[BreachExchange] Cybersecurity experts warn that these 7 emerging technologies could put your online security at risk
Destry Winant
destry at riskbasedsecurity.com
Wed Oct 2 00:00:50 EDT 2019
https://www.businessinsider.com/7-emerging-technologies-that-cybersecurity-experts-are-worried-about-2019-10#the-internet-of-things-creates-new-threats-to-security-infrastructure-4
With three months left in the year, 2019 has already seen an
exceptional number of major cybersecurity incidents.
An avalanche of hacks, breaches, and data exposures have rattled
government agencies and private companies alike, and the victims are
typically consumers or citizens.
An attack earlier this summer that targeted Uighur Muslims and
Tibetans in China exposed flaws in systems like iOS that were
previously thought to be impenetrable. Ransomware attacks have swept
government agencies across the US, debilitating them for days on end.
Hackers are becoming increasingly innovative with the techniques they
use to access sensitive data. In many cases, new technologies that
have just hit the market are boons to hackers, who capitalize on
people's lack of understanding of how those technologies work, as well
as undiscovered holes in new systems' security.
In turn, cybersecurity experts are highlighting certain technologies
that have been repeatedly exploited by hackers, calling for heightened
awareness of their vulnerability to bad actors.
Here are seven emerging technologies that pose threats to modern cybersecurity.
AI-generated “deepfake” audio and video can help hackers scam people.
"Deepfake" technology — which allows people to manipulate video and
audio in a way that looks very real — has made leaps and bounds in
recent years Indeed, anyone familiar with face-swapping filters on
Snapchat or Instagram has witnessed a rudimentary version of deepfake
technology firsthand.
As deepfakes become increasingly sophisticated and hard to tell apart
from the real thing, cybersecurity experts worry that hackers could
use the technology for phishing scams, wherein hackers pose as
somebody else to get victims to hand over private information.
Some companies are working on AI-driven software to detect deepfakes,
but these efforts are still in the early stages of development.
Quantum computing could easily crack encryption.
In September, Google announced that it had achieved "quantum
supremacy," meaning it built a functioning quantum computer — a feat
that had been theorized but never achieved. The announcement was a
major milestone in the field, but the technology is still nascent and
doesn't have many practical applications yet.
Nonetheless, the announcement raised immediate concerns for security
watchdogs, who say that quantum computers — which channel aberrant
phenomena from quantum physics into computing power — could easily
break encryption currently used in products seen as airtight, like
blockchain or credit card transactions.
While quantum computers haven't been used to this end by hackers yet,
experts worry that the technology could continue to advance in years
to come, threatening encrypted data sets that organizations like banks
protect for decades.
5G networks will bring faster speeds, and a host of new vulnerabilities.
5G is beginning to roll out as the next generation of wireless
network, promising faster wireless internet with the bandwidth to
support more devices.
But security watchdogs warn that the shift to 5G could give hackers
new inroads to target systems that use the network. The increased
speed could make 5G devices more susceptible to DDoS attacks, which
aim to flood victims' servers with traffic in order to overwhelm and
shut them down, according to Security Boulevard.
The “internet of things” creates new threats to security infrastructure.
The "internet of things," or networks specifically made for
internet-connected devices and appliances to communicate with each
other, is now used widely across industries.
As this technology becomes more common, however, hackers are
increasingly finding vulnerabilities in IoT networks and using them to
compromise companies' operations. In one high-profile example, hackers
breached the network used by Verizon's shipping vessels and were able
to track where the company was shipping its most valuable cargo.
Hackers are using artificial intelligence to outsmart cybersecurity systems.
As artificial intelligence makes leaps forward in sophistication and
versatility, hackers are already using it to get around cybersecurity
defenses. Hackers can use AI-driven programs to quickly scan networks
to find weak points, or predictive text functions to impersonate
insiders and trick targets into handing over sensitive information.
"We do imagine that there will be a time when attackers use machine
learning and artificial intelligence as part of the attack. We have
seen early signs of that," Nicole Egan, CEO of cybersecurity firm
Darktrace, told the Wall Street Journal.
As companies outsource high-tech functions to third parties,
supply-chain hacks proliferate.
A growing number of recent data breaches came about as the result of
"supply chain" hacks, wherein break into a company's software that's
in turn distributed to clients.
This trend is the result of an increasing number of companies and
agencies outsourcing services to third parties, which widens the range
of potential victims for hackers to target. According to a recent
report by cybersecurity firm Aon, the number of targets that are
potentially vulnerable to supply chain hacks is growing exponentially.
More operational functions are moving online, which is good news for hackers.
Companies and government agencies are maximizing the number of
operations that use internet connectivity, drawn in by the efficiency
the internet brings.
But doing so comes at a security cost — with more internet
connectivity, the "attack surface" that's vulnerable to hacks becomes
wider, lowering an organization's defenses, according to the Aon
report. If hackers compromise one internet-connected facet of an
organization, it's easy for them to laterally hack other devices on
the network.
More information about the BreachExchange
mailing list