Cyber Security Threats

Cyber criminals are always evolving their tactics in order to steal and compromise data. To stay ahead of them, we compiled the biggest cyber security threats in 2018, from cryptojacking to already-infected smartphones, and provided actionable tips for you to stay safe online. As the old saying goes, prevention is better than the cure!

1. Getting their info compromised in massive data leaks

There’s no question about it, the biggest risk for users comes without them even having a choice or an input in the matter. It’s, of course, data leaks.

Beyond the Equifax hack and the Cambridge Analytica scandal and their far-reaching implications, it seems that every month brings a new data leak from a major company.

To help combat this, Firefox announced that they will implement Troy Hunt’s Have I Been Pwned tool into their browser, allowing users to check if their email address was compromised. It’s a great start but it’s not enough.

Cyber Security Threats

Unfortunately, as a user, there’s not much you can do about the big services getting hacked. You can, however, protect yourself to the best of your ability, which will eliminate a large number of attack angles on your data and finances.


  1. For non-essential services like newsletters, promotions and various sign-ups, use one or more “burner” email addresses that are not used for your important accounts
  2. Periodically check if your main email address shows up in Have I Been Pwned or Firefox Monitor
  3. Secure every login with two-factor authentication
  4. Carefully consider how much personal information you give away on social media

2. Smartphones shipping with malware and malicious apps

Mobile malware is one of the fastest growing types of malware and this trend has continued for a few years. Because smartphones have become replacements for desktop computers and laptops for many people, the data they collect and contain is a very appealing target for cybercriminals.

It goes without saying that you should never download apps from unknown sources and stick to the official app stores. However, malicious apps can regularly bypass security measures in the Google Play Store or Apple’s App Store.

Trend Micro actually uncovered apps that promised “smartphone security”, not to mention a host of malicious apps that claimed to clean up storage space or optimize battery usage. All of them actually harvested user data and location, while also pushing advertising in multiple ways. Even the App Store, usually having strict review processes, accidentally allowed a calendar app to secretly mine cryptocurrency in the background.

Just how bad is it?

In 2017, out of around 3.5 million apps in Google Play Store, 700.000 of them were deemed “problematic” – they were either app clones or they were designed to steal information, intercept text messages and send phishing links to the user’s list of contacts.

Maybe 2018 is better. Well, that’s a big maybe. Even with Google Play Protect and other measures from other smartphone or OS makers, things slip by.

Cyber Security Threats


Some devices actually ship with malware on them, straight from the factory floor!

In 2017, cybersecurity experts from Checkpoint pointed out that more than 30 high-end smartphones were infected with malware somewhere in the supply chain, before even reaching consumers.

In 2018, Dr. Web drew the alarm that dozens of low-cost Android phones were shipping with the powerful banking Trojan called Triada.


  1. Don’t be lured by the appeal of cheap smartphones if you don’t know the brand – do research before buying a device and make sure the brand has an established community.
  2. Update your apps everytime you receive a notification or let them update automatically. A security patch applied immediately can and will protect you from a lot of malicious attacks on your smartphone.
  3. Take the time to review app permissions when you install them and periodically check those permissions in case they were reset after an update. Does a photo scanning app actually need permission to access your location? No, it does not.
  4. When searching for and installing an app, take a minute and read some reviews about it, checking both the high and low scores. If it doesn’t have reviews yet promises a widely-needed functionality, steer clear of it.
  5. Try to back up your smartphone data at least twice a month
3. Ransomware attacks on cloud services

Ransomware is one of the biggest threats for both home users and organizations. Attacks that will encrypt data and then demand hefty ransoms are obviously a profitable endeavor for criminals.

What’s really bad is that usually, a ransomware attack can be minimized if someone has a back-up of their data. That data is usually in the cloud and the cloud can be hit by ransomware.

Petya itself, one of the most virulent strains, was spread through an infected file on Dropbox, one of the most popular backup solutions. Clearly, ransomware in the cloud is a major problem for everyone.

According to MIT, this is one of the six biggest cyber threats. Just like in the case of data breaches, you cannot stop your cloud provider from getting infected, but you can take measures to protect yourself from ransomware.

Cyber Security Threats


We put together this mega-guide on ransomware protection, but in short, here’s what you should do:

  1. Keep your valuable data backed up, both locally and in the cloud, preferably in multiple locations
  2. Don’t rely on Antivirus alone, as this reactionary software can’t handle the newest strains. Use a proactive tool capable of blocking infections at their source and stopping dangerous links

4. Cryptojacking that affects their hardware

As we explained in our protection guide against cryptojacking, this type of attack involves hijacking your computer’s hardware in order to mine cryptocurrency for the criminals.

One of the most popular ways to do this was to target a vulnerable website and inject a script (Coinhive has been the most popular). Then, unprotected visitors on that website had their computers enslaved in order to mine cryptocurrency.

Cryptojacking has been one of the most popular attacks this year, almost surpassing ransomware, and it’s constantly evolving.


