In short, the risks that have emerged in the last year or so include hackers exploiting blockchain-powered smart contracts along with deepfake videos that harness the power of AI.
Some may find it a pessimistic view but 2018 was probably the year with the most number of huge cyber disasters.
It was actually full of it.
We saw revelations regarding a security flaw that affected billions and billions of microchips along with humongous data breaches.
We also witnessed various new cyber attacks that made use of malicious software which locked down computer systems until the victim paid the ransom.
Moreover, hackers demanded that ransom in the form of digital currency which is for all practical purposes untraceable.
There is no doubt about the fact that we will definitely see even more ransomware and mega-breach attacks in the year 2020.
That is just the way things are going to be from now on.
Hence, it becomes even more important to make plans on how to deal with such emerging threats and the ones that are already established.
And established risks are many.
These include risks to consumer devices that have an internet connection along with other critical infrastructure that include transport systems and electric grids.
It goes without saying that security teams all around the world will have to make such systems their top priority.
However, cyber-defenders should also not forget to pay proper attention to various other new threats.
let’s discuss some of the latest cyber threats that security professionals around the world need to keep a watch on.
Exploits related to audio and video generated via AI
It is no secret now that collectively we can all thank the advances that have taken place in the field of artificial intelligence for making it possible for hackers to create absolutely fake audio and video messages.
These fake videos and audio messages are, in all fairness, incredibly cumbersome to actually distinguish from their real counterparts.
The community is calling them deepfakes.
And it stands to reason that this technology could prove itself to be a boon for all the hackers in the world in more than one way.
Firstly, researchers have already proven that phishing emails generated via AI-enabled methods which aim to trick online consumes into giving up their passwords, banking details along with any kind of other sensitive data, are more effective than those phishing emails that have been produced by humans.
So everyone should brace themselves for hackers that know how to take advantage of new AI methods to throw tons of highly realistic fake audio and video into the mix.
Using such advanced techniques, hackers can actually reinforce various instructions that come embedded in new phishing messages.
They also have the option of using it as a pretty effective standalone tactic.
Of course, one should also not forget that cybercriminals could actually make use of the latest advances in technology to move ahead and manipulate stock prices.
Well, they could post a realistic fake video of a given company’s CEO who may announce that his/her company is actually facing huge financing difficulties and/or even worse crisis.
One also cannot ignore the danger that hackers could use deepfakes to effectively spread various false news items before and during election time.
They could do the same to stoke actual geopolitical issues and tensions.
Most of our readers would already know that such kind of ploys to hurt people would previously have requires hackers to secure the resources equivalent to that of a huge movie studio.
However, now any hacker can pull these tricks off if he/she has access to a reasonably decent machine and a slightly expensive graphics card.
It is true that various startups have taken it upon themselves to develop their own technology in order to detect and flag deepfakes.
However, it is still pretty much unclear as to how effective these startups and their methods would be in their objective to expose deepfakes.
So what’s the solution?
In the meantime, perhaps the one and only genuine line of defense against deepfakes is security awareness.
Governments and organizations with influence have to train the general population so that their become sensitized to the risks that come with deepfakes.
AI defenses getting poisoned
It is good that security companies all around the world have essentially rushed ahead to embrace various AI models in order to assist their operations in anticipating and detecting cyber attacks.
With that said, it is also true that sophisticated and experience hackers could actually try to poison and corrupt such AI defenses.
The CEO of Endgame, a security firm, Nate Fick recently said that AI could actually assist in helping firms such as his to parse actual signals from all the noise.
However, he said, if such technologies ended up in the hands of capable people then it would also be AI which was going to produce some of the most sophisticated and malicious attacks in cyberspace history.
GANs or Generative Adversarial Networks, work by pitching two different artificial intelligence neural networks against each other.
Hackers can use GANs to try and guess what all the algorithm defenders are making use of in their various AI models.
There is also the risk of hackers gaining the ability to target data sets that professionals make use of in order to train models and also poison them.
To take an example, it isn’t a far-fetched idea that a hacker learns how to use GANs and then uses them to switch labels on a given sample of code that is malicious in order to indicate that the malicious code sample is actually safe rather than malicious or at least, suspect.
Hacking blockchain smart contracts
What are smart contracts anyway?
These are nothing but software programs which are stored on a, you guessed it, blockchain.
Smart contracts have the ability to automatically execute a legitimate form of digital asset exchange when and if certain conditions which are encoded in them are fulfilled.
It is also true that entrepreneurs all around the world are lining up and pitching their ideas for the use of this technology.
