If you’re on the alert for a batch of new data security threats to hit in 2018, check your rearview mirror instead. Many of the “big hits” from 2017 will generate another run at stealing your data this year. After all, why should hackers change their approach if it’s working? A look at the money trail can be a sage predictor of what 2018 will bring.
Ransomware provides a substantial opportunity for hackers who want to rake in cash, and hospitals are a growing target. Mimecast Limited, a cloud email security provider, surveyed U.S. healthcare providers and reported in December 2017 that 78 percent of respondents had suffered an email-based attack packed with ransomware, malware, or both. Some institutions documented more than a dozen attacks over 12 months.
Hospital ransomware attacks are becoming common enough to become part of popular culture. Television series Grey’s Anatomy and Chicago Med have both aired episodes focused on the impact of these attacks.
It pays to plan ahead. By enhancing its security before an attack occurred, Wood County Hospital Systems in Ohio was able to avert what could have been a crippling crisis. During upgrades late last year, the hospital was testing a network traffic analysis (NTA) technology system that uncovered a device infected with a new ransomware variant dubbed CryptFlle2. This early detection allowed Wood County to stop the ransomware before it spread.
When WannaCry ransomware swept the globe on May 12, 2017, it locked up computer systems at more than 20 UK National Health Service affiliate hospitals. Many were running antiquated hardware systems. Some still utilized Windows XP, an operating system (OS) that Microsoft stopped supporting or patching in 2014. In March of 2017, Microsoft detected and patched the WannaCry vulnerability for its newer versions of OS. But weeks later, many of the hospital systems still had not updated and were vulnerable to attack.
Businesses and individuals should reduce their risk of ransomware by running the latest version of their computer’s operating system. For most people, this means upgrading to Windows 10. It appears just 52 percent of PC users have upgraded so far, which could indicate that millions of PCs still lack the latest security updates.
Update early. Update often. This rule applies to OS, anti-virus software, and any apps you use.
Here’s another headache from 2017 likely to intensify in 2018. Phishing emails can deliver ransomware or direct unsuspecting victims to tainted websites. For instance, to steal login credentials and drain bank accounts, scammers will push out fake bank correspondence with links they hope will be clicked. The risk could be in the body of the email itself or in an attachment. Even fake, very real-looking invoices are prevalent. The key is to slow down. If you click the links before you think, you increase your odds of getting hooked.
If you get an email that looks urgent, take a moment and explore your email app. It should be able to display the source that sent it. You can then check the Internet Protocol (IP) address and see where the computer is located. Important to note: Wells Fargo, Chase, and the other American banks don’t send emails originating in Nigeria or Ukraine.
Portable devices—especially Android phones—will continue to be targeted. Last fall, a banking Trojan dubbed RedAlert 2.0 targeted more than 60 banking and social apps. Trojan malware attempts to trick the user into thinking that it’s something that it’s not, like a game, song, or app from an unknown website. Then it unleashes a wave of damages.
When RedAlert 2.0 is triggered, it overlays a mirror image on top of the legitimate app to capture login credentials. By the time the phone owner sees an error message, it’s too late, their login data is already on its way to the hacker.
In addition, Android users are even at risk from malware developers with little or no coding experience. Trojan Development Kits (TDKs) make it possible for cybercriminals to quickly and easily produce their own Android malware. If you are an Android user, only download apps from trusted sources and don’t grant app permissions that don’t make sense, for example, a flashlight app that wants access to your contacts.
Here’s an easy prediction for 2018. Many electronic device users will continue to choose very poor passwords—or none at all.
SplashData, a password manager firm, recently issued its annual list of the worst passwords. Sadly, it contains very few surprises. When it analyzed data from 5 million passwords dumped online last year, the company found that 123456 remained the top password for 2017. The top dozen bad passwords included gems like “letmein,” “password,” “qwerty,” and “admin.”
Last year, the data security experts at Carnegie Mellon University’s CyLabs debuted a free online password meter to help consumers create strong passwords. If you’re struggling to choose secure digits that can’t be easily cracked by a computer algorithm, try out this program. Otherwise, 2018 needs to be the year you consider letting a password manager do the work for you.
The U.S. Congress has been unable to adopt a national standard governing compromised data, but the EU policy could export some changes to our shores as international firms such as Facebook and Google fall in line with GDPR regulations versus the complications of having different privacy policies for the U.S. and Europe. Only time will tell if GDPR becomes good news for American consumers.