This Year’s Scariest Cybersecurity Threats

Halloween is, of course, known as the scariest holiday in America. However, the beauty of Halloween is its focus on scary pranks, costumes, and stories--which are all in good fun--as opposed to the true dangers of cyber threats that have run rampant, especially throughout the past year.

To put the vast number of cyber threats into perspective, the FBI has even reported “an astonishing 400% increase in the number of cybercrimes reported, and much of this increase is thanks to COVID-19. In fact, COVID-19 has been classified as the largest-ever cybersecurity threat.” Below is a closer look at some of this year’s scariest cyber threats.

Ransomware

It’s no secret that ransomware attacks have reached a never before seen high in the past year. These kinds of threats have actually gotten so bad that in some cases “businesses that pay ransoms to hackers will face civil penalties since ransom payments are seen as a form of encouragement for threat actors. So as if ransomware attacks and all their accompanying damage weren’t scary enough, now there are also civil penalties to think about too. A main cause of the spike is COVID-19. Hackers are using the public’s need for COVID-19 updates to lure them into clicking on fake emails with infected links or attachments that deposit ransomware on computers and devices.”

Hands-On Hacking

One of the most dangerous developments in cyber threats in the past year has been the increase in “hands-on hacking”, which is when hackers, instead of using programmed scripts for performing automated attacks, actively engage in malicious activity themselves. This level of sophistication used to be employed primarily by nation-state-backed hacking groups, but now it’s being regularly demonstrated by cyber-criminal gangs too.” The significant increase in this hands-on hacking can be traced back to the major shift to remote working amid the COVID-19 pandemic. During this current period of working from home, many threat actors are taking advantage of this working-from-home environment in an effort to gain access to private accounts, information or data.

Deepfakes

The infamous Deepfake technology is becoming an even more massive cybersecurity threat as well. Deep Fakes are growing in frequency and “in its potential to cause damage. It can create entirely fictional images or videos that are then used to harass and intimidate its victims, and it poses a threat to both the public and private sectors. For example, in the public sector, deepfakes can be used as political tools for dispensing misinformation. In the private sector, they can be used to disparage CEOs by making it look as if they did something egregious that could affect the company’s stock.”

Phishing attacks

Although this is nothing new, phishing attacks have been consistently growing exponentially throughout this year, making up over “80% of the reported security incidents. They also increased in sophistication and in the complexity of their payloads. Intensifying this problem is the current work-from-home (WFH) environment.” Hackers have continued to manipulate the increased focus on the Coronavirus in addition to the weakened WFH security to launch their attacks. While working from home, phishing attacks are cited as the most common cause of data breaches.

Cryptojacking

Sneaky malware Cryptojacking is designed to “harness a user’s computer power to help mine for cryptocurrencies. Mining requires huge amounts of computer power, so hackers try to hijack the power of other computers to help with the mining process. Cyber criminals are taking advantage of the expanded WFH workforce to target and compromise remote work tools, such as Zoom or Google Hangouts, and use them to install cryptojacking malware.” Once the malware is installed, these hackers known as cryptojackers can reduce computer performance, manipulate network security, and cause significant financial damage

Fighting cyber monsters

Despite this major increase in the number of dangerous cyber threats throughout 2020, when the right steps are taken, individuals and businesses alike can ensure they are protected by establishing some basic cybersecurity measures. Antivirus software, for example, has been called a “digital prophylactic...much like you would take medicine to ward off certain diseases, you should install antivirus software to ward off cyber attacks. For businesses with multiple devices, an endpoint antivirus is the wisest choice as endpoint solutions make sure software patches and security updates that contain important fixes to vulnerabilities are applied uniformly to all devices as soon as the patches and updates are released.” Another focal point that can have positive effects is cybersecurity awareness training. Cybersecurity awareness training is of the utmost importance for a multitude of organizations, their employees, and even for the typical individual user. Since most hacking attempts can start with phishing emails, it’s vital that people understand how to spot these kinds of threats and how to best respond when one is detected. Multi-factor authentication “requires users to provide at least two credentials before they can gain access to a device or resource. It is a highly reliable and effective method of blocking unauthorized access…[some of the best advice is to] be careful of downloads and attachments. This cannot be overstated. Never download software from unreliable or unfamiliar sources, and never open suspicious attachments or click on links sent from strangers.”

This past year’s cybersecurity threats have definitely been scary both in intensity and realistic dangers when it comes to the challenges, and financial or personal damages they can cause. That being said, individuals and organizations alike can protect their personal information, data, and computer networks by putting some of these basic cybersecurity measures into action.