Has your inbox been battered by phishing attempts this year?
- Pandemic-related threats dominated the first half of the year
- Nearly 93% of COVID-19-linked cyber threats were delivered by email
The first six months were dominated by an explosion in cyber threats. With a huge segment of the worldwide population spending much more of their time online, the situation proved fertile hunting ground for cybercriminals.
Within two and half weeks of curfews being imposed in Malaysia, a total of 838 cybersecurity incidents were reported involving both individuals and businesses, according to CyberSecurity Malaysia. This was a massive 82.5% hike in cyberattacks compared to the same period just a year ago.
Similar trends were observed globally in early 2020, with a slew of COVID-19-themed intrusions, with Trend Micro detecting nearly 9 million COVID-19-related threats between January and June.
Each of these featured a diverse mix of “lures” to bait unsuspecting victims. Websites and malicious apps were launched, each purporting to provide pandemic-related information sources. Supposed aid relief platforms sprang up, confusing users into clicking and potentially exposing their connected network and data points to malicious malware.
But far and away the most common attack mechanisms in 2020 were phishing, malware, and ransomware spam messages that were transmitted via email. Trend Micro’s midyear report indicated that of the 8.8 billion COVID-19-linked threats that the cybersecurity firm blocked during the six months surveyed, almost 93% were via email.
When it came to workplace-related intrusions – where the goal of the bad actors may be to scam funds or valuable information from the organization rather than just the unsuspecting individual victim – business email compromise (BEC) detection numbers shot up 18% year-on-year.
The rise was attributed to adversaries attempting to take advantage of a weakened cybersecurity environment among newly-remote working staff, many of whom had never been trained in or had exposure to social engineering threats.
The sharp increase in the adoption of video conferencing apps and software to stay in communication over the last year saw hackers targeting platforms like Zoom ranging from innocuous pranks that came to be known as ‘Zoombombing’ to fully-fledged attacks where malicious software was bundled up with app installation packages and wreaked havoc on security systems.
There was also a huge spike in newly discovered vulnerabilities affecting global organizations, with a 74% increase in new threat advisories issued by Trend Micro, compared to six months prior.
It wasn’t just the white-collar workspaces that were affected. Trend Micro further observed a 16% increase in vulnerabilities disclosed within industrial control systems (ICS) compared to the first half of 2019. This is something that could create very serious challenges for smart factory owners and other organizations running Industrial Internet of Things (IIoT) capabilities.
“The pandemic has dominated all of our lives during the first half of 2020, but it’s not slowing down the cybercriminals,” said Goh Chee Hoh, the MD for Trend Micro Malaysia and Nascent Countries.
“IT leaders must continue to adapt their cybersecurity strategies to account for increased threats to their new normal. That means protecting remote endpoints, cloud systems, user credentials, and VPN systems, as well as refreshing training courses to turn that newly dispersed workforce into a more effective first line of defense.”