Cyber-Attacks Around And Post-Pandemic
The COVID 19 crisis has disrupted business operations and technology initiatives around the world, forcing rapid adoption of SaaS solutions and collaborative tools among organisations for their remote workers and off-site IT support. Office 365 and Microsoft Teams adoption has grown quickly as companies adjusted to public health mandates. However, the cyber mafias turning into opportunists came as no surprise. We saw a lot of innovations in the existing attacks. It all started with SPAM, which moved on to much sophisticated types of attacks.
Cybercriminals intensified their attack vectors by taking advantage of the widespread discussion of COVID-19 in emails and across the web. Our researchers have been observing a steady increase in the number of coronavirus COVID-19-related spear-phishing attacks since January and the numbers are just escalating quickly. Of the nearly 100,000 form-based attacks detected between January 1 and April 30, 2020, Google file sharing and storage web-sites were used in 65 percent of attacks, making up 4 percent of all spear-phishing attacks in the first four months of 2020. The attackers were taking advantage of the heightened focus on the virus outbreak to distribute malware, steal credentials, and scam users out of money.
Business owners must consider using monitoring or surveillance tools to get better insights and ensure that the employees are adhering to best practices for remote access security
As the attackers are constantly manipulating people's fear and uncertainty around the pandemic by launching sophisticated phishing attacks, Barracuda researchers identified a 667% increase in the number of coronavirus COVID-19-related spear-phishing attacks between February and March 2020. These attacks are using new narratives of the current pandemic topic in the form of email threats like business email compromise, conversation hijacking and brand impersonation. They are the hardest to detect. There is no doubt that the work-from-home culture has increased organisations' vulnerability towards security postures.
With a significant amount of employees suddenly working online with connected devices to unprotected home networks, the attack vectors have amplified. Cybercriminals are resorting to new tactics for launching attacks. For instance, in Barracuda's latest Threat Spotlight, our researchers identified that 6,170 malicious accounts that use Gmail, AOL, and other email services, have been responsible for over 100,000 Business Email Compromise (BEC) attacks in 2020 on nearly 6,600 organisations. The hackers are registering email accounts with legitimate services to use them to conduct impersonation and business email compromise attacks. Meanwhile, in June, we recognised a new variant of the cryptominer malware known as Golang that attacks web application frameworks and application servers. Earlier variants of this malware targeted only Linux machines, but this new iteration is also attacking Windows machines and using a new pool of exploits.
Effective Cybersecurity Measures For Preventing Security Breaches
Cyber mafias can target any endpoint that is less protected than the usual corporate desktops as distracted re-mote employees are more vulnerable to accidentally sending sensitive in-formation to the wrong people. While organisations can deploy cloud-enabled, enterprise-grade security solutions to protect their email domain, networks, data and applications, they will have to emphasise on a dedicated culture of security to safeguard all their entry points from the attackers.
To start with, business owners must consider using monitoring or surveillance tools to get better in-sights and ensure that the employees are adhering to best practices for remote access security. They should investigate the services used by the remote workers to send and receive files, and sensitive information from clients, and get them upgraded.
Meanwhile, business owners must crackdown on weak passwords and urge their workers to regularly update their login information. They can also restrict data access to workers for nonessential purposes and deploy an AI-based solution to keep up with the most sophisticated attacks like dangerous hacking vulnerabilities, ransomware, or other malicious activity from a third-party source.
Organisations can also micro-segment their network to build multiple boundaries for the attackers to cross before gaining access to another sub-set of data. These frontiers are created to only allow the minimum necessary services. Cloud-to-Cloud Backup is yet another real solution that can change the way oganisations protect their data. It provides comprehensive, cost-effective, scalable protection for all Office 365 data and securely backs up email, contacts, folders, schedules, and tasks, along with the OneDrive for Business, SharePoint, Groups, and Teams data, to the Cloud Storage.
User education is also vital in this scenario. So, organisations must engage their workforce in cybersecurity training that would help them track potential dangers in action. Corporate employees should be encouraged about ongoing security awareness training on current hacking trends and malware so that they eagerly participate in keeping the company data secure.