Top Most Cyberattacks in the year of 2020

Snow

With more than 2,000 publicly disclosed data breaches in the first half of 2020, cyber attacks pose a massive threat to organisations of all sizes.

As the Covid-19 continues to spread across the world, it has compelled almost everyone to be confined at home, which led to increasing numbers of users relying on the internet for work and services. The corona virus pandemic has also led organizations to adopt new ways of working; which led to employees rely on basic networking and cloud services for data privacy.

These factors have opened more windows of opportunity for cyber criminals to take advantage of the situation and make more money or create disruption.

we explore five of the most common cyber attack methods and discuss what you can do to protect your organisation.

Phishing

2019 State of the Phish Report found that 83% of respondents experienced a phishing attack in 2018 (up from 76% in 2017) and 2019 Data Breach Investigations Report revealed that 32% of data breaches involved phishing.

Types of Phishing

There are many types of phishing, including:

  • Vishing: Voice phishing or ‘vishing’ is a type of phishing conducted by phone. Most vishing attempts try to get the victim to reveal information like PINs payment card details and passwords. Criminals then use those details to access online accounts to steal information or money.
  • Smishing: SMS phishing or ‘smishing’ is becoming a more popular form of phishing partly because we increasingly rely on smartphones in both our work and personal lives.
  • Spear phishing: Spear phishing is a targeted form of phishing attack – usually conducted to seek financial gain or obtain insider information – where cyber criminals adapt their methods to reach a specific victim. Spear phishing attacks are rarely random – instead they are most often conducted by perpetrators seeking financial gain or insider information.

Ransomware

Ransomware is a type of malicious software designed to deny access to files until, or threaten to publish the victim’s data unless, a ransom is paid (although there is no guarantee that access will be restored, or that the criminal hacker will destroy the data).

The threat is growing. The 2019 Official Annual Cybercrime Report predicts that a business will fall victim to a ransomware attack every 14 seconds in 2019, and every 11 seconds by 2021.

DDoS Attacks

A DDoS (distributed denial-of-service) attack attempts to disrupt regular web traffic and take a site offline by overwhelming a system, server or network with more access requests than it can handle.

DDoS attacks typically serve one of two purposes:

  • An act of revenge against an organisation.
  • A distraction that allows cyber criminals to break into the organisation while it focuses on restoring its website.

Computer viruses

Much like a flu virus, it is designed to spread from one computer to another (but without the user’s knowledge) by:

  • Opening an infected email attachment;
  • Clicking an infected executable file;
  • Visiting an infected website;
  • Viewing an infected website advertisement; or
  • Plugging in infected removable storage devices (e.g. USBs).

Attack Vectors

There are four main types of attack vector:

  • Drive by

A drive-by cyber attack targets a user through their Internet browser, installing malware on their computer as soon as they visit an infected website.

  • MITM

A MITM attack is where an attacker alters the communication between two users, impersonating both victims to manipulate them and gain access to their data. The users are not aware that they are communicating with an attacker rather than each other.

  • Zero-day attack

Outdated (unpatched) software often contains vulnerabilities that criminal hackers can use to bring entire systems down. Where they exploit a vulnerability made public before a patch or solution has been rolled out by the developer, this is referred to as a zero-day attack.