Mid-Year Security Update

Mid-Year Security Update: Hackers pivot efforts to most profitable attacks, COVID Exploits on the rise

Let’s face it.  2020 isn’t going to be remembered as anyone’s favorite year.  There has been a TON of bad news and it doesn’t stop coming.  Reading the latest security reports gave me a glimmer of hope for a few seconds, and then smashed it to pieces.  I guess it’s still 2020.  What was I expecting?

24% drop in malware attacks worldwide

This was my glimmer of hope.  The numbers of new malware attacks continued to drop in Q2 of 2020.  That’s a good thing right?  It sure seems like it at first glance.  Then you take a closer look at the numbers and find that although malware dropped 24%, ransomware rose 20% during the same period.

20% jump in ransomware globally, 109% spike in United States

That means that the world isn’t a safer place.  The bad guys just pivoted to invest in creating more ransomware instead of malware because they’ve found that it’s a more profitable business model.  So instead of spending their time developing more malware, they spend it creating ransomware attacks. Businesses need to make sure that they have a good plan in place to protect themselves from ransomware.  We’re likely to see this trend continue as long as it is a profitable venture for bad actors.

COVID-19 Targeted Attacks

Attackers are also tailoring their attacks to slake the thirst for knowledge the world has around COVID-19.  7% of phishing attacks capitalized on COVID-19 pandemic.  Again, phishing as a whole was down around 15% for the same period.  Among the pandemic specific phishing emails were emails spoofing The World Health Organization.  The fake notification offered up advice on how to protect yourself from the virus as a downloadable attachment.  It was actually a malware payload disguised as a PDF.

Beware Office and PDF Attachments

With so many of us working from home, there are more attachments than ever sent by email.  Attackers are aware of this fact and have been exploiting it as well.  In fact, there has been a 176% uptick in the number of attacks where the payload is disguised as a trusted office file type such as word or excel. Please use caution when receiving any email with attachments from an unknown party.  If it’s someone you don’t know you probably shouldn’t click on it.  If you have doubts, you can usually hover your mouse over the attachment without clicking on it to see the true file type.  If it’s not a .pdf, docx, or .xlsx file stay aware from it.  If it directs you to a website or any long string of nonsensical letters, stay away from it.

Work from Home security woes

IT professional have a lot of work to do to ensure that the users they support can work from home securely.  Just as bad actors pivoted their attacks to the most profitable ventures they are also pivoting to leverage the fact that many of us are working from home. Experts have noted a 50% increase in IOT attacks in this last quarter.  This means that hackers are trying to leverage more of those IOT devices known for poor security to attack folks working from home.  That internet-connected toaster may be your downfall.  Take the time to ensure that you have virus protection on whatever device you are working on.  Also, ensure that your connection back to the office is secure.  There are a lot of solutions, but VPN, Secure Desktop Gateway, and others should do the trick.

Here to help

As always, your team of security experts at i.t.NOW is here to help.  If you’re already a client we likely have all of your security dialed in.  If you’re not a client of ours, you should be.  Give us a call today and we can work with you to ensure that you are protected no matter where you’re working from. Statistics for the latest trends in security taken from Sonicwall’s Threat Report. https://www.sonicwall.com/2020-cyber-threat-report/