The beginning of the new 2021 year is a good time for summing up last year. Risk-Based Security research shows that by the end of September, the number of records exposed was about 36 billion. This fact made 2020 the worst year in terms of the total number of records exposed.
Experts say that an increasing number of cyberattacks are related to pandemic Covid-19 and its consequences. At the beginning of the pandemic in spring FBI reported about 4000 cybercrimes daily. When in the pre-coronavirus period, they received approximately 1000 complaints daily.
Jürgen Stock, Interpol Secretary General, reported that cybercriminals took advantage of the situation as well as people's fears and panic about the pandemic. Cybercriminals created whole campaigns of phishing emails related to Covid-19 on behalf of the government, health authorities, famous people with a demand to transfer money or provide private information. As a result, thousands of people around the world became victims of scammers.
Healthcare system
The most vulnerable sector became the healthcare sector. The research's showing that 11,5% of incidents related to healthcare. The main reason for high hackers' attention is that healthcare is a 'national critical infrastructure. Attacks on this economic area are the most dangerous, as they involve humans' lives.
Scammers are using phishing emails, inattention of employees and implementing ransomware into a hospital system. It leads to blocking systems, data, and disruption of healthcare services. Besides, hackers are using medical equipment with security vulnerabilities as a loophole to get into the hospital system. Devices like heart rate monitor systems can be hacked and become an entry point for attack.
In September alone, 250 hospitals one of the US hospital services underwent cyberattacks. As a result, medical personnel was unable to access documentation, prescriptions, and medical records. It slowed down hospital work and took employees’ time that they can devote to patients. Moreover, hospital system hacking leads to failures of wireless vital-signs monitoring equipment, and employees can miss alarm signals.
At the same time in Düsseldorf, Germany happened the first incident related to cyberattacks that led to the death of a patient. Cybercriminals hacked and disable hospital service, and a critically ill patient died when she was compelled to transfer to another city.
Cybercriminals understand the value of labs, pharmaceuticals, and medical equipment companies in pandemic times. During a year, thousands of companies researching Covid-19 and vaccines were hacked. It slowed down work and delayed the developing vaccine process.
In June, cybercriminals blocked servers and systems of the University of California that was doing research on Covid-19 cure. Scammers demanded a ransom for a tool that could encrypt data that is important for researching. The University of California reported that they paid approximately $1.14m for the encryption software. Cybersecurity organizations insist on not paying the ransom as it finances hackers and facilitates their activity. Victims should report to the police about incidents. Although many experts admit that companies have no right way out in this situation.
Remote workers
Pandemic reshaped the way people were working and forced many companies to switch to a work-from-home.
2020 Remote Work-From-Home Cybersecurity Report revealed that a third of companies were badly prepared for switching to a remote. 85% of the companies delayed cybersecurity decisions to speed up switching and ensured business continuity. And as a result of a 69% of security risks related to work-from-home risks.
It opened new opportunities for cybercriminals. According to the research of a cybersecurity vendor Netwrix, 25% of interviewed IT companies employees claimed they faced ransomware or other malware attacks during the first three months of the pandemic. A robust software security strategy can prevent problems associated with high cybersecurity risks. The strategy can include various types of testing as vulnerabilities or penetration testing. Professional pentest companies can reveal vulnerabilities in systems and teach employees how to avoid cybersecurity risks. Many experts recommend test systems regularly as cybercriminals’ skills are improving and becoming more sophisticated.
Remote working opens a wider surface for cybercriminals as employees are working from different devices, platforms, and networks. Corporate computers have more robust security than personal ones and cybercriminals can use this vulnerability. Besides, employees expose business-critical applications that can lead to data breaches.
An additional reason for increasing hacking risk is a lack of communication among employees, especially in big companies. When an employee gets a suspicious email, he can't refer to someone in his office with questions or advice, and emails occur as the only way to communicate.
Recently cybercriminals sent emails to the employees of one IT company that imitate messaging from the HR department. Messages reported about reopened offices and demand to return to work in them. The emails contained a form that must be filled urgently by employees and provide sensitive information.
Experts who researched this campaign said that such letters were sent to about 100 000 inboxes bypassing Google G Suite email security.
Private Data
The pandemic opened new ways for cybercriminals to steal private data. At the beginning of the pandemic, scammers used a Covid-19 panic by creating phishing emails on behalf of WHO, government, or hospital services.
According to COVID-19 Clicks: How Phishing Capitalized on a Global Crisis report, one in five respondents received a phishing email related to COVID-19. Usually, such emails include a link to an infected site. One visit to a page is enough to get a virus that can get access to web browser cookies and steal private data. Cybersecurity company Proofpoint reported that hackers sent fake Covid-19 test results that include malicious ransomware.
Another popular cyber hackers' trick was programs and apps related to monitoring pandemic situations. After installing malware on a victim's computer or smartphone, hackers get remote access to all data on a device, encrypt it and blackmail a user. Apple limited adding Covid-19 related programs to AppleStore, and Google actively has been deleting suspicious apps to reduce spreading malware. Nevertheless, many users became victims of an app named 'CovidLock' for Android platforms. Malware blocked access to a smartphone and demanded a ransom of 100$ within 48 hours. Otherwise, all content on the phone would be deleted.
Experts name one of the main reasons for data breaches and cyberattacks related to human error. In the last year, there have been a dozen incidents due to human inattention. The national public health agency of Wales reported that personal information about 18 000 residents of Wales who were tested on Covid-19 was exposed 'by mistake.' An agency employee uploaded personal information on a public domain where anybody could get access to data.
Another similar situation happened in Delaware when a healthcare employee sent unencrypted emails with results of testing and private information about 10 000 people. These incidents are dangerous not only because scammers can steal and take advantage of private data, but because they undermine confidence among people. And as a result, people avoid testing and spread the virus.
2020 has shown that companies should be attentive to cybersecurity issues. In 2021 cybersecurity remains of critical importance for business. PwC research reveals that 55% of companies plan to increase their cybersecurity budget for 2021 despite an economic crisis.
Top comments (0)