Top 5 Cyber Security Threats of 2020
The year 2020 will go down in history as the year the world was struck by the COVID-19 pandemic resulting in large numbers of hospitalizations and deaths. The pandemic also had a major impact on computer networks and computer systems as many businesses implemented telework solutions. The overall increase in the number of individuals using computers, the internet and more specifically cloud-based solutions, created more opportunities for the emergence of cyber threats and attacks across the globe. Below are our top 5 cyber threats of 2020.
More Sophisticated Phishing Attacks – A phishing attack occurs when an attacker sends an email to an unsuspecting user containing either an attachment or a hyperlink. When the user either opens the attachment or clicks on the hyperlink the payload the attacker sent is activated. The payload usually initiates a software installation of some kind usually designed to either ex-filtrate data from the affected system or take up residence on the machine in hopes of later exploiting the machine itself or the network the machine resides on. 2020 has seen a significant increase in both the amount and sophistication of phishing emails across the business community to include even more targeted spear phishing and whale phishing types of attacks. The best prevention against limiting successful attacks is simply, user education. Phishing campaigns designed to keep users readily mindful of phishing attempts can be an effective prevention measure. Tips on how to recognize a phishing attack are available online or from cyber security professionals at your place of employment.
New variants of Ransomeware – New strains of ransomware have continued to ravage networks and individuals around the globe. A few new variants include Cerber. Cerber targets cloud-based Microsoft 365 users and has impacted millions of users using an elaborate phishing campaign. This type of malware emphasizes the growing need for SaaS backups in addition to on-premise. Another strain is named NotPetya. NotPetya is a variant of Petya, a strain of ransomware first seen in 2016. However, researchers now believe NotPetya is instead a malware known as a wiper with the sole purpose of destroying data instead of obtaining a ransom. Lastly, Locky’s approach is similar to many other types of ransomware. The malware is spread in an email message disguised as an invoice. When opened, the invoice is scrambled and the victim is instructed to enable macros to read the document. When macros are enabled, Locky begins encrypting a large array of file types using AES encryption. The best means of defense and protection still remains a good off-site backup of any critical data.
IOT Attacks – Internet of Things system intrusions still present a clear and present danger in today’s internet-powered world. Companies of all sizes and in all sectors are exposed, as long as they utilize non-security minded and configured IoT systems to make critical operational decisions, remotely and in real time. Such systems include, “Inventory trackers, temperature controls, or any type of IoT device that is gathering actionable data are at risk of an attack,” says Mike Nelson, Vice-President of IOT for Digicert. “The hacker either embeds malware on the device causing it to report inaccurate values, or, the hacker performs a man in the middle attack and manipulates the values as they are passed from the device.”
Botnet Attacks using AI machine learning capabilities – The first half of 2020 saw an increase in attacks and threats directed at Operational Technology (OT) and Internet of Things (IoT) networks. According to Nozomi Networks, a large number of the attacks were from from IoT botnets. Some of the IoT botnets that continue to present a threat in 2020 include Dark Nexus (derived from Qbot and Mirai), Mukashi, LeetHozer, Hoaxcalls, and Mozi.m. The CSDE issued an International Botnet and IOT Security guide for 2020 in an attempt to share information amongst various stakeholders and IT communities who need to protect their networks.
Cloud Jacking – Cloud jacking involves the compromise and subsequent hi-jacking of cloud-based accounts. Such accounts have significantly increased in usage as a result of the COVID-19 pandemic. To protect against cloud-jacking, businesses and individuals should implement multi-factor authentication technologies to additional requirements to achieve successful logon. Organizations should also consider the use of VPN technologies and private cloud network configurations to restrict network locations logon sessions can be initiated from.
