If we are to describe the last couple of years, “unprecedented times” is such an understatement. We have gone through a lot of dramatic events and perhaps there is no need to remind them all here. Yet, the pandemic, with its digital transformation and change in consumer behavior, has created the perfect ground for the opportunists to take advantage of the chaos in the world. Hence, they created more damage, security issues, and victims.
Indeed, we should always look forward, but for this article, we will go one step backwards, more precisely in 2021. We will review some of the most significant data breaches and cyber threats, and the most poignant facts and figures. However, all these security incidents do not go by without their related learnings. Concepts such as security awareness, business protection, mitigating user risks or incident prevention are just few of the things that businesses should mainly take into account even before becoming a security victim. We will also take a closer look at the affected players and impacted industries in Europe and the knowledge and insights we can gather from that. These will be addressed in two different follow-up parts that complete this article.
The equation behind sophisticated attacks
Once the coronavirus spread, a massive shift from the offline to the online world occurred. More businesses relied on “everything” digital and the internet to conduct their usual activities. However, many were not entirely prepared nor familiar with the virtual medium. This created lots of loopholes for cybercriminals to exploit.
For instance, retailers faced disruptions to the global supply chain, economic uncertainty, store closure, especially the brick-and-mortar stores. On top of that, independent retailers, smaller grocers and nationwide chains had little incentive for investments in automation technologies. Thus, they struggled to keep pace with digitization, creating order and delivery delays, manual checking, clogged ports or overwhelmed factories. And the bigger the chaos, the more opportunities for fraudulent activities.
Other vulnerabilities were created in the financial services sector. Businesses had huge customer requests for contactless payments, mobile financial services or loan technology. While they had to tend to these needs, fintech innovations did not come without a price. We saw a spike in online payments during that period, which consequently led to a spike in online fraud.
In the educational space, digitizing the infrastructure of schools and universities has been an ongoing process. But the COVID-19 onset accelerated the move towards online courses, trainings and bootcamps. Also, the healthcare industry had to rapidly adapt to remote health monitoring and telehealth services. At the same time, government authorities loosened privacy regulations to allow more comprehensive remote diagnostics. Enabling digital alternatives to both the educational and healthcare systems created a space where private information like credentials, passwords or geolocation data was stocked online. And this only means a space for cyberattackers to perform their job.
The “what”: Types of security incidents
“Security incidents” is an old but terrifying tale. For attackers, however, a system vulnerability is the perfect ground to explore and benefit from. These vulnerabilities ultimately lead to security incidents. They can be either caused by mistake (e.g. via data breaches that leak personal information) or by a criminal deed/cyberattack/malware (e.g. an insufficient security wall being hacked). The 2021 Thales Data Threat Report suggests that in 2020, 58% of companies experienced a security breach, while 47% saw an increase in cyberattacks. As these types of attacks grew in number and sophistication, we will further define the most significant types of cyber threats that saw a spike in 2021:
- Ransomware – malicious attack where an organization’s data is encrypted and exorbitant demands and payments are required to restore access. We must distinguish this form of intrusion from those incidents such as password theft or account takeover that are usually harder to detect;
- Malware – malicious software created to damage, disrupt or gain unauthorized device access;
- Cryptojacking or hidden cryptomining – unauthorized use of people’s computers, smartphones or tablets to generate cryptocurrency;
- Social engineering attacks – via techniques like phishing, smishing or spam. The intent is to steal passwords or credit card data, or to deliver malware on the victim’s device and act as an entry point for more complex attacks. Here we distinguish: phishing targeting cloud resources and platforms, cryptocurrency-related attempts (e.g. fake crypto exchanges either call for investments to gain access to an account that supposedly contains complementary currency or fake sites that offer COVID-19 vaccines in exchange for digital currencies), or Microsoft Office spear phishing (e.g. Microsoft 365 credentials are harvested after accessing a hyperlink to a fake website);
- Data breaches and leaks – the release of confidential or protected data to an untrusted environment;
- Distributed denial of service (DDoS) attacks – users are prevented from accessing relevant information, services and other resources;
- Supply chain threats – strategy targeting an organization’s vulnerabilities in its supply chain with the potential to induce cascading effects.
For us, cybersecurity is a long-term goal and for this reason, we created the 360 Security solution to ensure continuous integrated safety at various layers in our clients’ web infrastructure. This solution includes different modules that are meant to cover the application attack surface. Thus, the Dynamic Application Security Testing (DAST) module replicates external attacks and malicious user behavior. It also finds vulnerabilities like SQL injection or XSS (Cross-Site-Scripting). On the other hand, the Static Application Security Testing (SAST) module identifies security issues directly into the source code. This means that the development teams do not have to run the application, but instead remove flaws quickly and efficiently.
The “why”: Cybercriminals follow the numbers
Considering the above, it is no surprise that we have seen an increase in attacks ranging from phishing to sophisticated bots or supply chain management attacks. In fact, ScamWatch reports a total of USD 323 723 459 lost in scams involving: phishing, identity theft, online shopping, remote access, hacking, investments and many more.
According to Kaspersky Security Network (KSN), by Q1 2021, 70% of those who used the internet on their computers in the EU experienced at least one malware-class attack. 56,877 users were attacked by ransomware, while 132,656 were attacked by miners, and the list goes on.
Q3 2021, however, recorded 266 security incidents and 185 721 284 breach records.
Thus, it is paramount to recognize that a strong fraud prevention and monitor suit is mandatory in each business. Our Automated Ticket Creation for Vulnerabilities module, part of the 360 Security solution, helps identify security vulnerabilities and false positives. Once our scanning engines spot and eliminate these issues, tickets are automatically created in the project tracking platforms for a better visibility and management track.
The “where”: Geographies affected
Cybercrime took the world by storm, with huge spikes in banking threats, malware for ATMs and payment terminals. Cyprus and Bulgaria were EU leaders in countries targeted by financial malware, while Greece ranked number 3.
When it comes to ransomware Trojans, 56,877 users were targeted, comprising 12,358 corporate users and 2,274 associated with small and medium-sized businesses. Greece scored the first place in EU countries, followed closely by Cyprus and Portugal.
Phishing still constitutes a major issue nowadays, but 2021 saw a number of 86 584 675 phishing attempts in the EU. This represented 21.89% of all phishing attacks around the world during Q1. The top 3 geographical areas most affected by phishing were: Portugal, leading the pack, followed closely by France and Belgium.
As hackers are always up to date with the latest global trends, there is no doubt that they will immediately act to reach their goals whenever any opportunity arises. They have the necessary advanced tools and technical knowledge to launch new attacks within minutes. Cybercriminals already proved that they can conduct attacks no matter the circumstance, location, or method they use.
We will continue this article in a coming-soon second part that will tackle the most affected industries and sectors within the industry. We will see what should be done to overcome these malicious incidents. And while businesses need to stay one step ahead of bad actors, our Zitec security experts are constantly prepared and open to discuss any security-related aspects to protect your organization.
Feel free to get in touch with us!