The Biggest Trends in Cybersecurity We Saw in 2020

What were the most significant cybersecurity trends of 2020? As you might expect, they were closely tied to the prominent events of the time. The year 2020 could easily be summed up as one of great stress and anxiety. In early March, the COVID-19 global pandemic caused remote connections to become the “new normal”. There was an immediate pursuit for a vaccine to alleviate the strain on people infected with the virus and the healthcare system caring for those individuals. There was also the presidential election that raised new security concerns as the option for mail-in ballots became a heated debate. What we discovered about the cybersecurity trends of 2020 is that cybercriminals did not let up their ploys. Instead, they increased and even updated their tactics during an uncharacteristic year in which many organizations were simply just trying to stay afloat.

The following are five of the biggest trends in cybersecurity we saw in 2020:

• The technology used by remote workers became big targets.
• Email hacks continued to increase.
• The healthcare industry became the top target.
• Attacks on cloud solutions based on new strategies emerged.
• Ransomware attacks increased in specific industries.

The technology used by remote workers became big targets.

As our learning, working and socializing shifted to remote connections during the emergence of the COVID-19 pandemic, cybercriminals also shifted their tactics. Meeting applications such as Zoom gained popularity. Shortly thereafter, there were reports of threats related to the increased virtual activity. The Boston division of the FBI issued a warning in March of 2020 for users of video-teleconferencing (VTC) platforms to take measures to protect themselves from teleconferencing hijacking. As fingers continued to point to Zoom as the culprit, the company posted a message on their blog explaining that they “did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home.” Zoom eventually made some changes to their application. In early January 2021, the company released a new version 5.0 of its application that is supposed to address several of its security issues.

Videoconferencing wasn’t the only remote technology under attack in 2020. The Dark Nexus bot was first revealed in late 2019 but continued to evolve in 2020 and target a growing list (up to 1372 as of this writing) of Internet-of-Things (IoT) devices such as home routers. The bot initially exploited system vulnerabilities and then evolved to most recently using brute-force attacks on Telnet connections that used default credentials. Because the bot has been quickly spreading to IoT devices, cybersecurity professionals are concerned that its threat could extend to 2021.

Email hacks continued to increase.

In addition to remote technology, cybercriminals also continued to focus on a common target—business email. The COVID-19 crisis turned out to be a breeding ground for phishing attacks. One of the most staggering cybersecurity statistics is phishing attacks increased 220% in 2020. In the 2020 Phishing and Fraud Report, the application services and application delivery networking company F5 reports that while the usual tactics related to emotional appeal were observed, cyber criminals that chose this social engineering form of attack discovered new ways of submitting attacks.

One of the most notable email attacks was on the federal government. As reported by Reuters, the email system of several U.S. government offices, including the treasury and commerce departments, were infiltrated. It is believed that malicious code by a foreign agency was inserted into the government network during the automatic update processes and were undetected for several months. The Trump administration announced the attack in early December 2020, but details about the depth of the attack and the exact nature of the data was taken (if any) have yet to be communicated to the public.

The healthcare industry became the top target.

Healthcare is one of five industries most targeted by cybercriminals. It’s no surprise that since the COVID-19 pandemic, healthcare has moved to the number one spot. This became public knowledge in the middle of November 2020 when the American Hospital Association (AHA) reported that the Cybersecurity and Infrastructure Security Agency, FBI and Department of Health and Human Services were concerned about “credible, ongoing and persistent” threats.”

There were several major cyber attacks on the healthcare sector in 2020. The following are the two most notable:

• The UVM Health Network was forced to lock down their network for more than 30 days due to an attack that infected thousands of their computers. UVM brought in government cyber professionals to assist with restoring their systems. The organization estimated that their losses were about $1.5 million per day and would probably end up costing more than $50 million when the issue is resolved in 2021
• Between February and May 2020, nearly 50 health-related organizations that used the cloud computing vendor Blackbaud to store donor information were impacted by a ransomware attack that resulted in individual records being compromised; the largest impact being the more than 1 million Inova Health System records. The incident, which involved the cyber criminals gaining access to unencrypted data (including bank information, social security numbers, and log in credentials), led millions of the victims filing individual and class-action lawsuits against Blackbaud. The attack originated in early February and wasn’t discovered until late May 2020. Blackbaud is a cloud computing vendor for a variety of organizations. The company paid the ransom once they received confirmation that the exfiltrated (copied) data was destroyed. The company neglected to publicly disclose the amount of the ransom.

Attacks on cloud solutions based on new strategies emerged.

Health-related organizations aren’t the only organizations using cloud services. The benefits of reduced IT costs and increased accessibility are attractive benefits that have led many organizations to move to the cloud. As more organizations choose to move their critical data to cloud solutions, these systems are becoming bigger targets for hackers.

Given the increase in cloud system attacks, organizations are observing data for vulnerabilities. Research by Aqua Security of 16, 371 attacks on cloud systems that spanned June 2019 to July 2020 uncovered a new trend in cyber attacks on cloud solutions. While mining cryptocurrency continued to be the major aim of the attacks, a small amount (about 5%) in 2020 were used for a new purpose—setting up distributed-denial-of-service (DDoS) infrastructure. The research by Aqua shows that the miners were deployed as malicious image containers published on Docker Hub. This is a significant development because it signifies that cyber criminals are using more sophisticated means of infiltrating systems and are more interested in financial gain.

Docker defines a container image as “a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries, and settings.” It’s like a virtual machine in terms of its self-contained characteristic but differs in that it virtualizes an operating system instead of OS hardware. This new development environment will likely draw more malicious activity in the near future.

Ransomware attacks increased in specific industries.

A report by the cybersecurity company FireEye may have been wrong about predicting that the 2020 elections would stir up hackers to attack electoral systems, but they were right on the mark about ransom attacks continuing to be a problem. Halfway into 2020, there were about 11 major ransomware attacks that resulted in the victims of those attacks paying nearly $150 million to recover.

According to the IBM Security X-Force Threat Intelligence Index for 2020, ransomware was one of the top methods of attacks in the U.S. Not only were ransomware attacks up in 2020, but the malefactors used more bold attempts to force organizations to pay the ransoms. Global risk consulting firm Kroll reported that ransomware criminals set up websites exposing obtained personal data and, in many cases, sought to connect with the owners of that data directly which forced the organizations to alert customers and respond more quickly. Kroll reported that technology, healthcare, and professional services were the key target industries of ransomware attacks in 2020.

Conclusion

Understanding the trends in cybersecurity can provide some insight into what your organization can expect in the coming year. What is apparent from the uncharacteristic year of 2020 is that it is more important that your organization not only implement cybersecurity measures but make sure those measures are the “right” ones for your organization for a variety of technical situations. One of the side effects that the COVID-19 pandemic has had on businesses is that many had to scale down their workforce. This included cybersecurity professionals. There was already a great need for these professionals. The 2020 economic outlook meant that companies had to be more creative in how they planned for cybersecurity challenges. Is your organization prepared for the cybersecurity trends of 2021?

BACS is a cybersecurity firm ready to help you obtain an understanding of your organization’s needs and what you need to mitigate your cybersecurity risks in the coming years.