Hardly anyone managed to forget that 2020 turned out to be an extraordinary year: events took place in the world that shook up all significant areas of our life – economic, political, social. What about information security? Digital Security experts reviewed the main trends cybersecurity trends of the past year and ventured to suggest what to expect from 2021.
In 2020, compared to 2019, the number of incidents increased by more than 20% on average. According to statistics, July especially distinguished itself, having become a record for the number of successful cyberattacks. A large proportion fell on attacks from social engineering: loud news and unrest in the community created fertile ground for them.
The pandemic, of course, has become a powerful driver of cybercriminals’ activity. The rapid spread of the virus has overwhelmed healthcare, forcing governments to close borders and oblige employers to relocate employees to remote work. The criminals did not fail to take advantage of the situation.
Main trends 2020
In 2020, health care facilities have been hit hard by criminals. Globally, the number of cyberattacks on the healthcare sector has grown by 45%, which is double the growth in other industries (22%). A source. The cybercriminals actually blocked the work of medical institutions, blocking access to information systems, prescriptions and examination data.
In March, Brno University Hospital (Czech Republic) fell victim to a cyberattack. The incident was serious enough to postpone urgent surgery.
Also in the spring, at the height of the pandemic, hackers attacked the World Health Organization. As a result, a database of e-mail addresses of WHO employees (about 450 active emails), as well as thousands of addresses of others working to eliminate the consequences of COVID-19, leaked to the network.
In late September, the American hospital network Universal Health Services was attacked by the ransomware Ryuk. Doctors could not access test results and prescriptions and download data from diagnostic devices – they were encrypted. Financial transactions carried out by the clinics were also temporarily blocked.
In addition to hospitals, research centers developing a vaccine against coronavirus were attacked.
COVID-19 – plus karma from social engineers
The number of social engineering attacks began to skyrocket since the beginning of the year. By the end of March, the number of phishing emails had increased by 30% compared to January. COVID-19 has become one of the main news stories. The attackers sent out emails and created fake websites that hosted malware disguised as sensitive information about the pandemic.
Dangers of removal
The remote is definitely claiming the title of “word of the year”: so much has been discussed about it in various planes – from management to mental health. In the field of information security, telecommuting has also become one of the main topics. Employees and business processes turned out to be outside the office en masse. Companies had to expand the boundaries of the corporate network and significantly increase the number of points of connection to it. Many have started to actively use cloud solutions. Much has played into the hands of cybercriminals here:
- employees faced with unusual working hours
- unsafe means of remote work (remember the sensational Zoom)
- errors in the configuration of networks and equipment made during a hasty transition
- increased load on web services
- using less secure home equipment
From January to November 2020, the number of attacks on RDP (Remote Desktop Protocol) increased 3.4 times to 3.3 billion. During the same period in 2019, 969 million attacks were identified. A source.
Zoom should be mentioned here. The service experienced a real explosion in popularity (from 10 to 200 million users in a month after the start of the pandemic), which immediately attracted the attention of cybercriminals and independent researchers. Incident reports followed one after the other. In the first quarter of 2020 alone, more than 1,700 phishing domains were registered associated with the name of the popular platform. A number of vulnerabilities were discovered in Zoom itself. For example, one of them allowed to join someone else’s video conference without an invitation, while the other gave hackers the ability to steal Windows credentials.
The unauthorized intrusion into Zoom online conferences has been dubbed “zumbombing.” Thousands of video calls have been recorded on YouTube and Vimeo: business meetings, private calls, doctors’ consultations and training sessions.
Another trend of the past year was the growth of ransomware attacks against organizations. In 2020, they accounted for 51% of all malware attacks.
Email remains the main “delivery method” of malware to the corporate network. However, the remote mode of operation also provided new ways: for example, the operators of the Netwalker ransomware began to actively exploit vulnerabilities in unsecured VPN solutions and brute-force passwords.
Healthcare under attack
The attacks on healthcare will continue. Unfortunately, medical institutions are far less concerned with the security of their information systems than financial institutions and software developers. The issue of resources is a separate issue, but there is also simple negligence – patient data is not always handled correctly, so in 2021, reports of database leaks will appear again.
Large-scale attacks on research laboratories are also expected. The world community is now not only fighting the virus, but also witnessing a race between pharmaceutical companies.
Social Engineering: here we go again
We don’t know what about COVID-19, but it’s hard to believe in defeating social engineering. There is no vaccine against inattention and excessive emotionality, and therefore new tricks of the attackers, unfortunately, will find their victims.
Scenarios with bank cards and online trading platforms will remain popular. And since mass vaccinations are expected to begin in 2021, related fraudulent schemes are likely to emerge.
Demand for personal data
Personal data leaks are partly due to the illiteracy in information security of the people working with them. However, in the overwhelming majority of cases, this is a crime: information is either stolen or “leaked” by the employees themselves who have access to it. We assume that this year such incidents will occur regularly: as early as January, it was reported that in the Netherlands, employees of the call center of the municipal health service were selling data from citizens who passed the coronavirus test. We recently published a study on high-profile database leaks in 2019-2020. in Russia. Let’s compare the statistics in a year.
Home doesn’t mean safe
For many, working from home will continue into 2021 and beyond, which means attacks on RDP, VPN and other remote access services will continue.
This year, cybercriminals will increasingly use inadequately secured home networks as a means of accessing corporate resources. Possible scenarios include the use of functional modules of the worms to spread horizontally to other devices on the network.
The clouds are thickening
The market for cloud services grew steadily even before the pandemic, but now we can expect even greater acceleration. Gartner predicts that global public cloud revenues will reach $ 306.948 million in 2021 and $ 364.062 in 2022. Meanwhile, existing network models and security standards are becoming outdated, which plays into the hands of attackers, which means will have to pay more attention to cloud security.
Popularity of Kubernetes
Many companies will continue to migrate to the Kubernetes microservice architecture to reduce the time from idea development to implementation (Time-to-Market) and roll out new features faster. This will become a new challenge for security teams: to make sure that the quality of checks does not decrease with the increase in development speed and, as a result, the security of services does not suffer.
This concludes with the forecasts – this is a thankless task) I would like to believe that in 2021 more attention will be paid to security, both personal and corporate, and there will be fewer incidents.