2021’s “Most Wanted” Cybercrimes: Top 5 Security Threats to Watch Out for in the New Year
Crime never sleeps – but it evolves. After the last two years, that marked ransomware, business email compromise (BEC) fraud and an increase in targeted attacks against companies of all sizes, 2020 has racked up a sizable list of cyberthreats to keep an eye on.
Here is our list of the 2021’s Top 5 “Most Wanted” Cyberthreats:
Phishing scams are a well-known threat leveraging social engineering to trick targets to give up personal information. But fraudsters are turning to new tactics. One of these – Mobile-first phishing – is expected to rise in 2021.
In a recent example, phishing links were sent to users via email, masquerading as messages from Verizon Customer Support and tailored to mobile viewing. When the malicious URL was opened on a desktop, it looked sloppy and obviously not legitimate – however, when opened on a mobile device, it looked like what you would expect from a Verizon customer support application.
Cybercriminals know that users are not yet conditioned to distrust mobile interactions – for now. So, make sure that your user security training underscores this point.
Data Breach Bonanza
There’s no question that data breaches have gotten out of control. In the third quarter of 2019, the total number of breaches was up , and the total number of records exposed more than doubled, up 112 percent, according to industry statistics. In 2020, cybercrime is up over 400% since the start of the COVID-19 pandemic. In 2021, there’s no sign of a waning appetite on the part of cybercrooks bent on carrying out fraud and identity theft. Demand on the Dark Web for a record containing sensitive, personally identifiable information (PII) is at an all-time high.
If you house sensitive customer or partner records, these need to be safeguarded like the crown jewels they are. All too often, criminals are getting into data vaults by way of network compromise, such as:
Credentials spilled online
Poor password management
Inadvertent misconfigurations of internet-facing databases
Tidying up these basics, can help your data from becoming easy pickings.
January 2021 brings the end-of-life for Windows Server 2008 and Windows 7. Millions of devices are still running these operating systems, but any vulnerabilities that come to light won’t be patched because Microsoft will cease to support them. The only way to fix this is to replace the operating systems entirely – a costly and potentially difficult proposition for companies of any size.
Criminals know these operating systems won’t disappear overnight, so they’ll be targeted by bug-hunting attackers at an accelerated rate in 2021. Expect to see zero-day exploits as well as continued exploitation of a raft of known bugs these operating systems carry.
Cyberattacks are all about the weakest link, a chink in the armor. Increasingly the weak link is partner companies, third-party services and third-party devices. For instance, Delta and Sears were both compromised last year by attackers who targeted a weakness in a third-party customer-service chatbot platform. Similarly, in the case of the infamous Target breach, which impacted 70 million people, the attackers first compromised a HVAC contractor who had a data connection to the giant retailer for electronic billing.
2021 will be the year of supply-chain and vendor vulnerability, as these kinds of weak links proliferate thanks to the hyperconnectivity that comes with cloud migrations, the advent of 5G, the internet of things (IoT) and more. You’ll need to have strict controls and visibility into not only your own security posture, but that of your vendors and partners, too.
Impersonation fraud is already a problem, and 2021 will bring more, but threat actors will refine their strategies and start to impersonate users using “deepfake” technology. Deepfakes are created using artificial intelligence. Examples include swapping in a new face onto video footage so that it looks legitimate or creating audio imitating someone’s voice to a tee.
As you can imagine, this opens the door to a range of attacks. Cybercrooks recently successfully fooled a company into a large wire transfer using an AI-powered deep fake of a chief executive’s voice, for instance. Researchers say deep-fake tech is getting better and better – to the point where biometric hacking using compromised data and malicious artificial intelligence to impersonate an identity is not too far off.
Researchers are trying to fight fire with fire, using AI to detect these fabrications. Meanwhile, one of the immediate measures to take is to educate your staff of the existence of deepfakes and put in place verification procedures for high-value or sensitive disclosures, such as financial transfers.
There you have it: cybersecurity’s “most wanted” list for 2021. That’s just the top five – many more emerging security threats exist. If that fact scares you, then good – it should. 2021 may be a new year, but remember, old adversaries aren’t going away – they’ll just have new tactics.
Ready to simplify cybersecurity in 2021?
Call us at (608) 467-4431, email us at: firstname.lastname@example.org or fill out the form below!