2020 is fast coming to an end and it definitely has been a strange year for many. Amid the chaos, the pandemic has also provided plentiful opportunities for cybercriminals to plan and launch attacks against organisations, with 80% of businesses reporting an increase of cyberattacks.
We sum up the top 3 types of cyberattacks this year:
Phishing
The common pre-pandemic tactic has seen a spike in numbers caused by COVID-19. According to Microsoft, among the millions of targeted messages observed, approximately 60,000 phishing emails included COVID-19 related malicious attachments or URLs in April 2020. The growing sophistication in phishing ploys indicates how cybercriminals are constantly adapting their tactics. In 2020’s case, criminals have leveraged on the uncertainty people have towards the virus and its economic implications to socially engineer them into falling for their traps.
While the majority of these emails target individuals, renowned businesses were also susceptible to these attacks. In July, Twitter suffered a spear-phishing attack that was linked to a bitcoin scam. The hackers had first targeted several Twitter employees with internal systems access and obtained their login credentials through similar socially engineered lures.
Once successful, they exploited Twitter’s internal systems to tweet out phishing baits from prominent accounts like Joe Biden and Bill Gates. The message enticed followers with the prospects of higher bitcoin returns if they sent USD$1,000 via a specific link. Because of the economic turmoil caused by the pandemic, many took the bait. Within three hours, the cybercriminals received overUSD$100,000 worth of bitcoins.
Ransomware Attacks
Ransomware was another popular form attack with hackers this year, with a record-breaking 40 known ransomware attacks being recorded in October. Some of the targets included organisations that dealt with COVID-19 data such as healthcare institutions and universities. Millions of dollars were transferred to cyber gangs like Maze, as companies scrambled to decrypt their files containing confidential and valuable information on the virus.
Beyond financial losses, ransomware also contributed to a person’s death. In September, the University Hospital Düsseldorf experienced a ransomware attack. Their systems crashed and emergency services were brought to a standstill. This interruption led to the death of a woman with a life-threatening condition who succumbed due to treatment delays, as she had to be redirected to another hospital 32 kilometres away.
Data Breaches
Within the first 6 months of 2020, several Fortune 500 businesses ranging from hotel chain Marriot to video game giant Ninenton fell victim to major data breaches.
The most notorious data breach incidents included the bold attack on the European Medicines Agency (EMA), where data on the development of the COVID-19 vaccine by Pfizer and BioNTech were stolen. Zoom was not spared from data breaches as well. In April 2020, cybercriminals had made available more than 500,000 Zoom account login credentials on the darknet. The hackers had used credential stuffing to crack the passwords using obtained data from as far back as 2013.
What’s in store for companies in the future?
The pandemic just reveals that cyberattacks will continue to rise exponentially. And with criminals fine-tuning and adapting their strategies, no one is immune from cyber attacks. Companies need to bolster their cyber defences immediately because negligence towards one’s cybersecurity posture today may result in unimaginable consequences tomorrow.
Companies can start with investing in Web Application Firewalls (WAFs) like Polaris. With Polaris’ automated vulnerability scanner, it analyses the type of incoming web traffic, sieving out malicious inputs that could pose danger to your company’s data assets.
