With all its haunted houses, elaborate costumes, scary pranks and ghoulish stories, Halloween is definitely the scariest holiday in the US. Of course, it’s all in good fun, which is why Halloween is such a beloved holiday. There’s nothing fun about cyber threats, however. They’re frightening and menacing, and they’re booming. The FBI reported an astonishing 400% increase in the number of cyber crimes reported, and much of this increase is thanks to COVID-19. In fact, COVID-19 has been classified as the largest-ever cybersecurity threat. Here then is a look at some of 2020’s scariest cyber threats.
Ransomware attacks have reached an unprecedented high this year and in fact, have gotten so bad that in some cases businesses that pay ransoms to hackers will face civil penalties, since ransom payments are seen as a form of encouragement for threat actors. So as if ransomware attacks and all their accompanying damage weren’t scary enough, now there are also civil penalties to think about too. A main cause of the spike is COVID-19. Hackers are using the public’s need for COVID-19 updates to lure them into clicking on fake emails with infected links or attachments that deposit ransomware on computers and devices.
Hackers are getting more hands on
One of the scariest and most impactful trends in cyber threats this year has been the increase in hands-on hacking, which is when hackers, instead of using programmed scripts for performing automated attacks, actively engage in malicious activity themselves. This level of sophistication used to be employed primarily by nation-state-backed hacking groups, but now it’s being regularly demonstrated by cyber-criminal gangs too. The rise in hands-on hacking can be attributed in large part to the explosion in remote workers brought on by COVID-19. Threat actors are exploiting the remote work environment to gain access to accounts and networks.
Deepfake technology is becoming a massive cybersecurity threat too; it’s growing in frequency and in its potential to cause damage. It can create entirely fictional images or videos that are then used to harass and intimidate its victims, and it poses a threat to both the public and private sectors. For example, in the public sector, deepfakes can be used as political tools for dispensing misinformation. In the private sector, they can be used to disparage CEOs by making it look as if they did something egregious that could affect the company’s stock.
Not new, but still frightful, phishing attacks have grown exponentially in 2020, accounting for more than 80% of the reported security incidents. They also increased in sophistication and in the complexity of their payloads. Intensifying this problem is the current work-from-home (WFH) environment. Hackers are taking advantage of the
heightened focus on COVID-19 and weaker WFH security to launch their attacks. Phishing attacks are the most common source of data breaches while working from home.
This sneaky malware is designed to harness a user’s computer power to help mine for cryptocurrencies. Mining requires huge amounts of computer power, so hackers try to hijack the power of other computers to help with the mining process. Cyber criminals are taking advantage of the expanded WFH workforce to target and compromise remote work tools, such as Zoom or Google Hangouts, and use them to install cryptojacking malware. Once installed, cryptojackers can dramatically diminish computer performance, compromise networks and devices, and cause serious financial damage.
Fighting cyber monsters
Despite the increasing number of hair-raising cyber threats, individuals and businesses can protect themselves simply by having some basic cybersecurity measures in place.
Start with an antivirus. Antivirus software is your digital prophylactic. Much like you would take medicine to ward off certain diseases, you should install antivirus software to ward off cyber attacks. For businesses with multiple devices, an endpoint antivirus is the wisest choice as endpoint solutions make sure software patches and security updates that contain important fixes to vulnerabilities are applied uniformly to all devices as soon as the patches and updates are released.
Cybersecurity awareness training. Cybersecurity awareness training is important for organizations and their employees, and for the individual user. Most hacks start with phishing emails, so everyone needs to know how to spot these attacks and how to respond when one is suspected.
Multi-factor authentication**.** Multi-factor authentication requires users to provide at least two credentials before they can gain access to a device or resource. It is a highly reliable and effective method of blocking unauthorized access.
Be careful of downloads and attachments**.** This cannot be overstated. Never download software from unreliable or unfamiliar sources, and never open suspicious attachments or click on links sent from strangers.
Keeping creepy off your computers
2020’s cybersecurity threats have been intense, dangerous, and downright scary and they continue to present extreme challenges to our digital security. However, individuals and businesses can secure their computers, data, and networks by implementing the basic cybersecurity measures mentioned above. These simple measures are essential to keeping creepy threat actors and cyber attacks away from your computers.