2019 showed that businesses of all sizes are not immune to cyberattacks. Hackers have developed new malware and techniques to infiltrate and steal corporate data hosted on traditional IT infrastructure, the cloud, mobile devices, and email platforms. As the year draws to a close, we look back at the most pressing cyberattacks of 2019, as well as rising cyberthreats for 2020.
Phishing attacks
Phishing remains the most widely used and most successful form of cyberattack because of its speed. In a Verizon report, phishing attacks were responsible for 32% of confirmed data breaches for the greater part of 2019. Phishing sites are difficult to catch because most of them only stay online for around four to five hours, and only 17% of all phishing attacks were reported by users.
Because of the abundance of phishing sites, only 65% of all URLs are seen to be safe and trustworthy. This had a negative impact on large and small- to medium-sized businesses (SMBs) with an online presence because consumers were second-guessing the safety of those sites. Phishing attacks are seen to be more advanced in 2020 due to the increasing number of new phishing kits being distributed on the dark web.
Ransomware attacks
In the first nine months of 2019, cybercriminals launched 491 ransomware attacks against healthcare providers, 62 attacks on school districts, and 68 attacks on municipal, county, and state entities. Hackers also targeted the software used by managed IT services providers (MSPs) to attack and steal their customers' data. Ransom demands have risen significantly, allowing cybercriminals to maximize their profits. The most popular mode of launching this attack was through email and Remote Desktop Protocol (RDP) attachments.
Attack on mobile devices
People store a lot of personal and business information on mobile devices like smartphones and tablets, which make them ideal targets. Banking malware was able to break through the mobile landscape, and 2019 saw an alarming rise in attacks by more than 50% compared to 2018. This type of malware was able to steal payment data, funds, and credentials from unsuspecting victims. It was also this year that two fake mobile applications were discovered in Google Play.
These apps were designed to monitor the motion sensors of various mobile devices to bypass security emulators. An Android Trojan with various evasion techniques called Gustuff was deployed last March and was engineered to turn off Google Protect. This malware was designed to specifically target customers of leading international banks.
Internet of Things (IoT)
The majority of IoT devices do not come with a user interface (UI), which gives people the false impression that they are not vulnerable to cyberattack. What most people don't know is that IoT devices can collect important user data just like most mobile devices today. They are not secure by design and can be exploited by cybercriminals to launch a distributed denial-of-service (DDoS) attack . With more and more homes using IoT devices, this type of cyberattack is likely to rise in 2020.
Artificial intelligence (AI)
Some businesses are starting to integrate AI into their processes to enhance productivity. Cybercriminals are also exploiting this technology to become more efficient. Here are some of the ways they are using AI to develop new cyberthreats.
- Evading cybersecurity – Hackers are now using AI to optimize and streamline evasion methods to avoid detection by even the most advanced security protocols.
- Phishing – Cybercriminals are looking into AI to assist them in creating content that can easily pass through most cybersecurity filters. Hackers are looking for ways to use AI to compose email messages that are almost indistinguishable from human writing.
With new advances in technology coming in 2020, protecting your company's data against cybercriminals should be your top priority. Here at Pact-One, we will provide your business with multiple layers of security to ensure your valuable data is safe during storage and transmission. If you're not sure where to take your first step in protecting your data, call us today and we'll help you get on the right track.