As the world currently adjusts to life during the COVID-19 pandemic, there are always people seeking to profit from the situation that is impacting on so many lives.
During the crisis, we have seen a huge uplift in the use of video conferencing technology such as Zoom. As daily users have skyrocketed from 10 million in December to 200 million as we head towards the end of April, security issues have cast a shadow over a product that has been helping much of the world adjust to a new normal during these testing times.
Zoom are not the only ones to feel the pinch at this time. Cyber security threats have heightened during the crisis as cyber criminals look to take advantage of companies that cannot operate as securely as they usually would.
Proofpoint, who specialise in email fraud security, released a report in March outlining the extent to which the coronavirus can drastically change an industry: 80% of the overall threat landscape is using the virus as a theme in their attacks.
Email is just one of several ways in which cyber criminals are targeting individuals and businesses during this time. As we move through Q2 of 2020, we wanted to take a look at some of the cyber threats that you should look out for in 2020, not just those related to the COVID-19 crisis.
The Changing landscape of Cyber Security
Before we get into some of the biggest threats to look out for, we wanted to look at the cyber security landscape as a whole and assess how this has changed.
The non-profit Information Security Forum, which describes itself as “the world’s leading authority on cyber, information security and risk management,” warns in its annual Threat Horizon study of increased potential for:
- Disruption — over-reliance on fragile connectivity creates the potential for premeditated internet outages capable of bringing trade to its knees and heightened risk that ransomware will be used to hijack the Internet of Things.
- Distortion — the intentional spread of misinformation, including by bots and automated sources, causes trust in the integrity of information to be compromised.
- Deterioration — rapid advances in intelligent technologies plus conflicting demands posed by evolving national security and individual privacy regulations negatively impact organisations’ ability to control their own information.
Cyber Security Professionals shortage
In this ever changing landscape, with damage related to cybercrime set to be worth an estimated $6 trillion USD annually by 2021 (Source: Cybersecurity Ventures), the industry is suffering from a lack of cyber security professionals. CNBC reported in March 2019 that a serious shortage of cybersecurity experts could cost companies hundreds of millions of dollars.
According to the report, there were 2.93 million cybersecurity positions open and unfilled around the world.
Without trained security staff, organisations do not have the right controls or processes to detect and prevent cyberattacks.
This lack of trained cyber security professionals creates an issue for cyber security worldwide and contributes to the five biggest threats to cyber security that we have highlighted below.
1. Cloud vulnerability
According to the Oracle and KPMG Cloud Threat Report 2019, cloud vulnerability is and will continue to be one of the biggest cybersecurity challenges faced by organisations as we head into 2020.
As enterprises continue to rely more on more on cloud applications for the storage of sensitive data relating to their employees and business operations, the more they rely on the security of cloud-based solutions to keep that data secure.
This creates new problems for cyber security professionals as they are fighting cyber security threats across multiple areas of the business.
Forbes predicts that 83 percent of enterprise workload will be on the cloud by 2020.
These organisations make tempting targets for malicious hackers. Data breach, misconfiguration, insecure interfaces and APIs, account hijacking, malicious insider threats, and DDoS attacks are among the top cloud security threats that will continue to haunt firms failing to invest in a robust cloud security strategy.
2. Sophisticated phishing attacks
Phishing attacks, in which carefully targeted digital messages are transmitted to fool people into clicking on a link that can then install malware or expose sensitive data, are becoming more sophisticated.
Phishing is one of the oldest forms of cyberattack, and as employees and individuals have become more aware of the dangers of email phishing or clicking on suspicious looking links, cyber criminals have had to up the ante.
Machine learning is now being used by cyber criminals to quickly craft and distribute convincing fake messages that can compromise an organisation’s networks and systems.
These types of attack enable hackers to steal user logins, credit card credentials and other types of personal financial information, as well as gain access to private databases.
3. IoT-based attacks
The number of internet-connected “smart” devices in homes and businesses are starting to increase. The problem is that not all these smart devices have strong security installed—creating openings for attackers to hijack these devices to infiltrate business networks.
FireEye’s annual threat report outlined the threat of IoT-based attacks, stating that:
“Reaper, a malware that exploited vulnerabilities in IoT devices to gain access and spread itself. The end result of these types of attacks is that threat actors can enlist millions of compromised IoT devices to drive largescale attacks, including the distributed denial-of-service (DDoS) attacks that commonly disrupt and take down website, gaming, and other internet services.”
Simply put, an IoT attack is any cyberattack that leverages a victim’s use of internet-connected smart devices (such as Wi-Fi enabled speakers, appliances, alarm clocks, etc.) to sneak malware onto a network. These attacks target IoT devices specifically because they are often overlooked when it comes to applying security patches—making them easier to compromise.
4. Ransomware
Ransomware attacks are believed to cost victims billions of dollars every year, as hackers deploy technologies that enable them to literally kidnap an individual or organisation’s databases and hold all the information for ransom. The rise of cryptocurrencies like Bitcoin is credited with helping to fuel ransomware attacks by allowing ransom demands to be paid anonymously.
As we move into 2020, ransomware attacks are likely to focus more on businesses than individuals. As noted by ITPro Today, “The rate of detections within businesses rose from 2.8 million in the first quarter of 2018 to 9.5 million in the first quarter of 2019. That’s nearly a 340% increase in detections.”
One reason why businesses are being targeted more than private citizens now is that they have more money and motivation to pay ransoms.
Ransomware attacks generally involve the attacker infecting a victim’s systems with a piece of malware that encrypts all their data. The victim is then presented with an ultimatum—either pay the ransom or lose their data forever.
5. Vehicle cyberattacks
As more cars and trucks are connected to the Internet, the threat of vehicle-based cyberattacks rises.
The worry is that cybercriminals will be able to access vehicles to steal personal data, track the location or driving history of these vehicles, or even disable or take over safety functions.
While the driverless car is close, but not yet here, the connected car is. A connected car utilises onboard sensors to optimise its own operation and the comfort of passengers. This is typically done through embedded, tethered or smartphone integration. As technology evolves, the connected car is becoming more and more prevalent; by 2020, an estimated 90 percent of new cars will be connected to the internet, according to a report titled “7 Connected Car Trends Fuelling the Future”.
The Verge reported one of the most high-profile IoT security breaches back in 2016. A pair of hackers compromised the Jeep Cherokee, taking complete control of the steering, braking and transmission. This was done as a testing experiment, but it highlighted the flaws with internet connected devices and IoT security threats.
Summary
COVID-19 has heightened the threats posed by cyber criminals, however even before the global pandemic took control, many of these threats listed above, plus many more were already posing a threat to individual and businesses throughout the world. Some of these other threats include:
- Third party vendors, contractors, and partners
- Smart medical devices
- IoT attacks
- State sponsored attacks
- Cyber physical attacks
- Election security
- Disinformation in social media
- AI threats
- Deep fakes
- Data privacy
We find ourselves in challenging times where the threat posed by cyber criminals is greater than ever. As we extend our networks and provide access to information from anywhere it is important to ensure that your own security is as tight as possible. If you want to talk about cyber security solutions for your business, get in touch with one of the team today and keep your business and employees safe from cybercrime.