This was first published on Sunday Business & IT on January 6, 2019. Living Life well online
2018 was the year for data breaches which compromised the personal information of millions of individuals around the world. I am one of the 1.175 million Filipinos and among 87 million users worldwide whose data Cambridge Analytica, a British political consulting firm, shared to other third parties. Facebook has not acted on the complaint I filed in May 2018 at the National Privacy Commission (NPC). Cathay Pacific Airways is the airline I use for my trips overseas and they reported a data breach committed in March that affected 9.4 million travelers and 102,209 Filipinos. British Airways announced a data breach that impacted information from 380,000 reservations made between Aug. 21 and Sept. 5, 2018. Marriott announced that 500 million travelers who reserved at a Starwood hotel since 2014 had their data compromised. Quora announced a breach in its platform. Google discovered a bug in Google+ exposing 500,000 users’ data for about three years. Let’s not forget the breach affecting 50 million Facebook accounts because of the tokens, a system used by third-party platforms such as Spotify.
The data breaches have implications for 2019. Let’s look at the forecasts of two cyber security and defense companies: Kaperksy Lab and Trend Micro Inc.
In Kaspersky Lab’s cyberthreat predictions for 2019, one of the top forecasts includes attacks on mobile banking for business users and attacks on small companies that give specialized financial services to larger players. The threats of new local groups attacking financial institutions in Southeast Asia, Indo-Pakistan region and Central Europe looms. In terms of threats to ordinary users and stores, those who use cards without chips and do not use a two-factor authorization of transactions will be most at risk.
Security predictions from Trend Micro’s “Mapping the Future” classified them to the primary areas. These are consumers, enterprises, governments, security industry, industrial control systems, cloud infrastructure and smart homes. Trend Micro added that 2019 would be a significant year for political developments covering the finalization of Brexit and landmark elections held in several countries. The Philippines is holding its midterm elections on May so let’s continue to be mindful of our cybersecurity. These technological and sociopolitical changes will have a direct impact on security issues in 2019 but let’s focus on the consumer — YOU.
1. Cases of phishing will increase in 2019.
Trend Micro predicts social engineering through phishing attempts not only in email but also in SMS and messaging accounts. Aside from targeting the usual online banking credentials, cybercriminals will go after accounts used for cloud storage and other cloud services. New types of attacks like SIM-jacking might happen. In SIM-jacking, criminals impersonate a target and convince a telecom carrier’s tech support staff to port a “lost” SIM card to one they already own. This action takes control of a target’s online presence, often associated with one’s mobile phone number.
2. Attacks abusing chatbots will become rampant in 2019.Advertisements
Attackers will design chatbots that can hold an introductory conversation with a target to establish a convincing conversation that establishes the groundwork for sending over a phishing link or getting personal information. These attackers will delve into an extensive scope of possible payloads, including manipulation of orders, installation of a remote access trojan (RAT) in the target’s computer, or even extortion.
3. Cybercriminals will compromise famous YouTubers and other “online-famous” personalities’ social media accounts.
Cybercriminals will work on taking over these accounts through targeted phishing attacks. The followers’ computers may be infected by infostealers or made to join campaigns for distributed denial of service (DDoS) or cryptocurrency mining. They may turn their accounts into troll ones.
4. A surge in fraudulent transactions using credentials taken by cybercriminals from data breaches.
Cybercriminals will use these accounts to register trolls on social media for cyberpropaganda, manipulate consumer portals by posting fake reviews, or add fake votes to community-based polls. The possible applications are endless.
5. Sextortion cases will rise.
In the Philippines, sextortion cases in Facebook has been taking place. It is best to contact the Philippine National Police or the National Bureau of Investigation Cybercrime division.
We must stay safe in 2019. Continue to distinguish truth from the untruth. Social engineering relies on the same human weaknesses. Spreading awareness on the disinformation and the misinformation ecosystem will make the public more resistant to opinion manipulation or confirmation bias. We need the same level of critical thinking for social media consumption in checking whether an email or a phone call is coming from a trusted source. Cybersecurity awareness training in schools and for the public is a must. I have talked about digital privacy and security in my past column. Now is the time to change your passwords. Use unique passwords for different accounts. Take advantage of multifactor authentication features, or use a password manager tool to secure store credentials. Trend Micro recommends that one must secure our consumer devices such as computers, tablets, and smartphones from threats of ransomware, dangerous websites, and identity thieves. Make sure that complete protection is available through anti-malware solutions. Take advantage of the tools and technologies that empower us to fight against cybercriminals and other emerging threat actors.
The internet and social media serve as tools for good but we must be aware on minimizing risks and maximizing benefits.