Cyber, Pandemic & IoT
This post highlights the increase in cyber-attacks in the past few years. It discusses the various ways and strategies followed by malicious attackers to take control over the system. Also exposing that due to COVID19-pandemic, how everything has changed with number of attacks increased many-fold due to work from home facility. In addition, Internet-of-Things (IoT) devices have made it more critical for cybersecurity providers to secure IoT environments.
Over the past few decades, there has been a dramatic increase in criminal activity in the cyber world. While cyber attackers are working on different strategies and developing codes to compromise the system, these assaults have resulted in data breaches posing a threat to government, industry, healthcare, and individuals at large. These attacks include:
- Accessing data through phishing.
- Sensing malware through an email attachment.
- Performing social-engineering-related activities.
- Lurking users to click on website links that have been infected with viruses.
Source: Checkpoint[2]
These types of cyber-attacks have become a cause of concern for a cybersecurity professional. Unfortunately, the COVID-19 pandemic has further exposed the way cybercriminals shook the global economy by disrupting businesses all over the world. According to a recent survey by Barracuda, 72% of organizations suffered at least one breach from an application vulnerability [3]. This acceleration in attacks was due to remote working, and the software being used for these attacks has become easier to execute; furthermore, ransomware attacks have risen rapidly and continue to increase in 2021[4]:
- Attacks in the US alone have increased 300% in the past nine months.
- More than 60% of ransomware attacks target industries with critical infrastructure, led by healthcare, utilities, and manufacturing.
- US utilities have been attacked 300 times every week with an increase of 50% in just two months.
A cyber statistic outlined below provides a global overview of hospitals' attack to private equity firms, every industry was a target during COVID-19 pandemic.
- In the first 100 days since the coronavirus outbreak, impersonation attacks related to COVID-19 grew 30% [5].
- Spikes in cyber-attacks have a direct correlation with pivotal days in the coronavirus pandemic. For example, on January 30th, the day the United States declared its first case of COVID-19, cyber-attacks went up 48% [6].
- In April 2020, Google blocked more than 18 million phishing emails related to COVID-19[7] daily.
- Since November 1st, 2020, there has been an increase of over 45% in the number of attacks seen against healthcare organizations globally, compared to an average 22% increase in attacks against other industry sectors [8].
- In 2020, over 86,600 newly observed hostnames (NOH) were published with keywords related to COVID-19 and were found to be high-risk or malicious [9].
During the pandemic, organizations asked their employees to work online due to health concerns and lockdown situations. There are hundreds of potential attack vectors currently at risk – and the fact that many of these are tied to at-home networks further complicates the situation. Internet of Things (IoT) devices have been at the center of the recent increase in enterprise cyberattacks [10]. Many IoT devices have few or no security features, and organizations often fail to follow best practices to mitigate the risks of device compromise. As IoT devices proliferate – and there may be some 74.5 billion devices by 2025 – it becomes even more critical to secure IoT environments and prevent breaches [11].
An Extreme Networks survey revealed that organizations remain highly vulnerable to IoT-based attacks. The research, which surveyed 540 security pros, found that 84% of organizations have IoT devices on their corporate networks. It also indicated that more than 50% of these organizations don't maintain necessary security measures beyond default passwords [12].
According to research conducted by Cybersecurity Ventures, cybersecurity experts have predicted that cybercrime will cost the global economy $6.1 trillion annually by 2021. With the pandemic serving as a catalyst, cybercrime is expected to become the world's third-largest economy soon. The remote work required by COVID-19 has only amplified security vulnerabilities to critical infrastructure. With no surprise, such a transition to online platforms is expected to cause new waves of security threats and attacks. While the pandemic continues to play out around the globe – and even after its eventual expiry – cybersecurity professionals must perform the utmost due diligence to avoid severe losses at the hands of an attacker. In these circumstances, extra precautions must be taken not only by the IT teams as they are scrambling to defend their networks, but a process also that's only become trickier as IoT device adoption has increased. Vigilance, ongoing cybersecurity training, and user awareness training that educates employees about good cyber hygiene should be considered mandatory.
References
[1]https://www.forbes.com/sites/zakdoffman/2019/09/14/dangerous-cyberattacks-on-iot-devices-up-300-in-2019-now-rampant-report-claims/?sh=75bab6255892
[2]https://blog.checkpoint.com/2020/04/07/a-perfect-storm-the-security-challenges-of-coronavirus-threats-and-mass-remote-working/
[3] https://cybersecuritynews.com/application-security-during-covid-19/
[4] https://www.weforum.org/agenda/2021/10/protecting-critical-infrastructure-from-cyber-pandemic/
[5] https://www.darkreading.com/threat-intelligence/attackers-adapt-techniques-to-pandemic-reality
[6]https://www.computerweekly.com/news/252481684/Coronavirus-Cyber-attacks-on-banks-seen-spiking-says- Carbon-Black
[7] https://www.bbc.com/news/technology-52319093
[8] https://blog.checkpoint.com/2021/01/05/attacks-targeting-healthcare-organizations-spike-globally-as-covid-19-cases-rise-again/
[9] https://unit42.paloaltonetworks.com/covid-19-cloud-threat-landscape/
[10] https://www.csoonline.com/article/3634869/top-cybersecurity-statistics-trends-and-facts.html
[11] https://iot-analytics.com/the-impact-of-covid-19-on-the-internet-of-things-part-2/
[12] https://www.iotworldtoday.com/2021/01/25/iot-security-trends-2021-covid-19-casts-long-shadow/