Cue the 2020 meme—a year marked by business disruption and general chaos is now also known for a 400% increase in cyberattacks. That’s right, according to the FBI, cyberattacks are up by about 400 attacks a day or 400%.
Interpol is also reporting an “alarming rate of cyberattacks aimed at major corporations, governments, and critical infrastructure.” These attacks are targeting organizations from every industry. However, large corporations, governments, and even critical medical organizations are major targets.
“If 2020 was a good year for anyone, ransomware operators would be at the top of the list. The past 12 months have seen more companies than ever negotiate and pay ransoms to get data back, despite the FBI’s strong guidance to not do so. At the same time, the size of ransoms that attackers demand has increased sharply, with amounts well in excess of $10 million becoming fairly routine.”
In this blog, we’re going deeper through the Cybersecurity trends creating new challenges for IT leaders new to supporting a connected, remote workplace. You’ll see how hackers are targeting organizations and which areas need an extra layer of protection.
COVID-19-themed Cyberattacks are the new normal.
During the initial escalation of the COVID-19 outbreak, cybercriminals echoed local crisis developments and responses. Microsoft is reporting COVID-19 themed attacks, with cybercriminals gaining access to a system via phishing or social engineering attacks, have spiked to 20,000 to 30,00 a day in the U.S. alone. In fact, according to CBS News, ransomware-specific attacks are up 800% during the pandemic.
“After peaking in early March, COVID-19 themed attacks settled into a “new normal”. While these themed attacks are still higher than they were in early February and are likely to continue as long as COVID-19 persists, this pattern of changing lures prove to be outliers, and the vast majority of the threat landscape falls into typical phishing and identity compromise patterns.”
Cybercriminals are constantly adapting and pinpointing new ways to target fresh victims. Commodity malware attacks hunt for the largest risk-versus-reward payouts. While CIOs focus more on the threat of advanced attacks exploiting zero-day vulnerabilities, the greatest peril every day is being manipulated into running unknown programs or Trojanized documents.
Meanwhile, organizations have been building up their defenses against heightening attacks. Since April 2020, Microsoft noted defenders increasing phishing awareness and training for their enterprises, raising the cost and complexity barrier for cybercriminals targeting their workforce.
A dynamic Microsoft explains as cybercriminals acting as “sellers” and victims acting as “customers” responding to a tough sell.
Cyberattackers are looking for a local point of entry.
Cybercriminals are constantly working to identify the most vulnerable point of entry. One approach to this targeting strategy is a hunt for new ways to draw victims in with bad links and malicious files or updates. Historically, hackers have cast an indiscriminatingly-wide net to increase the number of potential victims. However, attacks that result in a lot of “noise” are easier to identify and stop in their tracks.
That’s why Cybercriminals—taking notice to these trends—are launching a different plan of attack. Now instead we are seeing growing small-scale, localized attacks powered by laser-targeted social engineering to keep hackers under the radar while compromising more victims.
This pattern aligns with the latest phishing studies showing highly localized social engineering lures. So, what does that look like for your business? In many enterprise-focused phishing attacks, it looks like documents team members are expecting in their inbox arriving with a call to action. Or, it could look like a smishing attack with employees receiving false or misleading messages about direct deposit issues.
Cybercriminals know IT teams are overloaded.
The impact of COVID-19 on the global workforce is undeniable. IT operations teams have more on their hands than ever before. From supporting a remote, connected workplace with more frequent requests to balancing their family life at home sharing their space with partners and kids who need hands-on help with e-learning. It’s a lot to handle, and hackers are aware of this.
Cybercriminals are constantly looking for ways to exploit strapped IT departments and disparate workforces still learning how to leverage their organization’s technologies in the safest and most productive way.
Build a smarter security strategy
Are you ready to build a security strategy for the new normal? Our security experts can help you define, architect, and implement a robust approach to protect your connected workplace against the latest cyberthreats.