Back in March – seems like years ago now, doesn’t it?– the biggest technology hurdle most people and companies faced was figuring out how Zoom works… and how to keep the Zoom-bombers out. Some more proactive or informed companies made sure they were using VPNs and virtual intranets to connect their employees without risking sensitive data breaches. But how times have changed.
The FBI is seeing a 75% spike in reports of cybercrimes – and they’re coming from new and unusual sources.
Stormin’ The Castle
As we’ve spent more and more time at home – with no end in sight for many workers – the attackers have also transitioned their efforts.
And that means that certain types of attacks are actually on the decline. If it weren’t for the spikes in other types of attacks (more on this in a moment), we’d be regaling you of stories of how Malware attacks are down by a third along with encrypted threats.
And Cryptojacking – once a huge problem as hackers, and even legitimate websites, stole processing power to line their pockets – is down twelve percent! I know that seems much smaller than the others, but cryptomining was already on the decline as we rolled into 2020 (although attacks did spike in March).
Let’s also be clear about what the percentages mean in context. We’re still looking at nearly 4 billion attacks of those styles, including new, creative alternatives, like a Cryptominer that not only jacks your processor, but destroys competing cryptojacking programs. Yes, it’s bittersweet.
And like most cyber attacks, the hackers redesign and rebrand their malware and bots to be more culturally specific. So we have Corona Anti-Locker Ultimate and Infostealer disguised as an email from the Centers for Disease Control. In fact, since February, there have been a couple dozen specific attacks “driven” by the desire for COVID-19 awareness.
But that’s just the tip of the iceberg, as they say.
Take Action Now
Watch the replay of our recent webinar: Cybersecurity for SMBs: 2020 Strikes Again
Request a Network Security Assessment (no cost or obligation)
Who Can You Trust?
Malware, spam and ransomware can now come not only from .exe files or .pdf files, but masked as just about ANY file format. In fact, Microsoft Office files surpassed PDFs, setting new records for malware variants. Just in the first six months of 2020, 315,395 NEW malware deviations have been discovered – almost as many were found for all of 2018!
This means you should continue to be extra careful about opening PDFs, but also DOCX, XLSX, PPTX, and other Microsoft Office files as well.
Since we’ve been locked in our homes, we’re more reliant on the Internet, and our computers have become more and more necessary. Online hackers, of course, quickly found new ways to take advantage of that need.
According to the FBI, kidnapping is on the decline. But the computer experts at SonicWall are showing that computer ransoming events – locking someone out of their computer until they pay a hefty fee – are growing. In fact, since the pandemic struck the United States, ransomware attacks have risen 109% – or an average of 22-million ransomed computers each month.
Experts say they’re not even using new exploits like the malware hackers. These are the same ransomware attacks as we’ve had for 10 years in some cases. The difference? The firewall at work versus the one on your home router. While some routers have decent firewalls, many consumers have no idea how to turn the protection on.
Intruder Alert!
The largest form of cyberattack is also on the rise. Intrusion attempts have risen nineteen percent – to a startling 2.3 trillion assaults in the past six months. Intrusion attempts are sometimes efforts to gain unsolicited access to your router or home network. But most are endeavors to login to or otherwise gain access to your website.
Intruders range from those who just want to do a denial of service attack, crippling your website for a time, to installing malware and Trojan horses that can then infect visitors to your site. These can also impact other sites on your server or on shared cloud server resources.
Small businesses are being targeted more often by these attacks. Hackers often find they can infiltrate and access customer and private client data and then use it for nefarious purposes, including selling to other “black hats” for their use.
These types of hackers or their bots tend to be more aggressive, as they generate more “bang for their buck” in spreading their diseased memory packets faster and farther than a COVID positive person during an sneezing fit.
No Man is an Island
The fastest growing trend in cyber-attacks is a group of malware specifically targeting what’s known as the Internet of Things. If that’s a new term for you, the Internet of Things, or IoT, is a catch-all phrase for devices that are not traditionally “on the Internet.”
So your laptop, desktop, cell phone and iPad? Those are devices you expect to be internet equipped.
But in many homes, even if you’re not aware of it, your smart TV, your refrigerator, lights, thermostat, doorbell, and even toaster are Internet-capable and fully connected. Sometimes even without you sharing your Wi-Fi password!
Some of these are connected through smart devices, like Google, Alexa, Siri, Echo, and Portal. If you can call out commands to your smart speaker, everything it controls is connected in some way. A majority of flat screen TV’s come with Roku or a similar system preinstalled, allowing you to watch Netflix, Amazon and Hulu without an external device. And that fridge that can automatically add something to your shopping list when it’s low – connected and with cameras and infrared installed. It’s like having a 1980’s SEAL Team in your kitchen.
Of course, as South Park demonstrated a couple years back, you don’t have to be all that intelligent to “hack” these smart speakers, including the ones in viewer’s homes.
Experts say some 31-billion IoT devices will be connected to the web this year, and in 5 years, almost triple that. And the majority of them – in homes and offices – are unsecured and vulnerable to attack. So far, there are more IoT attacks each month than all of 2018 & 2019 combined.
The most painful feature of IoT devices is that many of them cannot ever be updated with new firmware from their manufacturers.
Connected Apart
While Zoom has practically eclipsed Skype as the new vernacular for online meeting, you might be surprised to learn that it’s not the most popular or widely used online conferencing solution. At the beginning of the year, Google Hangouts led the pack, far and away from any competitors. It dropped considerably as Zoom emerged as an industry leader.
But when Zoom suffered several cyber attacks, not to mention the annoying Zoom-bombers, and didn’t react fast enough (probably because their engineers were working from home), the company took a hit.
Oddly enough, RingCentral, a cloud-based telephone provider was already making strides into the video conferencing world and managed to stay just about even with Zoom and is now pulling ahead.
Meanwhile, Zoho, WebEx, GoToMeeting, Discord, Microsoft Teams and now Amazon Chime have continued to battle it out for the scraps left behind, all striving for dominance in their niche and beyond. And we should probably mention Facebook’s Rooms, although they’re even less popular and prolific as their Portal devices. Still, we admire their many efforts to avoid obsolescence by diversifying.
All of this adds up to a need for stronger, more resilient web and server options for both businesses and homes. And while we here at CSi Networks focus more on the business side, we’re also assisting many work-at-home clients during this COVID crisis. If you want to make sure your business systems are secured and only those with authorization are accessing them, request a free network security assessment today. We’ll take a look at your whole system and let you know the best solution for your business needs!