October is Cybersecurity Awareness Month, which is all about promoting best practices for staying safe online.
Beyond promoting the basics of good cyber-hygiene, it's also a good idea to take stock of the trends that have been floating around. Indeed, much like the rest of 2020, it's been quite the year in cybersecurity. COVID-19 brings new and devastatingly creative phishing attacks; ransomware hits remote learning and local governments; and security extends beyond email to collaboration apps.
To be a good cyber-citizen means being able to understand these trends and knowing how to take action.
Though we could write about thousands of things, there have been a few trends in particular that have stood out as harbingers of the future of cybersecurity.
Tracking the first six months of cyber activity, SonicWall found that global ransomware increased by 20%.
However, within that increase, a striking amount has been centered in the U.S. In those six months, there's been a 109% increase stateside. The total of 80 million ransomware attacks in America was a whopping 13 times higher than the next highest-country, the U.K.
In particular, ransomware cases have been centered around government, public administration agencies and hospitals. This was most notable in the $1.14 million ransom demand that UC San Francisco paid out to recover medical school data. Further, we've seen hackers hit companies involved in the COVID vaccine efforts.
In the first quarter of 2020, 21% of all ransomware attacks were against government agencies. Last year, more than 70 state and local governments were hit with ransomware attacks, ranging in size from Greenland, New Hampshire (pop: 3,549) to Baltimore (pop: 619,439) and in general, there was a 41% increase in all ransomware attacks in 2019. The average payment in Q4 of 2019 was more than double what it was in Q3 of that year.
IBM's Security X-Force team reported that one in four attacks that they have worked on this year have been caused by ransomware—and one-third of all those attacks happened in June.
It's no wonder that one survey found that 89% of companies cite ransomware, phishing and web attacks as their biggest threat.
And it's not just companies. With a majority of learning has been happening online, the FBI warned in June of a surge in potential attacks, due to the combination of new technologies and the highly sensitive data that schools hold. We've seen scores of attacks, and they have real-world consequences. A Nevada school district that refused to pay ransom saw reams of student data released.
However, it's not an entirely new phenomenon. From October 2019-December 2019, 11 districts were hit with attacks; there was a total of at least 72 hit in all of 2019. And that's just the ones that went public.
Ransomware has been, in many respects, the defining trend of the year. And there's no reason to expect it will slow down.
Misinformation. Fear. Confusion. Panic. If there was ever a perfect moment for hackers to take advantage of, it was the dawn of COVID-19. There has been a tremendous rise in phishing attacks since COVID-19 hit—too many to document here.
One survey found that the increase in attacks can be attributed, at least in part, to hackers’ boredom due to stay-at-home measures. More than that, hackers may be exploiting the human factor in phishing attacks. Hackers are particularly skilled in forcing end-users to make split-second decisions. When employees are juggling their own work, helping children with schoolwork, dealing with limited WiFi and myriad other distractions, that split-second decision becomes a whole lot more difficult. Even with training, and without as many distractions, the aggregate clickthrough rates grants an attacker of a 1 in 10 chance per employee. Now compound that with untrained, distracted employees, and the risk becomes exponential.
That's why we've seen some of the following numbers, headlined by this stat—1 in 3 Americans have clicked on a phishing link this year.
- One survey found that 46% of businesses worldwide have encountered at least one cybersecurity scare since remote work began, and 49% expect to see another attack in the next month. Further, 51% of companies surveyed found an increase in phishing attacks
- Google found that, in one week in April, more than 18 million malware and phishing emails related to COVID-19, along with 240 million daily corona-related spam
- Checkpoint found that 4,305 domains have been registered around the CARES Act, the government’s stimulus package. Some 2% of those domains were found malicious, while 21% were found suspicious.
- Additionally, Checkpoint saw 192,000 corona-related cyber attacks per week over a three week period ending in early May, a 30% increase. Many phishing attacks claim to be from the World Health Organization, or contain files with “COVID-19” in the name.
- IBM X-Force found a more than 6,000% increase in COVID-19 related spam, all ranging from phishing attacks impersonating the Small Business Administration and U.S. Banks. One attack in particular pretended to be from American Express, dangling $2,400 in relief in exchange for credentials. In addition, another report from the company found that attackers are mimicking the SBA, which is offering up to $10 million in lending to companies, and instead installing a remote hacking tool to steal passwords
Phishing has long been a problem—indeed, it's the top threat, as backed up by the findings of the Verizon Data Breach Investigation Report—and a staggering 91% of breaches start with email.
Hackers will take advantage of anything to get the information. COVID-19 was, and remains, the perfect storm.
When work went remote, these platforms were perfectly set up for success. And, in particular, Teams has grown exponentially. By June, Microsoft Teams grew by 894% compared with usage in the middle of February. As of April, it was reporting 75 million users. Slack has also broken records for usage.
And that's not to mention other collaboration apps that have made working from home even a possibility—OneDrive, SharePoint, Google Drive, Dropbox, etc.
That these apps exist has made the transition to working from home possible has been one of the saving graces of a tumultuous year.
But these apps are not without risks.
Slack and Teams are particularly prone to DLP, malware and insider threats. They're also perfect vectors for East-West attacks. In one recent Teams attack, for example, a simple animated GIF was used to steal the user’s session token and gain access to their account. A malicious cat video that would have been blocked had it been sent via email was able to spread unfiltered on Teams. Worse, this attack gave attackers full access to the users' entire account, making it easy to continue the spread.
If work is going to continue remotely for the foreseeable future, businesses have to think about securing the entire ecosystem.
Securing email is no longer enough. Every platform where data and information lives has to be protected.
How do we make sense of a cyber year different from all others?
Perhaps we don't. But if there's one thing we've learned from 2020, being proactive with protection is key.
If everything important in your environment is properly secured, then business can continued unabated.
Risks will never go away. Hackers will find new motivations to target end-users. And whenever there is data to be had, there will be those looking to profit from it.
If there's anything to take away from Cybersecurity Awareness Month, perhaps it's this: Knowing that these risks exist is an empowering feeling. And knowing how to protect against them is even more so.