According to the business community, smart contracts could have applications in everything.
From intellectual-property protection to money transfers, blockchain smart contracts can come in handy in all situations.
However, just like with all the other advances in the field of technology, this technology too is pretty much in its early development stage.
Moreover, researchers are still trying to find various bugs in smart contracts.
They have already found success in exploiting various flaws in order to ‘earn’ millions worth of US dollars in untraceable and online cryptocurrencies.
So what is the problem with blockchain in any case?
Well, the fundamental problem with or rather issue with this new technology is that the creators of blockchain designed the technology to be absolutely transparent.
Because of that, any task that demands keeping all the data that is associated with blockchain-based smart contacts safe and private would pretty much become a challenge.
The CEO of Oasis Labs and also a professor at the University of California, Berkeley, Dawn Song recently said that the community needed to build technologies that preserved online privacy directly into various smart contract platforms.
Oasis Labs is a startup which is spending resources on and working to find ways of doing exactly that with the help of special hardware.
Quantum computers and the end of encryption
Various security experts have already predicted that quantum computers would change encryption forever.
Quantum computers are computers that have the ability to harness various exotic phenomena from fields such as quantum physics in order to generate exponential leaps in a given machine’s processing power.
These quantum machines could realistically crack open any type of encryption.
Encryption is the only technology that is helping to protect user data of everything from health records to e-commerce transactions.
There is no doubt about the fact that quantum computers are pretty much in their infancy.
Moreover, it could take researchers years if not decades before they are able to produce quantum machines that could pose any kind of a serious threat to current encryption methods.
However, consumer-facing products such as cars and other things that run software which manufacturers or anyone else with enough skills can update remotely, would still be around functioning in the society a decade or even more from this point in time.
Once quantum attacks become a reality, the encryption which is currently baked directly into such products could eventually become useless.
And by the way, this also holds true in the case of code that any organization or company makes use of to protect its sensitive data such as various financial records.
Basically, any data that has a requirement to be stored somewhere and someplace for a multiple number of years is vulnerable.
The group of United States quantum experts recently published a report which urged various organizations to begin the process of adopting forthcoming and new types of computer encryption algorithms which have the ability to withstand attacks based on quantum machines.
Of course, the good news here is that the United States government organizations such as the United States National Institute of Standards and Technology have already begun work on standards which would become useful for a post-quantum cryptography era in order to make the entire process much easier to manage and less painful.
Cloud computing attacks.
Any type of business that has the job of storing other organizations’ or companies’ data on its own servers or managing various clients’ information technology systems in a remote manner , make for quite a juicy and super-tempting target for cyber criminals.
If a hacker or a group of hackers, is able to breach the systems of such companies then they could get access to data that belongs to their clients as well.
There is little doubt about the fact that big cloud computing companies such as Google and Amazon have the resources to afford heavy investing in the field of cybersecurity defenses.
These companies can pay those salaries which are required to attract the greatest talent that is currently available in the field.
Of course, no amount of money can make companies as big as Google and Amazon immune to data breaches and other types of cyber attacks.
However, because Google and Amazon have such strong defenses, it stands to reason that hackers would move to the low hanging fruit and attack smaller firms that do not have a security budget as big as Google’s or Amazon’s.
Readers who follow cybersecurity news would know that this has already begun to take place.
Just recently, the government in the United States of America accused hackers from China of making attempts to sneak into the information systems of a firm which managed information technology activities for various other security firms.
By making use of this access, hackers from China managed to allegedly gain full access to machines that belonged to over 45 different companies in various parts of the world.
Hackers from China affected industries from oil and gas exploration to aviation and everything in between.
Security experts have dubbed such techniques as the Cloudhopper techniques.
This kind of an attack, security experts believe, represents just the tip of, again what they believe, what will eventually become a fast-growing and fast-moving iceberg.
Chenxi Wang who is the founder of a venture capital firms which has a specialization in cybersecurity, Rain Capital, recently said that the community would soon see hackers moving away from focusing on desktop machine malware to malware that is focused on data centers.
Data centers are particularly attractive for hackers because of the simple fact that they offer huge economies of scale.
Needless to say that quite a few of the risks that we have mentioned on this list may, to some, seem like less pressing.
Especially when compared to other risks on this same list.
And that isn’t necessarily a bad viewpoint.
However, when it comes to issues such as cybersecurity, only those companies would have sufficient preparation against the attacks that tomorrow would bring who have the most will to exercise and implement the full potential of their imaginations today.