Cybersecurity is one of the biggest threats to businesses and the COVID-19 pandemic has created further opportunities for cybercriminals to take advantage of businesses and individuals who are not prepared for the most up-to-date threats.
The COVID-19 pandemic forced more individuals and businesses to work online and with this has come new opportunities for cybercriminals to target vulnerable individuals and businesses without adequate cybersecurity measure in place.
Zoom was one of the biggest beneficiaries of the COVID-19 pandemic as daily users skyrocketed from 10 million in December 2019 to over 200 million at the end of April 2020. Unfortunately, Zoom could never have predicted this level of growth and with it, security issues soon cast a shadow over the product that was instrumental in helping the world adjust to a new normal.
Proofpoint, which specialises in email fraud security, released a report in March 2020 outlining the extent to which the coronavirus can drastically change an industry: 80% of the overall threat landscape is using the virus as a theme in their attacks.
Email is just one of several ways in which cybercriminals are targeting individuals and businesses during this time. Let’s take a closer look at some of the main threats to cybersecurity in 2021.
It feels as though phishing is one of the oldest cybersecurity tricks in the book, and yet it is still as prolific today as it has always been. The problem is, people are now online even more.
A phishing attack is a digital message sent to trick people into clicking a link inside it. Email is the most typical form of phishing attack, however, we have started to see cybercriminals using text messages and other messaging apps to try and elicit a click from vulnerable users.
Machine learning is now being used by cybercriminals to quickly craft and distribute convincing fake messages that can compromise an organisation’s networks and systems.
These types of attack enable hackers to steal user logins, credit card credentials and other types of personal financial information, as well as gain access to private databases.
Ransomware attacks are believed to cost victims billions of dollars every year, as hackers deploy technologies that enable them to literally kidnap an individual or organisation’s databases and hold all the information for ransom. The rise of cryptocurrencies like Bitcoin is credited with helping to fuel ransomware attacks by allowing ransom demands to be paid anonymously.
In 2021 and onwards, it’s possible to see more sophisticated attacks going on. Ransomware could ask for a dynamic ransom, depending on the environment in which it’s executed. And it is increasingly businesses that are feeling the pinch. ITPro Today reported, “The rate of detections within businesses rose from 2.8 million in the first quarter of 2018 to 9.5 million in the first quarter of 2019. That’s nearly a 340% increase in detections.”
This is because businesses are typically in a stronger position than individuals to pay a ransom and the information stolen by cybercriminals is typically more valuable than most individual targets.
Simply put, an IoT attack is any cyberattack that leverages a victim’s use of internet-connected smart devices (such as Wi-Fi-enabled speakers, appliances, alarm clocks, etc.) to sneak malware onto a network. These attacks target IoT devices specifically because they are often overlooked when it comes to applying security patches—making them easier to compromise.
The number of IoT-connected devices continues to grow exponentially and the introduction of IoT-based technology in smart cities around the world only opens up new potential threat opportunities for cybercriminals.
Zero Day Exploits
Attacks that use zero-day exploits are hard to counter. As the name suggests, a zero-day exploit is a cyberattack that occurs on the same day a weakness is discovered in software. At that point, it’s exploited before a fix becomes available from its creator.
Initially, when a user discovers that there is a security risk in a program, they can report it to the software company, which will then develop a security patch to fix the flaw. This same user may also take to the Internet and warn others about the flaw. Usually, the program creators are quick to create a fix that improves program protection, however, sometimes hackers hear about the flaw first and are quick to exploit it.
As zero-day exploits in widely-used software offer criminals a wide attack scope, it is believed that zero-day exploits will still be an important security threat in 2021 and beyond.
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices.
Whilst DDoS attacks are a well-established form of cyberattack, they still present a very valid threat in 2021 and beyond.
Who is a target of cybercrime
One of the biggest mistakes made by any company, big or small, is to think that they will never be a target of cybercrime. The same goes for individuals. Cybercriminals do not discriminate and everyone and every business is a potential opportunity for cybercriminals.
Recently, the New Zealand Central Bank was hacked through an external file-sharing platform. Whilst not confirmed, this was most likely a ransomware attack, however, IT security researcher Dave Berry suspects a foreign government may have been behind the attack rather than a criminal organisation because “state institutions will not pay you a ransom.” On the other hand, a foreign country could be more interested.
Critical infrastructure is also a target for cybercriminals and the threat to critical infrastructure operations is becoming more credible.
In May 2021, in New Zealand, the Waikato DHB (District Health Board) was subject to a “Zeppelin” ransomware attack that crippled the DHB system. Jeremy Jones, head of cybersecurity at IT consultancy Theta, said the Zeppelin ransomware had been around since 2019 or earlier, but the recent upgrade of the malware made it “harder to detect [and] more aggressive”.
It is expected to take weeks for the Waikato DHB to recover from the attack and resurrect nearly 700 computer servers. It is expected that the hackers are likely to threaten to dump patient information online if a ransom is not paid. The health board has already stated that it will not pay any ransom.
The gaming industry is particularly vulnerable to cybercrime given the nature of the industry and the financial implications. User data is extremely sensitive and online casinos like Betway invest heavily in cybersecurity measures in order to counteract the threat of cybercrime and provide customers with a safe and secure environment when they are gaming online
And that is becoming increasingly important for businesses around the world: invest in cybersecurity or face the risk of attack from increasingly sophisticated cybercriminals.