STM Thinktech Published New Cyber Threat Status Report

Unfair Profits in Crypto Currency!

Cryptocurrencies such as Bitcoin (BTC), Ethereum (ETH), Monero (XMR) and Ripple (XRP) starting to gain more financial value on a global scale day by day because of the distributed structure of digital money/payment systems. Trillions of calculations are being executed for the generation of “Blockchain” content referred to as the technology enabling the formation of cryptocurrency units.  This requires a significant amount of energy consumption in addition to high performance hardware. Thus, the recent “Crypto-jacking” attacks against cryptocurrencies imply the utilization of the aforesaid hardware, the control of which is seized through various means in crypto mining without the information or will of their owners.

The attackers managing to infiltrate the harmful software to target systems through certain methods seize hundreds of thousands of hardware and transform them into a multimedia computer generating cryptocurrency.

According to the STM ThinkTech’s Report, in order to avoid the crypto-jacking attacks, variations that both require the installation of applications and provide protection through add-in paths over the scanner can be developed. Part of the aforesaid solutions are capable of enabling prevention towards certain types of mining. In addition to the solutions identified in line with the requirements of the people working in crypto mining, being careful of the reliability of all websites to be visited and increasing the level of their awareness are suggested for security.

Noted Increase in Phishing Attacks During the World Cup

A significant increase in “phishing” attacks, in which the football fans, organization companies and sports clubs were targeted, was observed prior to and throughout the 2018 FIFA World Cup in order to draw attention. The attacks tried to entrap users via natural and fictional scenarios that copy virtual website selling tickets of the World Cup games, offering false campaigns through the use of FIFA or the brands of sponsors of the events, with the goal of penetrating devices via utilization of harmful links and the forming fake access points through free audience software.

Voice Assistants Can be Utilized in Intelligence Activities

Voice assistants are being utilized in numerous applications such as listening to music, getting traffic information, running banking transactions and they facilitate our daily lives more and more each day. According to the Report, the voice assistants such as Siri (Apple), Google Now, S Voice (Samsung), Cortana (Microsoft), Alexa (Amazon) and HiVoice (Huawei) developed by various technology companies turned out to be a new platform for cyber-attackers. 

The transmission of commands through hiding commands in the voices, utilization of the frequencies over the individual’s threshold of hearing and coding the voices form vulnerable areas where the voice assistants may be abused. On top of the attacks that may be conducted through such hidden commands, installation and execution of harmful codes, execution of intelligence activities via hidden audio/visual searches and sending junk mails remain. The attacks that are formed through the abuse of voice assistants have reached levels that may cause both material and non-material damage to users.

Vulnerability of Things may Directly Affect Human Lives!

A special section was assigned in the ThinkTech Cyber Threat Report to cyber threats over the Internet of Things (IoT) that penetrate human lives.  Numbers are projected to reach to 20.4 billion by the year 2020. These things that facilitate our daily lives and are presented in the plug - and -play form bring forth a growth rate that is hard to scale and security vulnerability comes along with them. The vulnerability of the things that are utilized in all areas ranging from households to industrial venues, may directly affect human lives and differently from the conventional cyber security attacks. Physical damage to individuals and institutions are being observed through industrial control units, medical imaging devices at hospitals, patient insulin devices, ventilation/air conditioning systems, smart house systems, smart energy measuring devices seized by attackers. The diversity of the devices and fields in the IoT (Internet of Things) prevent the implementation of conventional methods of information security and the establishment of the standards against these cyber-attacks.