There are things in the security field that surprise researchers, analysts, and executives alike.

When we see things like default passwords hardcoded into new hardware, we are shocked – and truth be told, a little unnerved.

While it is not necessarily surprising that ‘123456’ continues to be the most used password for a variety of applications, what is surprising, and a bit puzzling, is that people have not been able to change those habits.

When organizations still behave as if security is an afterthought and that reducing their security risk is not a priority, that too, we find startling.

Despite our surprise at the things mentioned above, some things don’t surprise us. Here are three of them…

North Korea’s interest in cryptocurrency

Take North Korea, for example. The country has a long and storied history of conducting cyber attacks to further its own agenda. 

The country is under strict sanctions and, practically, this reduces North Korea’s ability to generate revenue, leaving the country searching for a better method of garnering funds.

Enter: Cryptocurrency.

North Korea has shown extreme interest in cryptocurrency, in part because by trading the cryptocurrency, the country can bring funds into its borders, effectively circumventing sanctions.

Lazarus Group, the North Korean APT known for its far-reaching and extended hacking campaigns, has been attacking cryptocurrency exchanges since at least early 2017, most recently targeting a cryptocurrency exchange in the APAC region.

And no, we’re not surprised.

Attackers targeting the weakest among us

The second thing that doesn’t surprise us is that attackers continue searching for and attacking ‘softer’ targets – most recently, home users and small businesses.

Attackers will nearly always choose the path of least resistance to accomplish their goals, and the defense-in-depth strategies NTT Security recommends are designed to frustrate attackers’ attempts at breaching client networks.

So, it comes as no surprise that attackers have been recently leveraging the Ursnif Trojan, a variant of Gozi malware, to attack home users and small businesses by using one of the oldest tricks in the book – social engineering.

Home users and small businesses are likely not as vigilant and lack layers upon layers of security protecting them inside their networks. In other words, they are easy targets.

Here again, we’re not surprised.

IoT devices still vulnerable

The third thing that does not surprise us is that attackers are continuing to target vulnerable IoT devices. A quick Google search reveals that vulnerable IoT devices are the norm. 

In other words, since security is not built-in to many IoT devices, the onus is on the user of that IoT device to work out how to secure their network environment when these IoT devices are part of the network.

Along these same lines, NTT Security researchers saw attacks just last month targeting IoT devices – specifically IP cameras.

And again, no – we’re not surprised.

No one likes surprises

We know attackers will continue getting better at what they do (and this won’t surprise us), but we also know that we can all get better at what we do – defending ourselves, our data, and our networks against these same attackers and, in so doing, we can better avoid any nasty surprises.