2020 turned out to be extremely unusual in many ways. Has the nature of hacker attacks changed during the pandemic?
Cybercriminals have almost completely adjusted to the circumstances. They actively used all pandemic topics, companies, and topics that were most frequently exploited. Here you can start with phishing: during the pandemic, there were a huge number of mailings, sites with supposedly medical goods, information about the virus, information about incentive payments.
In addition, they actively attacked all services and companies that people most often used remotely: online cinemas, delivery services, services for conducting online classes. The hackers also exploited the fact that many companies were forced to transfer employees to remote locations.
Another interesting point - in the first quarter of 2020, hackers began to use new tactics.
Before encrypting victims' databases, attackers extract large amounts of commercial information and threaten to publish it if the ransom is not paid. Sometimes they do publish part of it. This information is a trump card for hackers: they know that companies will have to pay huge fines for information leakage, according to the GDPR legislation.
In other words, an additional stage is added to the attack - double extortion is obtained. This puts additional pressure on organizations and motivates hackers to comply.
“The reports of attacks on vaccine developers, medical centers and hospitals are alarmingly frequent in the press. Is this our new reality?
The coronavirus will not leave the news agenda any time soon, which means that attackers will use this topic and everything related to it - they always use the agenda for their attacks. Attacks on hospitals, research laboratories, especially during such a period, are an opportunity for attackers to get ransom or attention.
What is the purpose of cybercriminals attacking medical institutions? What do they want?
The goals can be different - both obtaining financial benefits, and causing harm, obtaining wide publicity. Medical records are sold on the dark web for up to $ 1,000 per record, so compromised electronic medical records are very attractive targets. Hospitals spend an average of $ 430 to remove each stolen medical record.
What are the consequences of such attacks - from the most harmless to critical?
“Ransomware has previously caused disruptions to hospitals around the world, endangering thousands of lives.
The next targets may be medical devices - insulin injectors, heart monitors, pacemakers.
Hospitals are very at risk. First, they have a huge number of unprotected life-support devices - there are 10 to 15 medical devices per bed, and the new smart beds monitor up to 35 indicators, including blood counts, oxygen levels and pressure. However, since many of these devices have been designed with little or no security in mind, they can have standard passwords, making it easy to hack by anyone with physical or network access.
Two other security concerns are insufficient user authentication and lack of encryption in wireless communications.
Secondly, we can talk about outdated operating systems - almost half of the connected medical devices run on unsupported operating systems that no longer receive security updates.
These include ultrasound machines, MRI scans, and more, making them extremely tempting targets for cyberattacks, such as ransomware.
Check Point researchers have demonstrated the ease with which an ultrasound machine running on an old Windows operating system can be hacked, revealing an entire database of patient images. Not surprisingly, there has been a 75% increase in ransomware attacks on healthcare facilities in recent months.
How has the attitude towards cybersecurity changed in connection with the transition to remote work? Have companies really started to pay more attention to it?
Many companies have redefined the role of information security in business. Those executives who did not fully understand the importance of technology are likely now to fully understand it. Security experts came to the fore: now it depended on them whether the company could maintain the same continuous efficiency in such extreme conditions as before.
Companies simply couldn't help but pay attention to cybersecurity.
The main threats to the business were and remain the leakage of confidential data and the penetration of intruders into the company's network.
Through one inattentive employee, attackers can gain access to all data. How the cybercriminals will then dispose of the received data is known only to them. The company could have lost important information, received a ransom demand, and so on.
Now cybersecurity experts can help businesses rethink their approach to work organization: for example, transfer most of the team to work from home and save on office rent.
Is it possible to ensure the total safety of an employee while he is working from home?
“When companies urgently switched their employees to work at home in the spring, it was impossible to immediately ensure complete cybersecurity.
The problems start with the fact that not every employer knows what a perfectly secure remote workplace looks like. And, of course, not every company is ready to provide such an ideal workplace.
Approximately 70-80% of users have worked with personal devices that they share with other family members.
And, according to our surveys, half of the devices did not even have basic protection.
We are increasingly aware of the risk of cyber threats. While in the physical world one infected person can infect an average of two people, which is considered very dangerous, in the cyber world one infected computer can penetrate 20-30 devices every second. Therefore, we need to make sure that we have the tools that can fight this, not the people because we cannot compete with the speed of cyber enterprises.
It is possible to ensure the complete security of a remote employee, but it will take some work.
This will be a serious test for information security teams. It is important to use business-grade security solutions: VPN to secure communications, solutions to protect smartphones and PCs. Not least is the level of cyber literacy of users. The human remains the most vulnerable factor in the entire system.
In order for remote work to be safe, an integrated approach is needed: both the use of business-level security solutions and work with your employees, a story about security rules.
Do you think the pandemic will affect the cyber defense strategy around the world? Will its principles change? What new technologies will be used in cybersecurity to protect against intruders?
Previously, it was important for companies to protect their local network, the perimeter - but now it no longer exists, the boundaries are very blurred. People work in the office, then go to the coffee shop and work there, and on the way home, they answer letters from their smartphone. Therefore, modern protection must be comprehensive, covering the entire IT infrastructure, it must combine technologies for the security of networks, workstations, clouds, IoT, mobile devices.
It is necessary to protect every gadget from which or with the help of which an employee enters the corporate network.
It will be important to change the mentality: many companies believe that if they quickly find an infection within the perimeter, then this is a success. In fact, this shows that they were late: it is impossible to allow intruders to enter the network at all.
What new challenges in the information security sphere await us in 2021?
COVID-19 has become a real "black swan" - an extremely rare but unusually serious event overnight disrupted business. What can be assumed for 2021? Firstly, since the coronavirus and the fight against it.
The study of the virus, work on vaccines and drugs - will continue to occupy humanity, then pharmaceutical companies working on the development of vaccines and drugs will most likely be attacked.
Secondly, while schoolchildren and students study from home, hackers are likely to be interested in distance learning systems as well.
Third, it can be expected that botnets will increasingly be used in attacks. Hackers have already transformed many existing malware applications into botnets to create armies of infected computers for cyberattacks.
The fourth expected point is that cyberwarfare will be at the global level. Microsoft researchers said that hackers in only three countries carried out 89% of national cyberattacks this year. The attacks were extremely widespread, and their targets were events of various levels - from elections to the Olympic Games. And also in 2021, we expect we expect an active use of deep fakes. They can be used to produce content that can manipulate people's opinions, stock prices, or much more serious things.
0 Comments