Reflecting on the last 12 months, 2020 was a watershed year in many ways. The health crisis sparked by the COVID-19 pandemic and subsequent changes in lifestyles across the world disrupted many social and commercial institutions. With most people encouraged to stay in homes to help curb the spread of the virus, more business processes migrated to the digital world.
Increased online connectivity provided a means to overcome unforeseen communication and collaboration difficulties caused by the pandemic – while inadvertently increasing risk of cyberattack. Introducing a wide range of unmanaged platforms and applications for connection to the Internet, the scope of vulnerabilities that cybercriminals can exploit expanded almost exponentially. A record number of cyberattacks occurred in the past year and will likely continue increasing in the coming months.
To help businesses minimize risks, Roebuck Technologies has compiled a list of the top cyberthreat trends in 2021.
Proliferation of mobile threats
The use of mobile devices for work-related purposes continues to grow in popularity as distributed workforces become a long-term solution for businesses. Mobile devices have many practical uses beyond communicating with colleagues and clients, such as efficient file sharing, real-time GPS tracking, and on-site data capture.
Unfortunately, the cybersecurity protocols and practices of most businesses have yet to sufficiently address the business risks associated with smartphones. Many employees use personal devices, which may lack the security features that company-issued devices possess and may contain applications that can compromise sensitive company data. Cybercriminals are aware of unsecured devices and will continue to exploit weaknesses if appropriate measures are not taken.
Increased swarm-based attacks due to 5G
5G provides faster and more reliable remote connectivity than ever before experienced. The downside of 5G technology, however, is that cyberattacks taking advantage of high-speed connectivity are more viable and prolific.
One type of cyberattack that may exploit 5G technology is the swarm attack, in which a group of customized bots, referred to as a “swarm,” invades an interconnected group of devices. The bots in a swarm subdivide into groups; each group has a particular function and attacks a specific aspect of a given network. The bots collect information, such as exploitable weak points, and share data with one another in real time, proficiently adjusting methods and vastly increasing potency of the attack.
More targeted ransomware attacks
Ransomware refers to a type of malware that encrypts business-critical files or software and holds data hostage for fees. As with many other forms of malware, a common strategy employed by ransomware threat actors had been the “spray and pray” method, in which the program is disseminated into a wide environment with hope that the attack will impact at least one target.
Recent years have seen the rise of ransomware targeted toward entities with particularly sensitive data or where continued operation is especially critical. Entities operating with sensitive information or business-critical systems are more vulnerable to extortion and willing to pay a ransom because of limited alternatives. Examples of at-risk organizations susceptible to ransom include a doctor’s office with personal data of psychotherapy patients and hospitals struggling to cope with the COVID-19 pandemic.
Advancements in social engineering attacks
Social engineering attacks exploit one of the most vulnerable parts of a network system: the human component. These social engineered attacks take advantage of human psychology, convincing the victim to actively participate in personal exploitation. Social engineering attacks may trick victims into giving away critical information or clicking links that trigger the invasion of malware.
Hackers often conduct social engineering attacks by impersonating other organizations or entities such as government agencies and not-for-profits, using the reputations of such organizations to engender trust. The tactic of threat actors falsely gaining trust of victims has previously been used during natural disasters such as hurricanes and earthquakes and continues to be viable in the pandemic.
Deepfake and AI-augmented scams
Developments in artificial intelligence (AI) and deepfake technology, which is able to simulate human likenesses and voices, have enhanced cyberterrorists’ ability to execute very personalized attacks on victims. Synthetic media tools enable attackers to effectively impersonate key personnel and directly engage with potential victims. In one notable example, an employee was tricked into transferring $243,000 into an external bank account by attackers impersonating the voice of a senior executive. The increased online interaction and social isolation of employees in lockdown heightens vulnerability to such attacks.
Increased volume of cryptojacking
Cryptojacking refers to the use of another person’s or entity’s computer without authorization to mine cryptocurrency. With the increased number of devices connected to the web due to work from home arrangements, there is a wealth of untapped computing resources available for criminals to exploit. Particularly vulnerable are “edge devices,” or those that provide entry points to larger networks.
The new status quo has brought its share of complications. Thankfully, businesses need not face them alone. Call Roebuck Technologies now to prepare your business for the year ahead.