Devices at home are the top target for cyber criminals in 2023
Attacks are getting more sophisticated and widespread
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Everyday users are increasingly the target of cybercriminals, with old and new threats getting ever more sophisticated.
That’s the worrying scenario depicted byReasonLabs, provider behind some of thebest VPNservices andantivirus softwareon the market.
For their2022 reporton the state of consumer cybersecurity, researchers analyzed cyberattack detections throughout the year to provide recommendations on how users can protect their devices, as well as offer predictions on future challenges.
“Much time and money are now being spent by large corporations to protect their network security. The same level of cybersecurity must be afforded to individual home users as well,” concludes the report, while highlighting the pressing need for better cybersecurity education for all.
We discussed this and other findings with ReasonLabs' CTO and founder Andrew Newman. That’s what he said.
With over 25 years of experience in cybersecurity, Andrew Newman started off with his own antivirus company back in the early 2000s. This was later acquired by Microsoft. Here, he worked on a few innovative projects, like creating the first version of Windows Defender. He left the big tech giant after four years to follow his entrepreneurial dreams. He founded ReasonLabs in 2016 to provide enterprise-level solutions for the consumer cybersecurity market.
1. Shift in cyber attacks from enterprises to home users
This shift by criminals to move away from enterprises is because it’s getting harder and harder as companies are fully invested to protect themselves.
Bad guys aren’t willing to reduce the amount of money they can make, though. They’re just shifting it to larger quantities. So, instead of spending so much time attacking one potential enterprise victim, they’re attacking millions of consumer victims to make up for that. Whatwe’re actually seeing isa lot more widespread attacks. They’re using very sophisticated technology, too.
Also, as more and more people areworking from home, they’re taking their enterprise laptops home. They’re connecting to their home networks and these networks aren’t protected. So, there are gateways now into their enterprise. We’re then anticipating agrowth ininformation stealersattacks,which are basically Trojans stealing your passwords.
Obviously,phishingis one of the biggest attack factors today, but what we’re seeing is a lotmore sophisticated phishing. Cybercriminals are using software like ChatGPT, for example, to clean up their grammar and make it [the phishing message] look good.
2. Cyberwarfare increasingly targeting consumers
Likewise, in standard non-cyber warfare, if you’re attacking the population this would create psychological and financial effects on the country.
We see this certainly happening in Ukraine and in many other places where they’re attacking civilian infrastructure, civilian home computers through mostly wipers, which are just destructivemalwaretocause chaos in society.
North Korea has a massiveransomwareoperation ongoing where they’re stealing billions and billions of dollars for theirfinancial gain. North Korea is probably one of the larger distributors of ransomware besides Eastern Europe and Russia, and they’re targeting strictly consumers.
That’s terrifying because consumers have very little protection and the actors who are building these weapons are extremely sophisticated. We’re just going to see it more and more in my opinion, especially attacks to major infrastructure that affects consumers directly.
3. 2023 attacks predictions
We saw [in 2022] aretooling by the bad actors. Coin miners are a good example of it. As the crypto market dropped significantly, we saw these types of attacks dropping too. Again, cybercriminals don’t want to lose money, so they’re just focusing on other tactics. They are moving into weaponized Trojans or info stealers, instead.
I think we’re going to see a lotmore in the ransomware spacein the coming years since enterprises are better protected. And, because of that, criminals have to do much larger scale attacks.
Similarly, they can send out millions and millions ofphishing emailswithout being targeted. All you need is a small hit rate that people actually click on it, and it’s mostly game over for many individuals who aren’t well protected.
We havetwo-factor authenticationtoday, which is better than just the password, but it’s not great. There are tons of ways around that. Not to mention the fact that it’s just intrusive from a day-to-day life to deal with 2FA every time you want to log into your e-mail or to whatever account.
Numerous companies are moving to find other ways to do it, whether it’s biometrics or whatnot, which actually was big years ago. I don’t see a silver bullet at this point of what the next step of technology is. They’re constantly talking about password list technology, but I don’t see it happening for everyday users in the very near future.
4. The need for better cybersecurity education
What we should be promoting a lot more is better cybersecurity posture through education. This is the foremost important thing, starting at an early age.
That’s actually one of the things I try to teach my children, how to spot shady things online. That’s the first line of defense. We, as a society, just don’t do a good enough job right now. We’re relying solely on technology to do it.
Security is a layered approach. You shouldn’t rely 100% on one technology to protect you against everything. One of the greatest challenges in the consumer market today is that they [consumers] just expect to be protected.
Regular backups, for example, are one of the best protections against ransomware. Again, same as two-factor authentication, you have to work a little extra harder. People just don’t want to do that. They want everything quickly, essentially just hand it to them.
But again, these are precisely the things we need to solve, firstly through education and then through technology by making it a little better. It just comes down to understanding the potential problems in case of attack.
I wish there was a class for tweens and teens to understand the issues that they’re facing out there. Whether it’s about malware and stuff like that, or even like cyberbullying. It just doesn’t exist something like that in the US education system.
5. What cybersecurity providers can do
A lot of them need to make sure their technology is constantly up-to-date. But what we’ve seen is that a lot of the older antivirus firms are not willing to invest an enormous amount of money in improving their tech.
We see a huge consolidation in the market, too, with a lot of the antiviruses buying each other. So, you don’t have as much competition in the market to elevate one player against the next player. It’s important that providersconstantly improve their technologyas fast, if not faster, than the attackers improve theirs.
While, the biggest problem in the consumer VPN market is the way that a lot of theselog and sell your data. Even though they say they’re privacy-focused, they’re not. There are so many VPNs on the market, it’s hard to discern which is a legitimatesecure VPNtruly there to provide privacy and security, and the ones that are just there to sell your data.
6. The danger of free security software
In our world today, people expect everything for free. This is one of the reasons why many people have malware on their systems. They’re downloading free games, for example, that come packed with malware. It’s a huge problem.
When people choose not to share their information privacy, you see companies like Facebook and Google losing billions of dollars as a result. This goes to show you how collecting such information is so valuable to these advertising companies.
Again, as people expect free software, they’re willing to click yes to everything without understanding the implications of it.
7. How ReasonLabs aims to protect users
What we’ve seen in the past is that traditional antivirus companies haven’t really changed their consumer protection all that much.
So, we decided to build the same architecture of next generation antivirus protection that the enterprises usually have into the consumer. We did so by really investing a lot of energy into understanding how we could reduce those costs on the consumer side and still provide the same level of protection.
We have technology that focuses on all the different layers of security users would need. So, your typical antivirus andanti-malware, protecting against Trojan, ransomware, and all of those things. Then we also have things likeVPNandDNS protection.We even have other products like what we call Family Keeper, a mobile app to help manage the protection of children.
We look at the whole internal consumer network holistically and try to protect each endpoint as good as possible using different types of technology layers around it. That’s our core focus today. If we could stop and protect the endpoint devices, we could also protect all these other potential issues.
Discover how an ex-Google Head of Ads developed an ad-free search engine
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up.She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com
Is it still worth using Proton VPN Free?
Mozambique VPN usage soars as internet restrictions continue
MacBook Air OLED reportedly delayed until at least 2028 – here’s why