  1. Use a reputable antivirus and, alongside it, an anti-malware solution that constantly scans traffic and blocks infected domains
  2. On any browser, use an Adblocker that has can stop cryptocurrency-mining scripts. One example is uBlock Origin but you can also use the popular extension NoScript
  3. Always update your software, especially your browser, since some cryptojacking targets the browser directly


Cyber Security Threats

5. Financial losses and data compromise due to cryptocurrency trading

The end of 2017 marked a crazy in the world of cryptocurrency, with the value of Bitcoin reaching $20K. At the same time, cybercriminals also had an even bigger incentive to get creative with their attacks.

Beyond cryptojacking, which usually affects those who are not invested in cryptocurrencies, those who owned any type of virtual coins were prime candidates to lose their money.

In  June, the sixth-biggest crypto exchange in the world, Bithumb, was hacked, and around $30 million was lost. Fortunately, those users who kept their coins there were reimbursed, but others were not so lucky.

In February, another crypto exchange (BitGrail) was hacked. The attackers took off with $195 million worth of Nano cryptocurrency belonging to users. That incident blew up in a scandal after the company initially refused to refund users. And that’s only the attacks on the exchanges themselves.

Cyber Security Threats

Cryptocurrency holders around the world are constantly targeted by ever-evolving attacks aimed at their virtual wallets.

One cryptocurrency trader and YouTube personality, Ian Balina, was targeted in a hack and lost almost $2 million dollars. Another, Peter Saddington, told the press that someone used social engineering on Verizon’s customer service then targeted him. He lost a “significant amount” of money and a lot of valuable data.

“It fundamentally changed my life. I lost everything. I lost 13 years of emails,” he said.

In January, a criminal stole $150.000 by tricking would-be investors in an ICO sale to send their payments to a fraudulent wallet address using good, old-fashioned phishing. Wired had a great write-up on why it’s so easy to hack a cryptocurrency fundraiser.

Even the popular Hola VPN chrome extension was hacked and replaced with a compromised one designed to steal cryptocurrency.


While it’s impossible to control for all outcomes, especially a data breach, there are some steps you can take:

  1. If you invest in cryptocurrency do not tell others about this. Specifically, don’t post on social media about it.
  2. Keep your funds in multiple wallets
  3. Secure all your logins with two-factor authentication
  4. Stay on top of the news to keep up with the latest types of scams. A dose of paranoia when involved in crypto is one of the healthiest things you can do.

6. Scams with advanced social engineering tactics

We try to keep up with the most popular or creative online scams and gather them in our prevention guides so that you can stay safe. Fossbytes wrote a very good rundown on the types of social engineering techniques that can compromise your info, from phishing to baiting and the “quid pro quo”, where criminals pose as support employees.

However, with the rise of AI and machine learning, those criminals can efficiently automate their attacks in order to maximize their reach.

“Machine learning models can now match humans at the art of crafting convincing fake messages, and they can churn them out without tiring,” warns MIT Technology Review.


  1. Learn how to spot a phishing link and understand how other techniques like vishing or spear phishing work
  2. Install a traffic scanner on your PC that can block malicious links and attempts to connect to infected domains
  3. Avoid posting too much personal information on social media

7. IoT devices like smart locks or smart assistants being hacked

In May, an NYTimes piece perfectly articulated privacy advocates’ biggest concerns and one of the biggest cybersecurity threats, citing a group of Berkeley researchers who managed to attack Alexa.

“Inside university labs, the researchers have been able to secretly activate the artificial intelligence systems on smartphones and smart speakers, making them dial phone numbers or open websites. In the wrong hands, the technology could be used to unlock doors, wire money or buy stuff online — simply with music playing over the radio.

A group of students from University of California, Berkeley, and Georgetown University showed in 2016 that they could hide commands in white noise played over loudspeakers and through YouTube videos to get smart devices to turn on airplane mode or open a website.

This month, some of those Berkeley researchers published a research paper that went further, saying they could embed commands directly into recordings of music or spoken text. So while a human listener hears someone talking or an orchestra playing, Amazon’s Echo speaker might hear an instruction to add something to your shopping list.”

Cyber Security Threats

While the reporter and researchers underlined that, to the extent of their knowledge, fortunately, no such attacks have been spotted in the wild.

By exploiting the “re-prompt” feature that makes Alexa clarify an order, Checkmarx tricked Amazon Echo to record everything spoken even if the wake word wasn’t used. It was just this year’s headline, as in 2017 one security researcher, Mark Barnes, showed off how to install malware on an Amazon Echo.

Of course, Amazon is a huge company, so it invests plenty in securing their devices and their reputation. However, there is no such thing as unhackable software, so you need to exercise caution.


  1. Consider if you do need to have a device like a voice assistant connected to every smart appliance you own. “Convenience versus privacy and security” is a debate everyone should have with themselves before purchasing devices and software.
  2. If you own a device like this, make sure you connect it to a secure WiFi.
  3. Be careful about allowing smart devices access to your credit card. Last year, an Amazon Echo owner woke up to find Alexa had purchased a lot of dollhouses.
  4. Take stock of who visits your home and what kind of access your friends and family have to your voice assistant


Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Categories: Malware

Leave a Reply

Your email address will not be published. Required fields are marked *