Not so long ago, the buzz in cybersecurity circles was all about COVID-19 and how malicious actors were exploiting the panic via a wave of targeted phishing attempts. Well, much to everyone's relief, the trend didn't last long. Some of that is due to security firms getting the word out so quickly, and some of it is due to the general public becoming more aware of potential threats and behaving with more care as they encounter suspicious situations. But although the pandemic-fueled attacks didn't gain much traction, the bad guys didn't stop trying. They just started to shift their tactics back to some of the more tried-and-true methods they'd been using in the past. For that reason, businesses and individuals have to continue to keep their guard up in the face of innumerable . To help, here's a roundup of the latest data-identified trends in cybersecurity as 2020 winds down. threats to their data and digital privacy Ransomware and Credential Harvesting Dominate According to the recent Microsoft , the latest data indicates malicious actors ramping up attacks using ransomware and credential harvesting. That reflects a return to form following the brief spike in COVID-19 social engineering attacks, which turned out to peak in March and all but disappear by April. Digital Defense Report The most notable example of late came from Universal Health Services, a major hospital chain with over 400 facilities spread throughout the United States, United Kingdom, and Puerto Rico. They that knocked the majority of their network offline in late September – an attack from which they still haven't fully recovered from at the time of this writing. suffered a crippling ransomware attack And just days ago, reports started to surface about a shadowy international hacking group known as Bahamut, which was found to have engaged in operations. They're the latest in a long string of hacker-for-hire groups uncovered in recent years and an example of how effective credential harvesting is as an attack vector and why it's a constant go-to for hackers of all stripes. years-long target surveillance and credential harvesting Nation-States Increasing Attacks Although it should come as no surprise, the latest data also shows a dramatic uptick in state-sponsored cyberattacks in recent months. This is partly due to the US election season being in full swing, which always presents a target-rich environment for determined US adversaries. But this year it isn't just the election driving attacks. There's also some remaining blowback surrounding the COVID-19 pandemic. In fact, late July saw a coordinated, and private networks. The attacks are believed to be the work of China, as part of that country's pushback against international questions surrounding the origins of the COVID-19 virus. all-out assault on Australian government systems It was an attack that further highlighted that exist at the national level, as Australia continues to suffer from a shortage of cybersecurity professionals. That shortage remains despite a nationwide push to increase the availability of in recent years and mirrors a similar talent gap that exists in the US, EU, and elsewhere. cybersecurity vulnerabilities cybersecurity degree programs IoT Threats Proliferate Continuing a trend that's been building for the last few years, 2020 has seen a surge of attacks both on and using IoT devices. A recent highlighted this fact and pointed out that the sudden shift to work-from-home all around the world was a likely culprit. It also noted how many IoT botnets continue to cause trouble around the world, including some well-worn options like , Mukashi, and LeetHoser. report by Nozomi Networks Dark Nexus Even more troubling was a recent finding that some 98% of IoT devices continue to , further increasing their vulnerability to attack. That means we've likely just seen the tip of the iceberg concerning IoT takeovers and network penetrations. And with so many workers connecting to corporate resources while working from home, could soon turn into a major headache for big companies all around the globe. rely on unencrypted communications that staggering vulnerability What to Expect in 2021 As we enter 2021, it doesn't appear likely that any of the above trends are going to shift soon. There's every reason to believe that they'll continue well into this new year, barring any unforeseen changes in the technology landscape. The only thing that experts seem to agree on is that we're going to see the pace and ferocity of digital threats continue to increase. Most cybersecurity researchers expect that the pace of cyberattacks will increase, with businesses suffering an attack every 11 seconds – down from 17 seconds today. That translates to an increased attack volume of between 20%-40%, depending on which statistics you look at. That means already overwhelmed businesses, governments, and individuals are going to have their hands even more full in 2021. I'm sure that's not something anyone wants to hear at this point, but as they say, to be forewarned is to be forearmed. So be on guard for the types of attacks identified here – and get ready for an even tougher year to come. Images licensed via contributor's Adobe Stock license, by chinnarach, kras99, Bits and Splits.
