State of Cybersecurity 2020-21, I

Current trends of cybercriminals

solution State of Cybersecurity 2020-21, I

This year 2020 has not had a similar close precedent, with a COVID-19 spread worldwide affecting millions of people and, linked to it, within our particular context as a red team, considerable growth in the number of cyberattacks. Due to isolation, virtual activities have increased (e.g., learning, shopping, meeting, working). Consequently, the areas of action for cybercriminals have expanded.

Let's start this first part of the State of Cybersecurity 2020-21 with some statistics that you may find a bit shocking:

  • A database with 250 million Microsoft customer records was found exposed in January.

  • In March, CSO reported that $17,700 are lost every minute because of phishing attacks.

  • According to CSO, 60% of breaches involved vulnerabilities for which the existing patch was not applied.

  • The average time to identify and contain a breach is 280 days.

  • The Dutch government lost hard drives with the personal data of approximately 7 million organ donors.

  • 115 million Pakistani mobile user records were released in the first half of this year.

  • 84% of cyberattacks are based on social engineering.

A useful coronavirus for cybercriminals

Taking advantage not only of curiosity but also of uncertainty and fear generated by the pandemic, malicious hackers have revitalized social engineering attacks, many times oriented to the theft of sensitive data, which were apparently in some decline. For instance, the FBI reported some months ago that the number of cybersecurity complaints they received was as high as 4,000 a day. A far cry from the 1,000 daily complaints they received before the pandemic. Criminals have been able to scam many people with coronavirus-related phishing emails containing links to fake login pages or malware to download as if they were sent by trusted entities (e.g., the World Health Organization) or by internal departments of an organization to their employees. As another example, in the middle of this year, Microsoft even reported that these COVID-19 themed attacks reached between 20,000 and 30,000 a day only in the US.

Hackers —who keep monetization as their main motivation— have even increased attempts to breach healthcare organizations. These become easier targets with highly stressed and busy people, focused on responding to or fighting against COVID-19. (Some of these attacks, highly planned and prepared, could even be aimed at theft of research data desired by major organizations.) As reported by ENISA (European Union Agency for Cybersecurity), it has occurred, for instance, with ransomware incidents. According to Zohar Pinhasi, a cyber counter-terrorism expert, this type of attack rose by 800% at the start of this year.

Malicious hackers and cybercriminals have also managed to pursue and attack multiple firms and government agencies in the midst of unexpected transitioning to remote working and cloud computing. In the previous year, according to ARIA on Medium, about 43% of Americans occasionally worked from home. But as of early May of this year, 85% worked remotely full time —sometimes unsafely using home networks and their own devices. Additionally, about 90% of companies currently make use of some cloud service, as reported by Cyvolve.

Get started with Fluid Attacks' Security Testing solution right now

This accelerated digital transformation, especially for complex systems, obviously meant chaos and high risks. The pressure to keep businesses active, in some instances coupled with ignorance and negligence in terms of cybersecurity, led to the establishment of many networks or infrastructures that were poorly or erroneously configured, overlooking security protocols. As a result, criminals have succeeded in exploiting diverse publicly known vulnerabilities in networks and other remote working tools and have even targeted communication platforms that are widely used today (e.g., Microsoft Teams, Zoom). All this without leaving aside the human factor, in this case concerning employees. They have been seen as a preliminary target in social engineering attacks on firms, especially in the middle market. A big mistake in this market —also considering small entities— is to believe that cybersecurity is usually an exclusive problem for large organizations, such as banks and governments.

Photo by Jr Korpa

Photo by Jr Korpa on Unsplash.

Cybercriminals up to speed on IT

Today, cybercriminals have also been flexible enough to respond to global trends regarding the implementation and use of new technologies and techniques. As an example is something that Tech Guru shares concerning advances in the automotive field: new vehicles can be equipped "with automatic software for cruise control drivers, engine timing, door lock, airbags and advanced driver assistance systems that enable smooth communication." The problem arises because these cars employ standard connection systems such as WiFi and Bluetooth and end up being exposed to cyber threats.

