Privacy, truth, clear blue skies…

Until lately, these are ideals we may have taken for granted. Back 30 years ago, these were models we never really thought about (though probably should have!).

Now, we look to the internet, to the cloud for everything – every question we have (How old is Elton John? What is the current season of The Walking Dead? What airplanes are over my head? Where is Jimmy Hoffa buried?).

Nothing is private; no piece of data can be considered secure. And now it seems that these questions, which used to be easily answered in the Encyclopedia Britannica, all lead to fake answers; false information – disinformation – easily formulated in the anonymous reaches of the interwebs.

In this month’s edition of the GTIC Monthly Threat Report, we take a look into some factors affecting our privacy and security, including external influence in our online – and geopolitical – affairs.

So many external sources – friends, advertisers, news outlets, and foreign governments – attempt to exert control over our thoughts and opinions. And these are frighteningly successful. Social media has played an increasingly pivotal role in social influence and public opinion. As such, we delve into Disinformation-as-a-Service campaigns, which can affect everything from elections to advertising; these types of campaigns aren’t new, by any means, but have recently been back in the news.

And from the skies, the increasing use of drones for both individual and commercial use – mostly beneficial – results in a host of issues, including entering restricted airspace (such as invading airport airspace or hindering firefighting efforts during wildfires), supply chain concerns, and potential privacy issues. GTIC leadership takes a look into some of these issues and provides some recommendations from both safety and privacy perspectives.

We also look at the potential security risks posed as applications are increasingly used as business drivers. With inadequate or poorly designed security built-in to applications, an organization can be exposed to increasing risk. In this edition of the Monthly Threat Report, NTT provides three metrics-driven phases proven to succeed in securing applications.

Lastly, GTIC researchers analyze data for the top targeted vulnerabilities during the month of October. In general, the most common vulnerabilities targeted in either internet-wide scanning or opportunistic attacks all allow remote code execution and are relatively easy to leverage. Not to mention proof-of-concepts (PoC) for these vulnerabilities are readily available, and are being employed by large botnets!

The clincher here is this: the most targeted vulnerability is over two years old!

As with most threats, these often boil down to user choices – question everything you read online. Don’t click on links in emails. Double – and triple – check sources where you can.  Understand what is important in your own environment, and patch early and often.

Read more in the GTIC Monthly Threat Report for October here.