Written by: Jay H.
One of the biggest cybersecurity mistakes organizations make is thinking they are “too small” to be targeted by hackers. Every business is at risk of data breaches, malware, ransomware, or other cybercriminal attackers.
Yet, data shows that some industries are some susceptible than others. Mainly, industries such as healthcare, finance, and education have been prime targets for attackers over the year. While these industries are still lucrative targets, new research from software vendor Webroot analyzes growing cybersecurity threats and suggests attackers are going after new ‘lowest-hanging fruits.’
Malware Decline
The coronavirus wasn’t the only surprise of 2020: Webroot reported an unprecedented overall decline in malware from the previous year. This decrease is likely due to several factors. First, the pandemic had the largest impact on the decline. Also, improvements in security technology prevented malware from executing attacks. Furthermore, more PCs upgraded to Windows 10, which is more secure than its predecessors. Then, a newer trend shows attackers using Living off the Land Binaries, which exploit default Windows applications and require fewer malware executables. Finally, the Microsoft-coordinated takedown on the TrickBot trojan also disrupted operations.
It’s too early to celebrate, though. Webroot affirms that the decline is only temporary and that numbers will begin increasing once again.
Decline in Infected Business and Consumer PCs
Similarly, Webroot also reported a decline in the infection rates of business and consumer PCs in 2020.
“While 2019 saw 12.6% of consumer PCs and 7.8% of business PCs experiencing a malware infection at some point, these numbers plummeted in 2020 to 8.5% and 4.7% respectively,” the report explained. “That’s a 33% drop year-to-year for consumer and a 40% drop for business devices.”
A pattern emerged amongst infected PCs. Of consumer PCs infected in 2020, 53 percent saw more than one infection, and 17 percent saw over five. Similarly, of infected business PCs, 48 percent experienced more than one, and 13 percent more than five.
“Due to the way COVID-19 has altered the notion of work vs. home devices, it can be difficult to clarify these differences,” the report stated. “For many, our homes have become our offices. We use business PCs on home networks and use consumer PCs to perform business tasks, blurring the boundary lines that, in years past, have helped delineate risk.”
Another notable fact uncovered by the report was that PCs running Windows 7 were more susceptible to infections than Windows 10 PCs.
‘Lowest-Hanging Fruit’
Perhaps surprisingly, 2020 saw a shift in targeted industries. Although industries such as healthcare, education, government, and finance are still lucrative targets for cybercriminals, data shows cybercriminals are shifting their focus.
According to reported data, the industries with the highest infection rates are as follow, where the percentages represent the deviation from the average number of attacks by industry:
- Wholesale trade (up 32.2%)
- Mining/oil/gas (up 32.0%)
- Manufacturing (up 25.9%)
- Public administration (up 25.0%)
- Information (up 22.1%)
On the other end of the spectrum, the industries with the lowest infection rates were:
- Healthcare and social assistance (down 41.4%)
- Non-profit (down 31.5%)
- Arts, entertainment, and recreation (down 20.7%)
- Educational services (down 20.2%)
- Finance and insurance (down 16.5%)
Image: Webroot
The shift can likely be explained by evolving security from the usual targets. Cybercriminals usually target organizations with the weakest defences, i.e. they pick the lowest hanging fruit. Since industries such as healthcare, education, finance, and non-profits have been big targets for years, these industries have tightened their defences. So, attackers have shifted their focus to other industries that may not have the same protections in place.
This is not to say that those industries with the lowest infection rates are not still major targets for cybercriminals, but other industries need to ensure they are not also vulnerable.
Ransomware Flourished
Where malware may have faltered, ransomware became more prevalent than ever. Ransomware, which involves attackers encrypting their victims’ files and demanding payment for their release, evolved a new threatening tactic. Should businesses refuse to pay, attackers would publically post or misuse it.
Organizations in this situation have very few options. Depending on the nature of the data, public disclosure could be devastating for the company. Consequences of the breach include fines for violating privacy regulations, costs of downtime and recovery, and damaged reputation and consumer trust.
Attackers know how devastating their attacks can be, and ransom costs skyrocketed in 2020. In 2018, the average ransom payment was $6,733. In 2019, this increased over 1100 percent to $84,116. By the end of September 2020, this amount peaked at $233,817. However, by the end of 2020, it had dropped to $154,108. Whether this decrease is temporary or long-term remains to be seen.
Other Findings
The report also uncovered several other findings.
First, there was an extraordinary increase in malicious URLs largely due to increased phishing activity and the pandemic. These URLs include botnets, keyloggers and monitoring, malware sites, phishing, proxy avoidance and anonymizers, spam, and spyware and adware. 81 percent of all high-risk URLs were for phishing campaigns.
Cryptojacking, where attackers inject malicious JavaScript code into unsecured websites and “mine” cryptocurrency for the cybercriminals, experienced a decrease. However, Webroot expects to see this return as cryptocurrency values fluctuate.
Phishing attacks are still one of the most popular ways for attackers to distribute ransomware and malware. And with COVID-19 dominating last year’s headlines, criminals saw an opportunity to exploit the situation. Most malicious spam emails used COVID-related phishing lures, usually impersonating reputable organizations such as WHO and government institutions.
Recommendations
Webroot offered several recommendations for organizations to strengthen their cybersecurity, including:
- Providing security awareness training for all users.
- Using a multi-layered security strategy.
- Performing regular backups of systems and files.
- Utilizing threat intelligence and machine learning to prevent malware and network-layer attacks.
MSPs: Your Trusted Security Partner
At Design2Web IT, we know what cybercriminals’ tactics are. To protect your organization, we offer managed IT services including network security and remote tech support. To learn about how we can develop a comprehensive cybersecurity plan for your organization, contact us today.
Comments are closed.