Beneath the composite skin of an F-35 fighter jet is an interconnected network comprised of weapons and logistics systems and a “threat library” database. This “flying computer” is connected to the military through at least two secure networks. However, the same technology that makes the F-35 one of the most advanced pieces of machinery in existence makes it more vulnerable to cyber attacks than enemy fire.

How do you think the firewalls on your phone stack up to a fighter jet’s cyber security protection?

Our society has grown increasingly reliant on computer networks and information technology solutions. As our dependence grows, so too does our vulnerability to cyber security threats. With cyber attacks growing more sophisticated, we think it’s appropriate to go over the looming threats in cyber security.

Gone Phishing

The 2021 Verizon Data Breach Investigations Report (DBIR) analyzed 29,207 cyber security incidents and 5,258 confirmed breaches. Denial of Service (Dos) attacks accounted for the majority of these incidents. However, social engineering accounted for more breaches than any other threat, with phishing being the top threat in this category. Phishing scams attempt to trick individuals into disclosing personal information, including passwords, account numbers, and Social Security numbers.

Let’s say you receive an email or text message at work urging you to (unknowingly) visit a malicious website. Thinking the message is from a trustworthy entity, you follow the enclosed link and submit your private credentials. An attacker armed with your stolen credentials now has access to normally restricted areas of your company’s website, where they have free reign to install malware or launch a DoS attack.

Avoiding a phishing scam may seem as simple as emptying a spam folder. Phishing messages and their respective malicious websites, however, are becoming increasingly believable, and the number of phishing attacks has risen dramatically since the recent work-from-home migration. With a treasure trove of data now stored in the cloud, attacks like these are only going to grow in number and severity.

Not-So-Smart Devices

The Internet of Things (IoT) is an emerging technology revolutionizing the global network connecting our smart devices. Everything — and we mean everything — is now being designed to take commands and share information. Televisions, thermostats, and toasters are just some of the devices receiving the IoT treatment. Automation is making our lives easier in many ways, but the risks that come with being surrounded by devices that collect and share data should give everyone pause.

Particularly vulnerable to cyber security threats, IoT devices are:

  • Often unattended, allowing attackers to easily gain physical access.
  • Connected over wireless networks where data is often unsecured.
  • Lacking security measures due to power and computing restraints.

By launching a cyber attack against IoT devices, such as an air-conditioning or heating system, an attacker could endanger human lives. Data gained from IoT devices could also inform an intruder when a homeowner is out for the night. Most alarmingly, an attack on IoT technology could threaten utility systems. Speaking on the growing number of cyber security attacks on water treatment plants, consultant Bryson Bort said, “If you could imagine a community center run by two old guys who are plumbers, that’s your average water plant.” To combat growing threats, the design of IoT devices will need to prioritize privacy and data confidentiality. 

Crossing the Uncanny Valley

Deepfakes are hyper-realistic videos that use artificial intelligence (AI) to swap faces and depict a fictional version of events. Used for good, deepfakes can create a version of Back to the Future featuring Tom Holland as Marty McFly. Yet in our “post-truth” world where misinformation is willfully shared, deepfakes have the potential to impact multiple aspects of society, including the realm of cyber security.

Video of a corporate leader declaring bankruptcy, committing a crime, or announcing a merger would send stocks plummeting or soaring, regardless of the validity of the footage. But market manipulation isn’t the only form of viral fraud that can be committed with a deepfake. An attacker could blackmail company executives by threatening to go viral with a deepfake depicting pornographic imagery, for example. Not unlike a phishing email, a deepfake could also enable an attacker to impersonate an executive, urging employees to transfer cash or share credentials.

Friend Request Accepted

Every time you log on to Facebook, Twitter, or LinkedIn, you’re entering a digital landscape shared by roughly 4 billion social media users. Unfortunately, not every account is linked to someone with good intentions, and anonymity only empowers malicious online actors. The threat of deception is only exacerbated by the sheer number of social media sites, each with its own vulnerabilities and poor design choices. Out of all the threats we’ve discussed, social media deception may prove the most difficult to mitigate.  

Protected by anonymity, an attacker will lie about their name, marital status, or occupation — anything to gain the trust of victims. Not that they have to create a fake account themselves. By setting up networks of infected computers called botnets, attackers can automate the creation of new social media accounts. Unsuspecting victims who befriend a fake account will receive spam containing links to malware, which will in turn hijack their accounts to spam their friend list with malicious links. Social media deception again opens the door to phishing scams, allowing attackers to gain access to an individual or company’s private information.

Learn to Combat Cyber Security Threats at UT Permian Basin

Ready to combat growing threats in cyber security? The University of Texas Permian Basin offers two online certificate programs for professionals interested in becoming security analysts, information systems analysts, and system administrators, among other cyber security careers. They are:

Entirely online and asynchronous, our certificate programs allow students to explore security vulnerabilities from anywhere with a (hopefully secure) Wi-Fi connection. Apply to one of our online cyber security certificate programs and gain the skills, knowledge, and experience to pursue a rewarding career: one where you get to make the world a little safer from growing cyber security threats.