During the 2020 COVID-19 lockdowns, almost 50% of people worked from home. This means there was increased use of home WiFi to connect to business servers and personal endpoints - two objectively less secure ways of accessing the internet during work use.
The move towards remote and flexible working has been rapid. Unfortunately, the adaptive nature of cybercrime has mirrored the change, taking advantage of the new opportunities presented to them by countless employees working from home.
In this blog, we’ll look at the latest cybersecurity threats developed within the last year and the trends that will continue through 2021 and beyond.
- COVID-Themed Cybersecurity Threats
- Increased Accessibility of Malware
- Risks With IoT
- Increasing Ransomware and Malware
1. COVID-Themed Cybersecurity Threats
Unfortunately, COVID has given rise to many COVID-themed online threats. Around 25% of COVID-related domains are malicious. Recently, phishing attacks that mimic WHO emails or the emails of other national health authorities have been experienced.
Other emails may pose as links to official government stimulus schemes, engaging readers to click links to sign up for government aid. Google found there were around 18 million COVID-related phishing and malware emails sent every day.
As the crisis lessens over time, with national lockdowns and vaccine developments lowering case numbers, we may find emails of these types reduce. However, as malicious parties now know these emails have the potential to work, we may see more disease or health-related phishing or malware attacks in future using scaremongering tactics.
2. Increased Accessibility of Malware
The accessibility of malware for malicious parties is a growing concern. While only a small minority of people have the skills to effectively carry out cyberattacks, the digital landscape we live in provides a profitable avenue for selling malware.
Those with little digital experience in cyberattacks can purchase Malware-as-a-Service (MaaS). Clario explains MaaS as:
A criminal version of SaaS – a type of organized cybercrime. But instead of offering legitimate services, MaaS enterprises rent malware to their customers on a subscription basis. Thus, anyone – regardless of their technical skills – can launch a cyberattack using the ready-made codes provided. They are even regularly updated just like legitimate software.
These kinds of services are usually sold through the Dark Web, where advanced denial of service (DoS) attacks (among others) can be bought and used. Organisations will have to onboard more robust security measures as this accessibility becomes more universal.
3. Risks With IoT
More and more businesses are onboarding tech with IoT capabilities. Choosing to do this is advantageous as IoT typically brings agility, efficiency and a better view of the data present within a company or industry. Tech analysts IDC predict there will be 41.6 billion connected IoT devices worldwide by 2025.
Now, more devices mean more potentially vulnerable endpoints incorporated into a business setting. This is mirrored by the stats - in 2019; there was a 300% increase in cyberattacks on IoT devices since the previous year.
IoT devices suffer from several human-caused security issues:
- They can be rarely updated as they’re seen as technical tools, even though they regularly deal in sensitive data.
- Firmware updates can be delivered, but unfortunately, businesses may forget about the risks of a particular device if they’re focusing on a new piece of tech.
- Consistently outdated software is much more vulnerable to cyberattacks.
While IoT is usually associated with the security offered by cloud-based servers and don’t generally have operating systems that work like traditional laptops or computers, they’re still vulnerable. For example, if ransomware attacks an IoT device, it can compromise the device’s functionality. Sensitive data can also be stolen from devices like these.
With more and more private and public sector businesses onboarding IoT, there’s an increased focus on ensuring these devices are always protected. Sometimes, it only takes a password or software update to ensure a piece of technology is a little more secure.
4. Increasing Ransomware and Malware Attacks
Ransomware and malware will be ever-present problems within the digital realm. In 2020, there’s been a large increase in cyberattacks used to steal credentials, personal data and money. Like the COVID-related scams we covered, scams and brand impersonations make up 88% of these attacks.
The move to remote and flexible working presents more vulnerabilities for both ransomware and malware to exploit. Employees working from home have fewer defences than the conventional office setting, working without work servers or WiFi supported by purpose-built cybersecurity.
Ransomware is a particular issue, with trends suggesting the number of attacks will increase each year. In 2019, there were 187.9 million ransomware attacks. In 2020, this number had risen to 304 million - a rise of 62%.
As cryptocurrency becomes more popular and both national and international regulation relaxes to the industry, we'll potentially see a rise in crypto-specific cyberattacks. One of the most popular forms of this is cryptojacking, where malware is created, used to attack a system and then illicitly mine for cryptocurrency.
Cryptojacking is a lucrative market as some cryptocurrency markets value in the billions. The process itself is relatively simple, requiring no extra steps to withdraw or launder the stolen money.
Due to these advantages for illicit behaviours, it’s expected that cryptojacking will become a consistent revenue stream for cybercriminals, popular because of its low-risk and relative ease.
These are just five of the potential cybercrime trends for 2021 and beyond. To get up to speed on the latest trends in cybercrime and data protection for the public sector, explore our upcoming event.
The Cyber Security & Data Protection Summit
This will be the meeting place for public sector IT security professionals and leaders. It’s the place for discussing the topics that matter, ranging from cybersecurity to emerging technologies to supply chain security.
This event will connect public sector professionals looking to learn about and support the fight against cybercrime. To find out more about this unmissable event, click the button below.