Cyberthreats in 2021: The Usual Suspects

Through 2020 and the pandemic there has been 4 times as many cases of cybercrime reported to the FBI.  Losses from cybercrime are also at an all-time high, surpassing $1 Trillion dollars.  Remote work and evolving threat surfaces were some leading areas of concern as IT departments try to make security solutions to the new work from anywhere world.

While the number of attacks has risen significantly, hackers are still using many of the same old tricks to get in.  Here are the top 3 that you should be aware of and plan defenses for.

Cyberthreats in 2021 – Social Engineering

This last year almost a third of breaches were caused by some form of social engineering.  90% of those breaches stemmed from a phishing attack.  Phishing emails are where an attacker sends an email that preys on the emotions of its victims to get them to click on an attachment or a link.  They can also come designed as something benign such as a FedEx tracking email or a message from WHO about what precautions to take during the pandemic.

Phishing attacks are dangerous because they are accountable for 95% of breaches.  In March of 2021, phishing attacks were up 667%.  Many workers do not have sufficient training to distinguish what is safe and what is not safe to click on.  This puts organizations in a difficult circumstance.  They need their employees to grow and succeed, but they are also their largest security threat.

Other forms of social engineering include scareware, quid pro quo, and many more.  They all seek to use human psychology to attain specific goals.  The can be very effective, and can be operated at a relatively low cost for hackers.

Cyberthreats in 2021 – Ransomware Threat is Still Growing

Ransomware continues to be a significant threat to businesses because it is one of the most efficient ways that attackers have found to monetize their malicious efforts.  This is where attackers infiltrate a network, and then encrypt all the data they gain access to.  They then hold that data for ransom, sending the victims a demand message asking for a sum of money, usually paid in untraceable bitcoin.

Once they receive their ransom, they will supposedly give you decryption keys so you can get your data back.  Without those keys the data is as good as lost.

Ransomware is the next largest attack style.  Ransom demands reached 1.4 Billion in 2020.  In addition to the cost of the ransom businesses sustain large losses.  Lost productivity, lost sales, damage to their brand.  There are also the direct costs of cleaning up after an attack which are often substantial.

There have been several significant ransomware attacks worldwide in 2020.  None more notable perhaps than what happened at a German hospital.  Cyber criminals encrypted all the hospitals systems including those they use to give patient care.  The failure of this system caused the death of one patient.

Cyberthreats in 2021 – DDoS Attacks are Still Happening

So what is a DDos Attack?  Cloudflare gives us a great explanation.

“A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices.

From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.”

Essentially, they attempt to clog the network so much that the servers they are attacking can’t do anything at all.  There were millions of DDoS attacks that happened in 2020, and the trend doesn’t seem to be slowing.  Damages from these attacks are significant and costly for businesses.

DDoS attacks are now using artificial intelligence (AI) to make them more dangerous than ever.  Attackers are continually evolving their threats, and security needs to scramble to keep up.

Sum Up

Most of these attacks are not new, however they continue to get more sophisticated.  Refined phishing emails that look more innocuous than ever, pervasive ransomware, and AI powered DDoS attacks.  As the threats evolve you need to ensure that your security is evolving as well to keep your business protected. 

There is no security through obscurity for small businesses anymore.  You need to manage your security so you can keep your data safe and avoid painful losses.  If you need help to harden your current security stance i.t.NOW stands ready to help.  Give us a call today.