2020 in review. The Biggest Cyber Threats

2020 in review the biggest cyber threats - cybergate

2020 in review. The Biggest Cyber Threats

2020 in review. The Biggest Cyber Threats

‘2020 – a year to forget’ – this is a commonly used phrase to depict how last year was strange on multiple fronts with a number of curveballs that no one ever expected. From a technology perspective there were advancements and expedited digital transformations that were (surely) long overdue.

C-level executives agree that Covid-19 sped up digital transformation of organisations!

In this article we delve into the trends that emerged in the cyber security world during 2020.

Surge in online shopping (E-commerce)

Although a good number of retailers argue that the average spend per buyer was lower than usual during 2020, there was definitely a shift onto more online shopping. Companies heavily invested in e-commerce platforms, updated their websites to include an e-shop and enlisted their products / shops in e-malls and aggregator web platforms.

With such a sudden increase of online shopping a higher occurrence of DDoS attacks, credit card fraud, and malware (mostly through SQL Injection) were seen. A new phenomenon which was on the rise is e-skimming. E-Skimming is a method used by black hat hackers to steal personal data including credit card information. Commonly used tactics include cross-site scripting, misleading links to fraudulent payment pages and phishing attempts in the form of ‘order confirmation emails’ and/or ‘user account registration confirmation emails’.

In addition to the above, popular open source modules, plugins and frameworks had unpatched vulnerabilities which were exploited by hackers.

Working from home became the new normal

The coronavirus pandemic made remote working the new normal. Whole teams and workforces were asked to work-from-home to help control the spread of Covid-19 towards the end of quarter one last year – this has settled in as the norm (at least till now!). One thing’s for certain – the vast majority of businesses were not ready for such an abrupt change in the way of working.

From a number of projects we carried out last year we can confidently say that the biggest cyber threats related to remote working were:

  • Phishing attacks (whereby employees would be tricked into surrendering sensitive data like login credentials or to carry out tasks such as online payments to specific bank accounts)
  • Unsecure networks
  • Insecure devices like smartphones, tablets and laptops
  • Devices were not patched or kept up-to-date
  • Sharing of sensitive information without proper encryption

Keith Abela Fitzpatrick, Cybergate’s Business Development Director, would argue that “… companies of all kinds and sizes faced lack of digital hygiene. Over the last few months they faced more and more email-based threats and endpoint-security breaches. Using a VPN is not enough … and some businesses simply do not realise that.”

People spent record time online

The general public spent less time outdoors socialising and more time online trying to beat boredom (apart from the hours of teleworking), even more during the lockdown weeks.

Hackers were on a frenzy working their way to infiltrate systems, steal data, disrupt and damage organisations and subsequently asking for ransom funds. Various Trend analysis illustrate that the download of malicious software from deceptive websites was a common way via which attackers made their way into networks and systems. A number of scam campaigns were seen during 2020 with the most common one being the ‘Get the new iPhone’ scam. Clicking on strange popup adverts showing on screen was another hook which led to undesirable cyber incidents.

Users need to be educated and trained about all the risks, the commonly-used strategies by hackers and the resultant disasters their organisations endure. Recoveries are extremely expensive.

Sharp increase in the number of Botnets

During 2020 a considerable increase in the number of botnets was noticed. They constitute a serious threat to the Internet and web-based platforms like websites, SaaS and web apps. These are compromised machines that are interlinked to form a strong network of computers that can be used for large cyber attacks or to distribute malware to propagate. The ultimate aim of such attacks is to limit the availability of or to bring down a resource via distributed denial of service.

Looking ahead – 2021

After examining and analysing trends and patterns which unfolded over the past twelve-month period, Francesco Mifsud, Cybergate’s CTO, foresees the following as the major cyber threats for the new year:

  • Data leaks from misconfigurations in cloud infrastructures
  • Quantum computing leaps that could threaten the efficacy cryptography
  • Mass hacking of Internet of Things (IoT) devices
  • And last but certainly not least Social Engineering such as sophisticated and tailored phishing attacks.

Unfortunately technology advancements are used wrongly and maliciously all over the world the whole time. We firmly believe that businesses will become more dependent on technology, more digitally-driven and employees will have more flexibility to work outside of the office environment – these trends will provide more attack surface to hackers to carry out their ever-sophisticated attacks and breaches. Solid infrastructures, up-to-date procedures and continual awareness and education form the equation for sound cyber security.

    We are here to help

    francesco mifsud cybergate your cyber security partner
    Francesco Mifsud
    [email protected]

    I live and breathe cyber security and everything else in the discipline. With around a decade of experience in the industry I have had the opportunity to develop skills in penetration testing, cloud security, reverse engineering & exploit development, application security engineering, management and organisation-wide cyber security strategy. I hold a well-rounded set of security certifications such as OSCP, eWPTX and CISSP and have delivered training & workshops at some of the most prestigious hacking conferences such as DEF CON, BRU CON, BSides London and BSides Manchester.