More than a year has passed since the first wave of COVID. It was the pandemic that became the catalyst for the changes in the IT world. During this time a lot of staff all over the world moved to home offices, and online commerce continued its growth. As experts predicted, the increased dependence of users on Internet technologies has led to a surge of all sorts of cybercriminals.
The main threats of 2021 are associated with several main areas:
- Phishing and “social engineering” — despite the fact that this is the most technologically simple method of attacks, we start this article with this threat. Over the past year, phishing accounted for more than two thirds of all cybercrimes. This method has proven effective among criminals, and with the influx of senior people into the web, it has become even more effective. In addition, even advanced users rarely have a specially deployed sandbox to open suspicious files and links in it. Ultimately, it is the person who has always been the weakest link in IT security of any organization.
- Remote Workplace Attacks – When an employee leaves the corporate intranet, their data become much more vulnerable. It is good if a company has already worked out the safe practices of a “distributed office” — for example, providing freelancers, outsourcers and simply employees on their home computers with access to the corporate cloud, intranet and other resources. Otherwise, a lack of time, equipment, and sometimes qualified specialists could lead to inevitable security holes, which cybercriminals would later exploit.
- Attacks on “shadow” IT infrastructure – i.e. to those services that employees create themselves bypassing the organization’s secure IT infrastructure configured by specialists. This type of attack stems from the previous one – if the current IT security methods are not very user-friendly. Employees who got used to easier access to work resources will begin to build their own methods of interaction: both with each other and with corporate resources. Such employees in an effort to ease their workdays do not pay due attention to IT security: they do not use RDP, they open work resources on home computers, send documents and access to services using personal mailboxes and messengers. By such actions, they expose not only their data and personal computers to attack, but they also provide ample opportunities for attackers.
- Ransomware “epidemics” – Ransomware Trojans that block access to data and require payment to regain access to valuable information will continue to be the number one threat in the IT environment. At the same time, cybercriminals have recently changed their tactics: they also threaten to disclose it if the affected organization refuses to pay the ransom. The most dangerous ransomware at the moment are Maze (this group officially curtailed its activities in November 2020) and REvil – they account for more than 50% of successful attacks. Ryuk, NetWalker, DoppelPaymer are in the second tier.
- DDoS attacks on websites, services and providers — during the pandemic, we once again made sure that connecting to the Internet has long become a necessity for all modern organizations. According to IT security experts of StormWall, the number of DDoS attacks against telecom companies is growing. The surge in such attacks was first recorded in early 2021, during the New Year holidays. This January, the frequency of DDoS attacks on the telecom sector increased by 10% compared to January 2020 and 34% compared to December 2020, according to data provided by StormWall customers. The hackers mainly attacked small Internet providers, hosting providers that do not have enough resources to protect their infrastructure from large-scale DDoS attacks (for a more detailed report, check this link).
- IoT attacks – this “industry” of cybercrime is inextricably linked with the previous one: if demand for DDoS attacks is high, the more hackers will attack various “smart” devices in order to collect their botnets of infected gadgets. We would hardly believe it 10 years ago that hordes of smart speakers, refrigerators and bracelets could be involved in cybercrimes.
The main problems of the Internet of Things are easy-to-guess passwords that cannot be changed, and outdated device firmware. At the same time, at best, updates are released with significant delays, and at worst, they are not released at all (sometimes the update option is not even technically provided). As a result, many IoT devices are hacked using trivial methods such as vulnerabilities in the web interface. Almost all such vulnerabilities are critical, but the manufacturer has only extremely limited options for quickly creating a patch and delivering it as an update.