We’ve rounded up some of the worst digital (and human) offenders of 2019 – from malware that masquerades as a famous author’s book to a hacker responsible for one the biggest breaches in the financial industry’s history…
#6. Coming out of hibernation: Emotet
Emotet is a member of the Feodo Trojan family, which has nothing to do with The Godfather, and, thankfully, no horses were ever harmed. It started life as a banking Trojan in 2014, prettily dressed up as legitimate email, enticing users to click on malicious files which supposedly contained invoices or payment details. So far, so boring, but Emotet has kept evolving and is slippery to catch. It plays dead in sandbox environments (those contained virtual areas where malware can be safely observed) and spreads like wildfire to connected machines. In 2019, it disguised itself as a downloadable version of Edward Snowden’s new book, “Permanent Record”—thereby cleverly hijacking Snowden’s popularity on social media.
Protection: Never download suspicious attachments or click on links to unknown websites. Consider a browser safety app to secure your surfing.
Which #malware and hackers made the top 6 cyber security threats of 2019?
#5. Most ambitious newcomer: Ryuk ransomware
This new kid on the block as only been around since 2018, and like any small child, makes a lot of unreasonable demands. Ryuk ransomware encrypts data to make it unavailable, and then generates a desktop ransom note demanding a fee of 15-50 Bitcoins (depending on the volume of encrypted data), which translates to $100,000-$500,000. It has already targeted several state and local government entities, and most recently caused the servers and computers of the City of New Orleans to be shut down!
#4. Abuse of citizens’ freedom and rights: Pegasus
This winged horse is no myth. The Israeli-born spyware exploited a major vulnerability in WhatsApp to remotely install surveillance software on phones and other mobile devices. Targets received video or voice calls from an unknown number—and even if they ignored them, Pegasus gained access. Once inside, it provided a gateway to everything on the phone, including text messages and location. The Indian government has been accused of using the malware to spy on journalists and activists, but denies all charges.
Protection: Emigrate to a small island with no WiFi or government, or always update your operating system to the latest version. Both Apple and Google have released fixes for Pegasus.
#3. Worst for Android: Gustuff
It sounds like a kindly German grandfather, but this new malware for Android can drain your bank account. It automatically breaks into banking and cryptocurrency apps installed on your phone and steals funds. And it doesn’t stop there: Gustuff then spreads by texting the contacts on your phone.
Protection: Don’t click on links in text messages, even if those messages have been sent from a friend! Check with your WhatsApp contact first. Plus, download a trusted antivirus for Android.
#2. Sneakiest vulnerability in trusted software: WinRAR
Most of us have used WinRAR to extract compressed files, but for all the years it’s been around, it’s hidden a vulnerability… Cybercriminals can create compressed files that use WinRAR to inject malware directly into a Windows operating system. If have you WinRAR, patch it right away, and remember that WinRAR doesn’t update automatically! Carry out a manual update to stay safe.
Protection: Keep all devices up to date with the latest patches.
#1. One of the biggest hacks of a financial institution: Paige Thompson
Here’s one for the ladies: In July, Capital One announced that it had suffered a data breach that impacted tens of millions of credit card applicants. Users’ banking information, including transaction history, credit scores, and addresses were stolen. It’s one of the largest hacks of a financial institution in history. Software engineer and Capital One employee Paige Thompson has been charged with the attack.
Cybersecurity is a top priority worldwide
With damages racking up an average of $3.86 million per data breach, cybersecurity is a top priority for organizations across the globe. But it’s up to every one of us to wage a daily battle and keep ourselves safe. Sadly, we’re often our own worst enemy as we click on links and attachments that can infect our devices, and leave systems outdated and vulnerable. Why not implement a comprehensive defense strategy today? You can start here—it’s free.