As 2020 comes to an end, experts can now look back and analyze the year’s various cyberattacks and data breaches to predict future trends. There’s no denying it that this year was unique when it comes to cybersecurity—after all, countless businesses worldwide changed their communication and business models to accommodate remote work and the current financial circumstances. The now-available 2020 malware statistics reveal multiple patterns that can help security experts pinpoint common weak points and prepare for the upcoming year.
COVID-19 and Clever Phishing
Previously, when all employees worked together in an office environment, it was easy to mitigate phishing and social engineering attacks. For example, if someone got a suspicious email from a coworker or a supervisor, all they had to do was either ask the person directly or consult with their IT specialist. But now that the primary method of communication between coworkers is via—usually unsecured—emails, it’s hard to be sure of the integrity of the emails and much more likely to fall for a phishing attack.
To make matters worse, hackers around the world have used the panic surrounding the COVID-19 virus as a way to trick internet users into opening falsified emails. For example, hackers created coronavirus-related phishing emails intended to look like useful information from the World Health Organization.
Companies, regardless of industry, need to regularly educate their staff on the dangers of social engineering attacks and how to recognize one when they encounter it. Recognition should include anything from emails to text messages and even phone calls.
The July 15 Twitter Attack
The mid-summer Twitter attack was one of the most talked-about incidents of 2020. It included the infiltration of three prominent Twitter accounts. The attackers used them to trick Twitter users into sending cryptocurrency in exchange for more cryptocurrency. By the time Twitter managed to get control back, the attackers had collected approximately $100,000 from unknowing individuals.
The most noteworthy fact about the July 15 Twitter attack is that the attackers used social engineering and phishing schemes twice in a row. First, through a spear-phishing attack aimed at employees working at Twitter, and second was convincing people to willingly send money using an untraceable currency by utilizing the authority and trustworthiness of prominent Twitter influencers.
Zoom’s Data Breach
As people needed an alternative to in-person business meetings and social get-together events, they shifted their attention to the group video chatting software and app Zoom. To many, this was the perfect option as a basic Zoom account is free, easy to use, and allows for large chat groups. The problem wasn’t mainly Zoom’s weak security and privacy measures in this scenario, but people’s misuse and disregard for their own security.
In April of 2020, a data breach of over 500,000 usernames and passwords became known to the public. While many people took this as a reason to question Zoom’s security measures, the other weak link that allowed for this data breach was Zoom users who implemented weak and outdated passwords.
This particular incident could’ve been avoided had people regularly changed their passwords, especially after a breach of the service they’re using. Two things services like Zoom can do to prevent this from happening again are encouraging their users to change their passwords every few months and using multi-factor authentication, allowing them to keep their users safe and their reputation intact.
In addition, implementing a security model like CIAM would have increased authentication requirements for high-risk logins.
The Magellan Health Ransomware Attack
This year, Magellan Health suffered a ransomware attack that compromised an undisclosed number of credentials. The attackers planted ransomware by impersonating a client and phishing the employees. As a result, the hackers gained access to many of Magellan’s clients’ names and their confidential information such as phone numbers, physical addresses, and insurance information, as well as the login credentials of some employees.
Experts expect ransomware attacks to increase in the upcoming years, with more detrimental results as time goes by. To protect your business from such attacks, you need to secure your network using advanced cybersecurity software, like endpoint detection and response.
Advancements in AI for Cybersecurity
Luckily, 2020 seems to be ending on a high note. While AI in cybersecurity has been a trend for a while, it’s now that proven and noteworthy results are taking shape. Predictive software now uses AI to protect against cyberattacks. It analyzes big data, gathered from previous attacks and wrong employee behavior, for patterns that help detect attacks before they happen.
One faction of cybersecurity software that uses AI to its advantage is endpoint detection and response software. Thanks to real-time monitoring and AI-powered analysis of the data coming from the endpoints, EDR software can detect attempted attacks and respond before damage occurs.
Preparing for What’s Yet to Come
Experiencing troublesome years like this, while damaging to businesses and overwhelming for cybersecurity professionals, enables cybersecurity experts to predict cyberattacks trends for the upcoming years. Continuously analyzing the data coming from unfortunate attacks means pioneers in cybersecurity get a general understanding of where the cyber-landscape seems to be going and prepare for it. Until then, it’s your responsibility as a business owner to make sure your clients’ data stays secure by implementing the best tools and learning from others’ mistakes.