Hello!
Since the inception of the first computer virus, cybersecurity has been a necessity. In 1971, the ‘creeper virus’ was developed that could replicate itself across multiple computers.
The threat landscape is changing with the development of new technologies like AI, Immersive Experience, and Voice Economy. Threat actors are constantly improving their tactics and tools by creating new strategies to achieve their evil goals.
Cyberthreats are increasing in scale and complexity. Businesses and public agencies need to ensure critical infrastructure is protected.
This article examined the evolution of cyberattacks over the past 12 months, the major lessons learned, the threats that will be faced in the future, and the strategies that companies can use to protect their data and endpoints from cyberattacks.
The Top Cyberattacks of the past 12 months
1. Phishing attacks in the era Covid-19
Threat actors use this message to trick people into clicking on malicious links or downloading them. Many people worked from home during the Great Lockdown of 2020. This is a great opportunity for cybercriminals, as communication and businesses are entirely dependent on the internet.
The FBI released reports that revealed phishing was the most common form of cybercrime in 2020. This is near twice the number of incidents reported in 2019, which was only 114,702.
2. Ransomware Attack
In the past 12 months, ransomware attacks were profitable for threat actors. Ransomware locks the files of victims’ systems and redirects them onto a page where they can pay a ransom.
The Cyrus ransomware, which masqueraded as software to fix corrupted DLL files on a computer’s system, is a notable example. Reuters states that over 1500 businesses were affected.
3. Attacks on IIoT and IoT
Cybersecurity is a concern with the adoption of the Internet of Things (IoT) as well as the Industrial Internet of Things (IIoT) at both individual and industrial levels. Connected devices can make our lives simpler, but if they are not properly secured and configured, they could leak our sensitive information to the bad guys.
An IoT botnet used vulnerable access control systems to gain entry into office buildings in 2020. A keycard swipe can be all it takes to gain access to the building.
4. Password Compromise
Google conducted a security survey and found that 52% of people reuse their passwords on different websites. This means that a cybercriminal could gain access to all accounts simply by breaking into one account. Password attacks are still a major attack vector for many organizations.
The same survey revealed that 42% of respondents had experienced security breaches as a result of a password compromise.
That was a notable example. It contained a list of leaked passwords that had been found on a hacker forum. This was claimed to be the largest ever collection. It contains approximately 100GB of text files, which include 8.4 billion passwords compiled from past data breaches.
You can type your details in https://haveibeenpwned.com/ to know if your email or password has been breached.
5. Identity Theft
Based on a report from the Federal Trade Commission of the United States, cases of theft doubled between 2019 and 2020. It received approximately 1.400.000 cases. The majority of cases involve threat actors who target individuals financially affected by the pandemic.
Cybercriminals also used unemployment benefits that were reserved for pandemic victims. These benefits were claimed by fraudsters using stolen information from thousands.
Let’s say that this is combined with the recent Facebook and Linkedin data thefts. Malicious actors had access to users’ data via public APIs. This case illustrates how privacy has become a concern for both individuals as well as companies.
6. Insider Threat
Although not as well-known as other types of attacks, insider threat is common to attack that can affect both small and large businesses.
Anyone familiar with the internal structure and operations of a company can suspect it. A Verizon report for 2019 found that 57% of database breaches were caused by insiders.
What are the Lessons from The Greatest Cyberattack?
There are lessons to be learned from the attacks described above. Let’s take a look at some of them.
1. The threats are nothing new
Similar attacks were experienced by Wannacry in 2014, which also affected Sony. Organizations can still protect themselves from infiltration and exploitation by using firewalls and regular patching. Interestingly, the Wannacry vulnerability was patched two months before the attack.
However, many organizations did not patch it. Critical infrastructures were affected by the attacks for those who didn’t patch.
2. Many organizations are extremely vulnerable
NotPetya cyberthreat exploited Microsoft vulnerability SMB-1 by targeting businesses that didn’t patch. Organizations must develop cyber-resilience by downloading and installing patches regularly.
