Editorial
Work-from-home cybersecurity, access for sale, and the economics of APT attacks
Once again, nature has proven the most dangerous hacker of all. The coronavirus has dashed plans, not to mention caused staggering financial hits that even ransomware makers would envy. Yet information security issues are here to stay, and if anything, the pandemic is only adding to their importance. People across the world are plugging in to the matrix like never before, with virtual lives and jobs on devices of sometimes marginal security. Attackers have not held back. To the contrary, they are cashing in on human naivety and carelessness. Are we ready to face them?
In Positive Research 2020, we have gathered the freshest and most insightful information on security trends and technologies. Learn about ways to combat cyberattacks, which skills you should work on, and what the future holds.
Cybersecurity threatscape
In 2019, the number of unique cyberattacks increased from quarter to quarter, as shown by our data. The total for the year was 19 percent higher than in 2018. The most frequent victims of attacks were government, industrial companies, healthcare, science and education, and finance. Information remains a valuable commodity for cybercriminals. For more on current information security threats, see page 12.
Hack at all costs
How much does the toolkit used by the Silence group cost? What is the price of zero-day exploits, and how much damage can a successful APT38 attack cause? (Spoiler: $40 million!) These and other facts and figures are on page 28.
The coronavirus has dashed plans, not to mention caused staggering financial hits that even ransomware makers would envy. Yet information security issues are here to stay
Access for sale
One of the reasons why cyberattacks are growing in number every year is the low barrier to entry. The Internet's shadier side teems with illegal marketplaces for malware and services used to breach corporate networks. Script kiddies have quickly learned how to put these tools to good (or rather, bad) use. For more about "access for sale" and "ransomware affiliate programs," as well as the dangers and potential harm for business, go to page 70.
Mobile banking at risk
Mobile banking apps are at higher risk of attack than other mobile applications. So one would think that banks and customers would pay close attention to security. But none of the mobile banking applications tested by our experts had an acceptable level of security. For more about threats facing mobile banking today, see page 112.
Working remotely and securely
COVID-19 has upset the applecart for everyone. Businesses have shifted to work from home. Hackers have gotten in on the act by bombarding companies and individuals with phishing emails. Take a look at what our security pros have to say about doing remote work the right way, from a cybersecurity perspective (page 122).
Takes one to outwit one
"In the end, one of the strings found at a depth of about 600 steps turned out to be generated from the seed, which at a depth of over 1,000 steps generated the required ID. I took the string generated a step before, and this was the key that allowed me to decrypt all of my friend's files." For more about how Positive Technologies expert Dmitry Sklyarov saved data attacked by ransomware, see page 144.
Cyberthreats on corporate networks
The IT infrastructure of today's companies constantly generates enormous amounts of traffic. Finding trouble spots in network interactions is only getting harder. Simply noting connection addresses, network ports, and protocols is no longer enough. For timely threat detection and response, deep traffic analysis may fit the ticket. What capabilities does network traffic analysis bring to the table? See page 184.
Data protection in machine learning
The PT Advanced Technologies group studies hybrid approaches in machine learning involving sensitive data. Go to page 232 for more about these approaches and privacy-preserving algorithms.
Tomorrow's experts
Data scientists, smart device protectors, and more: which information security careers are going to be "hot"? Peek ahead to page 256.