The threat landscape of cybersecurity changes daily, with hackers and cybersecurity professionals in a perpetual cat-and-mouse chase; hackers discover new ways to infiltrate and exploit their targets, and the cybersecurity industry looks for vulnerabilities, tries to anticipate new threats and responds when cyber security issues arise.
The cybersecurity industry faced a challenging combination of new and familiar challenges in 2020. The massive shift to work from home in response to the Covid-19 pandemic has meant a rush to secure a wider range of home devices and networks, and an instant spike in demand for training and services that protect employees in identifying attempted cyberattacks and scams.
In 2020, hackers actively exploited the Covid-19 pandemic as well as the resulting unemployment. Economic stimulus checks were targeted. Approximately 30% of phishing web pages were related to Covid-19. In April 2020, Google reported 18 million instances per day of malware and phishing email sent via its Gmail service using Covid-related topics as a lure.
While Covid-19 was unheard-of prior to 2020, most of the methods of attack used to target people this past year were all too familiar, either recycled or repurposed to monetize the fear of the pandemic. Phishing emails were a prevalent mode of attack, and they have been in circulation since at least the mid-1990s. Many of the contact tracing scams of 2020 similarly followed social engineering scripts that have been used in taxpayer identity theft schemes since the 1990s as well.
Ransomware was a relatively obscure form of malware until the early 2010s, but it has increased in scope and the amount of damage it has caused year after year, aided by a proliferation of botnets, cryptocurrencies, and sophisticated criminal enterprises. 2020 saw a record number of ransomware attacks, and we can expect more of the same in 2021.
While it is crucial to protect against more well-established hacking techniques, to invest in security training, and to follow good data hygiene, it is also necessary to look ahead to possible forms of cyberattack from newer and still developing vectors. And while 2021 is not likely to feature a host of new threats, there are trends to monitor.