3. Prioritize Data Backup
A backup can help you to keep your business running, even if your data is compromised by ransomware. Organizations must backup their data outside the network.
4. Create an Incident Response plan
Companies were able to stop Wannacry spreading by reporting and proactively responding to incidents. Companies must issue warnings within 72 hours of an incident or face penalties from regulators.
5. Only by paying the ransom, you open yourself up to more attacks
Although it may be easier to pay the ransom expecting your files to be restored, as long the communication link remains intact, the threat actors will always return. It is almost like giving them the power to carry on their attacks.
What would Cyberattacks look like in the Future?
Cybersecurity experts forecasted that the financial losses caused by cyber threats would reach $6 trillion by 2021. In 2021, cyber-attacks are expected to happen every 11 seconds.
It was 19 seconds in 2019, and 40 seconds in 2016 Cyberattacks could be happening every second in the future. We would also see an increase in cyberattacks and severe financial losses to victims.
Deepfake & Synthetic Voices
Deepfake was a hot topic in 2019, as threat actors continue to innovate ways to improve their technology and tools for malicious and entertaining purposes, such as illegal pornography.
Cybercriminals will soon call customer call centers using synthetic voices to determine if organizations have the technology and tools to detect their operations. The banking sector will be one of the most targeted sectors.
Conversational Economy Breach
Fraudsters will continue to exploit the potential opportunities in the voice economy as companies deploy voice technology, and people adopt digital assistant technologies such as Siri and Alexa. Pin Drop Statistics reports that 90 voice attacks were committed each minute in the United States.
One out of 796 calls made to the call center were malicious. We should expect voice data breaches about voice-based applications now that we all migrate to Clubhouse.
Companies would need to address privacy concerns and voice protection, as well as support call centers with tools and solutions that detect and prevent fraud.
Security Cam Video Data Breach
Bloomberg reported on a March 2021 breach of surveillance camera data. Hackers gained access to live feeds from over 150,000 surveillance cameras in schools, hospitals, prisons, and police departments. Cloudflare Inc., Tesla Inc. were two of the most affected companies.
The hackers also had access to live feeds from Verkada offices, psychiatric hospitals, and women’s health clinics. This breach was caused by the leaking of Silicon Valley Startup sourcing information.
This is a vivid illustration of the privacy implications and security cam video data breaches.
Apple/Google Pay Fraud
Hackers are using stolen credit cards to buy via Apple Pay and Google. Over 500, 000 ex-Google+ users’ data was leaked to third parties recently. Google offered to settle a class-action lawsuit by paying US$7.5 million.
Three Things You Can Do To Keep Yourself Safe
These are the three most important things to do if you’re concerned about cyber-attacks increasing in frequency.
1. Secure Your Hardware
It is great to have the latest equipment. However, it is equally important to protect them with the best cybersecurity measures. You can, for example, use a complex password to reset default passwords set by hardware manufacturers.
As an extra security layer, you should also set up two-factor authentication after creating a password. Strong endpoint security tools can be used to protect your network and systems.
2. Protect your data with encryption and backup
The Cyberthreat Prevention Measure is a formidable combination of two elements. It blocks access to confidential data and renders the data inoperable if it is stolen by cybercriminals.
Encrypting data can help achieve the latter. Data breaches can be prevented by encryption. Encrypt all customer and employee data, as well as any other business data.
3. Educate your employees
Although banning staff was a good security measure in 2005, remote working and the pandemic have forced the use of the “bring your device (BYOD).” approach.
This new trend demands that security be designed to reflect this change. This can be achieved by planning a simulation that teaches you how to detect and avoid phishing links, and fake websites.
A security culture at work is essential. You can use the example of “If you see it, say it!”
Conclusion
The sophistication of cyberattacks will increase as new technologies emerge. The possibility of hackers listening in on conversations with Siri and Alexa is a growing trend.
They can use IoT devices to recruit IoT device users into an army of bot-equipped robots that will shut down smart cities and take down critical assets. Threat actors may also use deep fake technology and artificial voices in social engineering to commit various frauds.
Thank you!
Join us on social networks!
See you!