To say life as we know it has changed this year would be quite the understatement. Daily life, once conducted in person, has now gone nearly completely virtual. And, it literally happened overnight. While the upstanding citizens of the world try to find ways to connect, collaborate and move forward, the bad actors have upped their game – and are expanding their base.
One of the major themes of CompTIA’s State of Cybersecurity 2020 report is that businesses are going through serious changes to their cybersecurity approach. The COVID-19 pandemic is a primary trigger for change. For example, 53% of companies say that the shift to a remote workforce has driven new tactics. It’s not just internal responses driving change, though. The attacks coming from the outside are taking advantage of the disruption.
Research conducted by Cybernews suggests an unprecedented amount of interest in hacking and cybercrime during this global pandemic. In fact, their review of Google search trends indicates that during the months of March, April and May 2020, online searches related to hacking, scamming and other forms of cybercrime skyrocketed. Additionally, visits to popular hacking websites and forums increased by 66% in March 2020 alone.
Is this sudden interest in malicious cyber behavior a product of desperate times, call for desperate measures? Or, are outdated and unsecure systems allowing cybercriminals to leverage fear and uncertainty to profit at your expense? Whatever the case, cyberattacks exploiting the pandemic are showing no sign of slowing down.
Here’s the 2020 story, so far.
There are approximately 300 billion passwords out there today – that’s an average of 38.4 passwords per person worldwide.
(Source: SC Magazine)
65% of companies have more than 1,000 stale user accounts.
As of early July 2020, there were 15 billion credentials available on cybercriminal marketplaces.
(Source: Digital Shadows)
The number of data records exposed in the first quarter of 2020 climbed sharply to 8.4 billion – that’s a 273% increase compared to first quarter of 2019.
At least 16 billion records, including credit card numbers, home addresses, phone numbers and other highly sensitive information have been exposed through data breaches since 2019.
The average ransom payment is $111,605, up 33% from the last quarter of 2019.
Approximately 60 million Americans are victims of identity theft every year – costing them around $15 billion annually.
(Source: Norton Security)
There will be a ransomware attack every 11 seconds by 2021. By that time, the global cost will be $20 billion yearly.
(Source: Cyber Security Ventures)
By 2023, cybercriminals will steal 33 billion records.
(Source: Norton Security)
Mobile device infection vectors have expanded and bypassed security protections, placing malicious apps in official app stores. One threat actor used an international corporation’s Mobile Device Management system to distribute malware to more than 75% of its managed mobile devices.
(Source: Check Point)
Increased reliance on public cloud storage due to the pandemic has led to an increase in attacks targeting sensitive cloud workloads and data.
(Source: Check Point)
Since the beginning of the year, more than 3,300 new domain names containing the word “Zoom” have been registered – and over 30% of these have activated an email server, which is an indication that they are being used to process phishing attacks.
Attackers are changing Domain Name System (DNS) settings in routers, pointing users to what they believe to be legitimate websites with a pop-up message containing COVID-19 information. However, once a user clicks, a fake coronavirus-related app with malware may be downloaded.
47% of all vulnerable devices on home networks are cameras. But don’t blame just your camera. An average U.S. household has 17 IoT devices, and most of them have some kind of vulnerability.
However, in an effort to trim expenses, 40% of global organizations have cut their cybersecurity budgets during COVID-19, although 56% of them plan to continue widespread remote work post-pandemic. Read how to properly protect remote workforces.
Cybercriminals are taking advantage of the massive uptick in unemployment across the United States. In a recent spear-phishing campaign, hackers send out fake resumes from purported job-seekers that actually spread banking credential-stealing malware.
Many states are warning unemployment applicants that their personal information may have been leaked. The exposed information included names, full social security numbers, banking details, addresses, number of dependents and more.
An aggressive business ID theft ring that formerly targeted small businesses nationwide is now using their resources to access pandemic assistance loans and unemployment benefits.
Phishing attacks targeting Netflix users has increased by a whopping 646% by attackers looking to capitalize on Netflix’s growth.
Netflix users have also reported receiving suspicious texts, offering them “free passes” to the streaming service if they click a specific link.
(Source: Business Insider)
Experts are sounding alarms about potential security risks related to the 2020 U.S. elections. Cybersecurity pros warn that hackers could infiltrate voter databases and election night reporting, for example.
(Source: The Washington Post)
The U.S. Department of Homeland Security says we should expect to see every intelligence service attempt to target and steal COVID-19 research and data – including Chinese-backed hackers targeting U.S. organizations working to develop vaccines for the virus.
Microsoft is warning of an ongoing COVID-19-themed phishing campaign that installs the NetSupport Manager remote administration tool. The massive campaign is spreading via malicious Excel attachments in emails pretending to be from the Johns Hopkins Center.
Google says it blocks 18 million COVID-19-related scam emails each day – not counting more than 240 million daily spam messages launched at Gmail users that try to capitalize on the coronavirus crisis.
Sadly, nearly 85% of people who post pictures of puppies online are apparently just trying to scam you out of money – charging victims for a pet that doesn’t even exist.
(Source: Better Business Bureau)
Believe it or not, fraudsters have even found a way to use the coronavirus pandemic for blackmail. Reports of phishing scams threatening to infect every member of a victim’s family with the virus are real and, quite frankly, disturbing.
That said, there has to be some good news, right?
The good news lies in the fact that trained and qualified cybersecurity experts are working around the clock to mitigate the majority of bad actor efforts. In fact, in February Amazon mitigated the biggest ever DDoS attack. That’s good news.
We have the technology to combat hackers – we just need the people. Currently, demand is greater for cybersecurity professionals than to the pool of candidates who can fill open positions. And that is only expected to grow. Microsoft data estimates that 6 million new cybersecurity jobs will be added in just 5 years. Are you up for the challenge?
Read more about Cybersecurity.