The biggest security trend for 2020 has been the increase of COVID-19-related phishing and other attacks targeting remote workers. New York City, for example, has gone from having to protect 80,000 endpoints to around 750,000 endpoints in its threat management since work-from-home edicts took place.
As noted in a recent Check Point Software Technologies mid-year review, “The first impact of the pandemic was the proliferation of malware attacks that used social engineering techniques with COVID-19 thematic lures for the delivery stage.” Domain names were set up and parked with names relating to the pandemic. As workers started to use videoconferencing platforms, attacks moved to attacking Zoom, Teams and other videoconferencing platforms.
One disturbing trend is that 80% of the observed attacks in the first half of 2020 used vulnerabilities reported and registered in 2017 and earlier, according to the Check Point report, and more than 20% of the attacks used vulnerabilities that are at least seven years old. This showcases that we have a problem in keeping our software up to date.
Ransomware remains a big threat 2020, but what interested me in a recent SenseCy study was that the ransomware attacks it identified were not all triggered by Windows vulnerabilities. Attackers used vulnerabilities in tools used for remote access into Windows networks. These are the top four of the vulnerabilities the researchers identified:
