The Constant Battle Against Evolving Cyber Threats and the Role of Cyber Security Companies

Computer operators around the world devote more and more time to fending off nefarious invasions into their electronic devices and computer networks. The ever changing list of viruses, campaigns, vulnerabilities, exploit kits, malicious software (malware) and a plethora of other cyber threats also keep cyber security companies busy keeping track of them so they can manufacture and provide customers up-to-date security software to locate, identify and eradicate cyber threats that are becoming more and more sophisticated and numerous.

It has never been more important to maintain up-to-date security software than today when cyber criminals continue to devise new cleverly deceptive ways to steal valuable information for purposes of exploitation. To help protect against nefarious invaders it is important to install manufacturer updates for all programs (especially those related to cyber security) used frequently and to remove from computers those programs that are seldom or never used in order to eliminate possible vulnerabilities. It’s also advisable to back up important files frequently and to avoid clicking on advertising and other types of links and attachments included in emails unless you are sure of their authenticity.

The U.S. Department of Homeland Security (DHS) divides cyber threats into two categories (vulnerabilities and exposures) and created the standard for security vulnerability names that’s known as Common Vulnerabilities and Exposures (CVE). In depth information about multiple CVEs can be found at https://cve.mitre.org.

Top 10 IT Cyber Threats: Current List from Intel’s Threat Landscape Dashboard

The following is by no means a comprehensive list but comprises the current top ten cyber threats discovered by Intel Corporation which maintains a website devoted solely to cyber security known as the Threat Landscape Dashboard which can be viewed by visiting http://tld.mcafee.com.

1 – CVE-2016-7200

Microsoft Edge’s Chakra JavaScript engine lets remote hackers execute arbitrary code or cause denial of services via memory corruption in crafted websites.

2 – CVE-2016-7201

Operates the same way as CVE-2016-7200.

3 – CVE-2016-4190

Allows hackers to execute arbitrary code or cause denial of services using memory corruption via unspecified vectors on Adobe Flash Player, Windows and Linux.

4 – Cerber Ransomware

Cerber ransomware is sold to distributors in underground Russian forums and targets Office 365 users by encrypting files and playing an audio file that demands ransom to unlock the stolen data.

5 – Locky Ransomware

The continually evolving Locky ransomware does not infect computers using the Russian language but targets Windows users by encrypting files in multiple local and remote locations, as well as removable drives, mapped drives and unmapped networking.

6 – Satan Ransomware

This ransomware is hosted on the Dark Web and is provided free of charge for hackers to use as a “ransomware-as-a-service” (RaaS). Developers of the ransomware require 30% (of the ransom) to use the service and will reduce the amount based on funds actually received.

7 – RIG Exploit Kit

RIG is spread using suspicious ads that have been inserted into legitimate websites.

8 – Neutrino Exploit Kit

This EK and its predecessor Neutrino-v surged in popularity in 2016 and use compromised websites and malvertising to infect computers with various malware.

9 – Operation Shamoon 2

This cyber attack used seemingly legitimate credentials to spread malware across networks targeted in Saudi Arabia in late 2016 and used components similar to attacks perpetrated in 2012.

10 – Operation Methbot

This fraud campaign was discovered in 2016 and uses a bot net that spoofs thousands of name brand website domains to fraudulently net between three and five million dollars every day.

This is only one of multiple lists of top ten threats discovered by Intel and the lists are always changing and the information therein always valuable. It behooves computer operators everywhere to make themselves aware of various cyber threats and to take measures to protect against them.

Read more about this subject here