Another trend targeted by cybercriminals is undoubtedly the widespread and growing use of mobile devices. More and more business data is now being stored on these devices. Following Statista's data, "the number of mobile devices worldwide in 2020 stood at 14.02 billion, with forecasts suggesting this is likely to rise to 14.91 billion by 2021." Likewise, the number of threats to each type of file and procedure we perform on these daily use machines has increased. As Kaushik comments in Entrepreneur, "there are several ways in which mobile phones could be attacked: phishing or more specifically SMiShing (through SMS), broken cryptography or weak encryption algorithms, network spoofing, inappropriate session handling entailing apps sharing session tokens with malicious actors, riskware causing data leakage and spyware."

Moreover, we're at a time where 5G, "the fifth generation technology standard for broadband cellular networks," is beginning to expand. Billions of devices will be connected through this medium with greater bandwidth than their predecessors for countless personal, commercial and industrial activities with lots of applications. This is something that hackers are also aware of, namely the copious number of entry points that will become available to cyberattacks on the Internet of Things with low or no security devices and networks.

On the other hand, this year has also highlighted the prominence of Artificial Intelligence (AI) and Machine Learning (ML). Everyone is talking about it. And while many organizations have obtained benefits from each of these fields, it is also true that malicious hackers do not intend to be left behind. They have seen new opportunities here to transform and strengthen their attacks and make them more abundant and sophisticated. That is the case, for example, with AI fuzzing, which, according to Cyvolve, "couples traditional fuzzing methods of detecting system vulnerabilities with AI, that can be exploited by cybercriminals to launch zero-day attacks." For ML, there are cases like that in which the retraining of the systems is achieved through poisoned data sources, and the backdoor attacks, "which can fundamentally rewrite the model's functionalities or even skew data."

Before finishing this part of the State of Cybersecurity 2020-21, to keep in mind what you or your company may face at present, here is the list of top 15 threats reported by ENISA covering the period January 2019-April 2020:

  1. Malware (maintaining the same position from 2018)

  2. Web-based attacks

  3. Phishing

  4. Web application attacks

  5. Spam

  6. DDoS

  7. Identity theft

  8. Data breach

  9. Insider threat

  10. Botnets

  11. Physical manipulation, damage, theft and loss

  12. Information leakage

  13. Ransomware

  14. Cyberespionage

  15. Cryptojacking

We hope you have enjoyed reading this post. Soon, you will be able to read a second part on the topic. Any doubt? Do not hesitate to contact us!


Subscribe to our blog

Sign up for Fluid Attacks’ weekly newsletter.

Recommended blog posts

You might be interested in the following related posts.

Photo by Michael Dziedzic on Unsplash

An OffSec Exploitation Expert review

Photo by Google DeepMind on Unsplash

Towards an approach that engages more than SCA and SBOM

Photo by Dave Photoz on Unsplash

An interview with members of our hacking team

Photo by Sara Kurfeß on Unsplash

A brief overview of this recent EU draft regulation

Photo by Yeshi Kangrang on Unsplash

What is invisible to some hackers is visible to others

Photo by Saad Chaudhry on Unsplash

Increase the board's cyber savvy with these reads

Photo by Ugur Arpaci on Unsplash

Soon it will be a must in cybersecurity due to NIS2

Photo by Snowscat on Unsplash

Toyota's ancient and recently disclosed data leaks

Start your 21-day free trial

Discover the benefits of our Continuous Hacking solution, which hundreds of organizations are already enjoying.

Start your 21-day free trial
Fluid Logo Footer

Hacking software for over 20 years

Fluid Attacks tests applications and other systems, covering all software development stages. Our team assists clients in quickly identifying and managing vulnerabilities to reduce the risk of incidents and deploy secure technology.

Copyright © 0 Fluid Attacks. We hack your software. All rights reserved.