Some of the high lights are:
Formjacking. Targeted attacks. Living off the land. Coming for your business.
Like flies to honey, miscreants swarm to the latest exploits that promise quick bucks with minimal effort. Ransomware and cryptojacking had their day; now it’s formjacking’s turn.
Cyber criminals get rich quick with formjacking
Formjacking attacks are simple and lucrative: cyber criminals load malicious code onto retailers’ websites to steal shoppers’ credit card details, with 4,800+ unique websites compromised on average every month.
Cryptojacking Down, but not out
Ransomware and cryptojacking were go-to moneymakers for cyber criminals. But 2018 brought diminishing returns, resulting in lower activity. For the first time since 2013, ransomware declined, down 20 percent overall, but up 12 percent for enterprises.
Cloud challenges: If it’s in the cloud, security’s on you
A single misconfigured cloud workload or storage instance could cost an organization millions or cause a compliance nightmare. In 2018, more than 70 million records were stolen or leaked from poorly configured S3 buckets. Off-the-shelf tools on the web allow attackers to identify misconfigured cloud resources.
Hardware chip vulnerabilities, including Meltdown, Spectre, and Foreshadow allow intruders to access companies’ protected memory spaces on cloud services hosted on the same physical server. Successful exploitation provides access to memory locations that are normally forbidden.
IOT: Your favorite IoT device is an attacker’s best friend
Although routers and connected cameras make up 90 percent of infected devices, almost every IoT device is vulnerable, fromsmart light bulbs to voice assistants.
Targeted attack groups increasingly focus on IoT as a soft entry point, where they can destroy or wipe a device, steal credentials and data, and intercept SCADA communications.
And industrial IT shaped up as a potential cyber warfare battleground, with threat groups such as Thrip and Triton vested in compromising operational and industrial control systems.
Download full report from here