The onset of the pandemic presented a whole host of new opportunities for hackers, making 2020 a bumper year for cybercrime. Seeking to take advantage of the uncertainty of the time and the rise in remote working, cybercriminals found ever more devious ways to scam individuals and businesses alike this year.
The European Union Agency for Cybersecurity (ENISA) has reported that cyber-attacks became ‘more sophisticated, targeted, widespread and undetected’ in 2020. While there was an abundance of cyber-attacks playing directly on the pandemic, there were also new threats created indirectly. With business continuity at risk, Covid-19 accelerated the digital transformation of many organisations, with remote working and increased cloud adoption providing greater opportunities for hackers.
Financial gain continued to be the top motivation behind many of the threat trends we saw in 2020, shaping the threat landscape throughout the year. So, let’s take a closer look at the biggest threat trends of 2020.
The first half of the year saw a surge in phishing scams and other social engineering attacks directed at monetising the anxiety and unrest caused by the pandemic. Fake websites offering Covid tests, health goods or other in-demand services were rife, exposing a need for both individuals and businesses to sharpen their scam-spotting skills. With copycat domains becoming more common and more realistic, it’s increasingly more difficult for an inexperienced eye to recognise the spoof.
Phishing was undeniably the threat vector of choice during the early stages of the pandemic – attacks surged by 667% between February and March alone.
Download our phishing cheat sheet to help your team understand the risks and how to spot a scam.
Globally, ransomware accounted for more than one third of attacks in 2020. Affecting organisations of all sizes, in all sectors, cybercriminals have profited from paid ransoms or by exploiting data stolen during a successful breach. Remote working provided an easy route of access for threat actors – in almost half of recorded cases remote desktop protocol (RDP) or Microsoft’s proprietary network communications protocol were used to facilitate the attack.
The trend for ransomware did not slow down as the year progressed, with a 40% surge in attacks recorded in Q3 2020, totalling almost 200 million attacks globally. Along with this increase in frequency, the average ransom figure also soared this year – rising by 33% compared to Q4 2019.
Quickly adapting to WFH left lots of people working on unsecured personal devices and networks. Accessing corporate networks via poorly secured devices and home routers created new opportunities of which cybercriminals were quick to take advantage. With remote workers also using a wider array of devices to stay connected, IoT grew in 2020, making it harder for businesses to keep track of all endpoints connected to their networks, leading to decreased network visibility.
Without appropriate security measures, IoT devices can be compromised, enabling a whole host of future attacks. Once onto the network hackers can move laterally and spread further, creating a botnet that can be used for DDoS attacks or to distribute other malware.
As we look to the year ahead it’s clear that the trend for accelerated digital transformation will continue, and with it we should expect the threat landscape to expand. The most common, known threats should be expected to evolve as hackers become more experienced and sophisticated. Continued remote working and increased cloud adoption will also continue to present a wealth of opportunities for malicious actors.
The good news? After the surge of attacks seen in 2020, businesses are ready to take cybersecurity seriously. According to research by PWC, 50% of organisations now say that cybersecurity will be baked into every business decision, with 56% of respondents planning to increase their cyber–budgets in 2021.
Step up your security for 2021.