TMC's Advisor

The Advisor is published by TMC

Afraid of the Dark Web?

Hackers are an ever-evolving breed, becoming stealthier and more resourceful with each passing year. The Symantec Internet Security report takes a look at the past year to identify trends, threats, points of entry, and practices that may put your business at risk. Whether you’re online to reorder office supplies, emailing with a colleague, backing up into the cloud, or just conducting business as usual, you may not be as safe as you think you are.

By Elleni Koskinen

Elleni Koskinen is the editor of the Advisor, a researcher, and oversees TMC benchmarking studies.

The Shopping

The use of malicious JavaScript to collect credit and debit card information, known as formjacking, rose in 2018, and it’s easy to see why. E-commerce sites are lucrative targets for hackers. Payment card information can sell for up to $45 per card, and with almost 5000 unique websites compromised each month in 2018, that can easily equate to millions in ill-gotten gains. Formjacking attacks generally targeted third party services, which are often weak points for even the most well protected websites. Chatbots and “leave a review” widgets, which are especially common on e-commerce sites, were the most frequently attacked. The hackers would often exploit routine software updates by injecting malicious code into the legitimate programming, leaving the developer and the user unaware of the threat. Formjacking attacks can affect any business that accepts payment online, and no size of business is exempt from the risk.

The Mail

In Canada last year, Microsoft Office files accounted for almost half of all malicious email attachments, showcasing a worrying trend of hackers solely using software that is generally found on most computers. “Living off the land,” as it’s called, doesn’t require additional code or software, but uses Office files laced with malicious script as a gateway to gain access, then downloads malware once the attachment has been opened. This tactic puts even the most security conscious users at risk, as the emails are often disguised as receipts, or even legitimate work communication with correspondingly appropriate file types.

The Cloud

Cloud databases were also found to be weak points, although hackers shouldn’t take as much credit for that, as much of the security risk was due to user error. Poor cloud configuration led to over 70 million records being compromised in 2018.

The Things

Another risk area was established with the rise of the Internet of Things. Physical devices with less stringent security and the ability to connect to networks allow hackers an ideal point of attack. Routers, cameras, printers, and even alarm systems were common targets in 2018, opening the door for hackers to compromise operation computers, and possibly mount disruptive operations.

The Counter-Strike

Education is the best weapon against these cyber-attacks. Having an understanding of how hackers can gain access to confidential information allows us to take the appropriate steps to prevent it. Hackers may be an ever-evolving breed, but we can be too.

This article was published in the September 2019 edition of The TMC Advisor
- ISSN 2369-663X Volume:6 Issue:2

©2019 TMC Consulting