Every year, cyber security firm Webroot publishes Threat Reports, detailing the landscape of malware, phishing and hacking and how it is evolving. The report tracks trends in reported security threats and gives us insight into where cyber criminals might be focusing their attention in the future. As 2021 comes to a close, it’s a good time to take a look back at the year in security, through the lens of the Webroot’s 2021 Threat Report.
Ransomware
The last year abounded with high profile ransomware attacks, crippling some major industry players, and effecting commodity prices at a scale we’ve not previously seen. One thing is clear: ransomware isn’t the product of a few bad hackers; it’s become a lucrative cottage industry for a growing community of cyber criminals. Ransom demands have steadily increased over the last several years, reflecting the careful sourcing and targeting of crucial data in critical sectors, such as health care, education, municipal government, and logistics. We’ve also seen the rise of so-called “Ransomware-as-a-service” models, where would-be cyber criminals can purchase malicious code, ransom collection services and botnets to deploy attacks to targets of their choice. The takeaway from all of this is simple: every organization, no matter the size, needs to maintain a secure backup which can be restored in the event of an encryption attack.
Cryptojacking
The rise in popularity of cryptocurrency has been accompanied by malicious code known as “cryptojackers.” Essentially, these are viruses that divert some of your computer’s processing power to mining cryptocurrencies for someone else. Victims might not have any indication that their processor or graphics card are being coopted by a mining operation until their computer slows down, or their electrical bill increases. Browser based cryptojacking was once the most popular method, but as browser companies have tightened their security, illicit miners have moved to executable-based payloads as a way of spreading their software.
Phishing
Phishing remains the most popular and effective vector of attack on organizational networks, as it exploits the weakest point in technological security: humans. Scammers took advantage of the pandemic in their social engineering, spamming phishing emails purporting to be from Amazon, Fedex, PayPal, Zoom, Netflix and other services that have flourished since the advent of the Coronavirus outbreak. The most impersonated phishing targets are eBay, Apple, Microsoft, Facebook and Google, reflecting the ubiquity of these services in the lives of many consumers.
Mitigation
What can businesses do to offset risk in an increasingly online world? Partnering with a trusted IT firm is a good start. Make sure 2-factor authentication is the default within your organization. Ensure you have a system for reliable, secure, off-site backups. If you have not spoken to your staff about email security and phishing, be sure to do so soon and make plans for periodic refresher training. There are also new and effective phishing countermeasure solutions, such as Mimecast, which will drastically reduce the risks of phishing attacks and the amount of spam inundating workers.
Cybercriminals never stop learning and developing new tactics and unfortunately, they are making that everyone else’s problem. If you need a trusted, local partner to help you secure your IT infrastructure for the year to come, be sure to give us a call at Mankato Computer Technology.