend their lives in the trenches fending off threats, are one of the fastest-growing career fields today.